Forgó, Damjanovic & Partners Law Firm (registered seat: 1123 Budapest, Alkotás u. 17-19., Hungary) (“FDP“) informs you regarding the processing of your personal data, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).

1. The purpose and legal basis for data processing, the personal data processed, the duration of data processing, persons having access to data, data transfers

1.1 Job applicants

When applying to a job at FDP, FDP will process the following personal data, based on your consent provided according to your own discretion:

In such case, the legal basis of the data processing is your consent pursuant to Article 6 (1) a) of the GDPR which you express by sending in your application.

Your application can be considered by us only if you give your consent to that your personal data included in your CV can be processed by FDP related to the job advertisement and filling the relevant position.

The scope of persons (positions) having access to the data: office manager, members of FDP being involved in the recruitment process.

The data are not transferred to third parties.

If your application is successful, and you get the vacant position, FDP does not process further the personal data included in your CV for the purpose above, and it deletes this data in respect of this purpose. The data of the applicants who are not offered the position are deleted within 8 days following the recruitment decision, however, with the exception if you give your consent to the processing of this data for 6 months following the FDP informing you of the decision. FDP’s purpose for keeping the data for the six months will be to consider you for a vacant position and FDP will therefore be able to review the CV again and to contact you.

1.2 Data processing related to the performance of the mandates

If FDP and you or your employer enter into an attorney-client mandate agreement, for the purpose of performing such an agreement, FDP processes the following personal data:

In such cases, the grounds for the data processing is Article 6 (1) b) of the GDPR (performance of a contract), Article 6 (1) c) of the GDPR (compliance with a legal obligation).

The scope of persons (positions) having access to the data: the members, junior lawyers and the of-counsels of FDP; depending on the nature of the mandate, the access is restricted to certain members and employees of FDP.

The data processors providing IT background services have access to the personal data to the necessary extent.

Transfer of data does not take place. 

The duration of the data processing is 5 years or 10 years (Section 53 (3) and (5) of Act LXXVIII of 2017 on Legal Practice /”Act on Legal Practice”/). The data related to the mandate not included in the mentioned subsections are stored by FDP until the end of the limitation period.

1.3 Data processing related to the due diligence of the client

To the extent required by law, FDP processes the data below related to the due diligence of the client:

In such cases, the ground for data processing is Article 6 (1) c) of the GDPR (compliance with a legal obligation) and Sections 7-11 of the AML, and in certain cases Sections 17-21 of the AML.

The scope of persons (positions) having access to the data: the members, junior lawyers of FDP, and colleagues of our billing department.

The data are transferred in the cases prescribed by the AML (to the regional bar association under Section 74 (1), to the financial information division operating in the Hungarian Customs and Tax Authority (“HCTA”) under Section 75 (1) of the AML).

The data are not transferred to outside the EEA.

FDP stores the data for 8 years following the performance of the mandate (Section 56 (2) and 57 (2) of the AML).

1.4 Data processing related to client identification

To the extent required by law, FDP processes the data below related to the client identification:

In such cases, the grounds for data processing is Article (6) (1) c) of the GDPR (compliance with a legal obligation) and Sections 32-33 of the Act on Legal Practice.

The scope of persons (positions) having access to the data: the members, junior lawyers of FDP, and colleagues of our billing department.

The data are transferred in the cases prescribed by the Act on Legal Practice (Sections 30-31 of the AML) to the financial information division operating in the HCTA.

The data are not transferred outside the EEA.

FDP stores the data defined in Section 32 (3) of the Act on Legal Practice for the duration defined in Section 112 (2) of the Act on Legal Practice, and stores the data defined in Section 33 (2) of the Act on Legal Practice for 8 years following the performance of the mandate (Section 33 (7) of the Act on Legal Practice, Section 56 (2) and Section 57 (2) of the AML).

1.5 Data processing related to the case-recording

To the extent required by law, FDP processes the data below related to the registration of cases:

data defined in Section 53 (2) of the Act on Legal Practice

In such cases, the grounds for data processing is Article (6) (1) c) of the GDPR (compliance with a legal obligation) and Sections 32-33 of the Act on Legal Practice.

The scope of persons (positions) having access to the data: the members, junior lawyers of FDP, and colleagues of our billing department.

The data are transferred in the cases prescribed by the Act on Legal Practice (Section 53 (4) of the Act on Legal Practice).

The data are not transferred outside the EEA.

The duration of the data processing is 5 years or 10 years (Section 53 (3) and (5) of the Act on Legal Practice).

1.6 Data processing related to contracts concluded with business partners

If FDP and your employer concluded a contract, FDP processes the personal data of yours as a contact person for the purpose of the performance of the contract:

In such cases, the grounds for the data processing is Article 6 (1) b) of the GDPR (performance of a contract), Article 6 (1) c) of the GDPR (compliance with a legal obligation).

The scope of persons (positions) having access to the data: the members, junior lawyers of FDP, and colleagues of our billing department.

Transferring of data is not carried out.

FDP stores the data for 1 year following the change of the contact person.

 2. Storing of data and description of technical and organisational measures applied in order to maintain data safety

Your personal data are stored at the FDP’s registered seat (1123 Budapest, Alkotás u. 17-19., Hungary).

FDP applies all technical safety measures that can be reasonably expected to store the data in a safe way, not accessible to third parties.

An IT description of the safety measures, the technical and organizational measures taken to ensure the safety of data follows below: FDP’s IT system is protected by appropriate firewall, virus scanner and spam filter. All computers of FDP can only be accessed with a custom password.

FDP undertakes the appropriate protection measures, however, we call your attention to the fact that cyber-attacks cannot be prevented or combated in every case.

3. Your rights in connection with data processing:

In connection with data processing, you have the following rights:

a) right of access (Article 15 GDPR): You are entitled to obtain from FDP confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information contained herein.

Upon your request, FDP provides a copy of the personal data undergoing processing. For any further copies you request, FDP may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless you request otherwise, the information will be provided in a commonly used electronic form.

b) right to rectification (Article 16 GDPR): You have the right to obtain from FDP without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

c) right to erasure (Article 17 GDPR): You have the right to obtain from FDP the erasure of personal data concerning you without undue delay and FDP shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

– You object to the processing and there are no overriding legitimate grounds for the processing;

– the personal data have been unlawfully processed;

– the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which FDP is subject.

d) right to restriction of processing (Article 18 GDPR): You have the right to obtain from FDP restriction of processing where one of the following applies:

– You contest the accuracy of the personal data, for a period enabling FDP to verify the accuracy of the personal data;

– the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

– FDP no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.

e) right to receive information on the above rights (Article 12 GDPR): FDP provides you with information on action taken on your request as per clauses a)-e) above without undue delay and in any event within one month of receipt of your request. The information is provided in a concise, transparent, intelligible and easily accessible form. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. FDP informs you of any such extension within one month of receipt of the request, together with the reasons for the delay.

f) right to lodge a complaint (Article 77 GDPR): You have the right to file a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The complaint can be filed with the National Data Protection and Freedom of Information Authority (NAIH) (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.; telephone: +36 1 391 1400; fax: +36 1 391 1410; www.naih.huugyfelszolgalat@naih.hu).

g) right to judicial remedy (Article 79 GDPR): You have the right to judicial remedy where you consider that your rights under the GDPR have been infringed as a result of the processing of your personal data in non-compliance with the GDPR. Proceedings against FDP can be brought before the courts of the Member State where FDP has an establishment. Such proceedings may be brought before the courts of the Member State where you have your habitual residence.

h) Right to data portability (Article 20 GDPR): You have the right to receive personal data in respect of you which you have provided to FDP, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from FDP. Furthermore, you have the right to have the personal data transmitted directly from FDP to another data controller, where technically feasible.

4. You may request information on the processing of your personal data via the channels and from the person below:

You may request further information in connection with the processing of your personal data from Dr. Zoltán Forgó via mail (1123 Budapest, Alkotás u. 17-19., Hungary) or email (office@fdlaw.hu). Upon your request, verbal information may also be given, in which case minutes have to be taken. If you request verbal information (e.g. via phone), you are required to prove your identity towards FDP. If you wish to exercise your rights above, please contact Dr. Zoltán Forgó.