+36 70 541-88-12
Menu

Data Processing

Private Attorney Dr. Guseva Galina (hereinafter: “Attorney”, “Service Provider”, “Controller”), as the operator of the website available under the domain name www.guseva.eu (hereinafter: “Website”), hereby publishes information on the processing of personal data in the framework of the provision of services related to the Website, other services provided by the Controller and specified in this document.

Users visiting the Website and using the services of the Controller (hereinafter: the “User”) accept all the conditions contained in this data processing document (hereinafter: the “Regulation”), therefore, please read this Regulation carefully and completely before using the Website and services.

1. Controller

Dr. Galina Guseva Private Attorney (1146 Budapest, Aitoshi Dürer Avenue 27/A, floor 0, office 3., www.guseva.eu, mail@guseva.eu, tel: +36705418812, tax number: 79758824-1-42 ), as controller, accepts the contents of this brochure as binding.

The purpose of this Regulation is to set out the principles for the protection and processing of personal data, as well as the policy for the protection and processing of personal data applied by the Advocate.

Pursuant to Art. 37 para. (1) of the GDPR, the Advocate is not required to appoint a data protection officer.

2. Scope of the legislation on which the processing of personal data is based

  • Law No. 53 of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (hereinafter: “PMT”),
  • Law No. 52 of 2017 on the application of financial and property restrictive measures prescribed by the European Union and the UN Security Council,
  • Law No. 78 of 2017 on advocacy (hereinafter: “Adv”),
  • Law No. 112 of 2011 on the right to informational self-determination and freedom of information,
  • Regulation 2016/679/EU on the protection and processing of personal data of natural persons and on the free movement of such data, and repealing Regulation No. 95/46/EC (hereinafter: “GDPR”)

3. Principles of personal data processing

The lawyer undertakes that all processing of data related to his professional activities complies with the requirements set out in this Regulation, the GDPR and applicable national law. The lawyer makes every effort to protect the personal data of his clients and the personal data provided by them, as well as the rights of interested parties. The lawyer treats personal information confidentially and takes all security measures, as well as technical and organizational measures to ensure the security of personal data.

As part of the above, the Attorney takes appropriate steps to ensure that personal information about clients at any time

  • processed lawfully and fairly and on an appropriate legal basis (lawfulness, fairness and visibility);
  • collected only for specific, clear and legitimate purposes and not processed in a manner inconsistent with those purposes (purpose restrictions);
  • limited by relevance and relevance, as well as necessary for the purposes of data processing (data minimization);
  • be accurate and, where necessary, updated; where possible, inaccurate personal data is deleted or corrected without delay (accuracy);
  • kept in a form that allows customers to be identified only for as long as it is necessary for the purposes for which the personal data are processed; storage of personal data for a longer period should be carried out only for statistical purposes, subject to the implementation of appropriate technical and organizational measures (restriction on storage);
  • processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, through the application of appropriate technical or organizational measures (integrity and confidentiality).

At the same time, clients are obliged to ensure that data subjects, including persons specified in the agency agreement and acting on behalf of clients or other persons whose personal data are transferred to the Advocate, receive a privacy notice in accordance with Article 13 of the GDPR.

4. Definitions:

  • “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identified natural person is one who can be identified directly or indirectly, in particular by reference to one or more factors such as name, number, location, online identifier, or physical, physiological, genetic, mental, economic, cultural or the social identity of the identifiable natural person;
  • “data processing” means any operation or set of operations on personal data or files, whether automated or non-automated, such as collecting, recording, organizing, sorting, storing, transforming or modifying, retrieving, consulting, using, transmitting, distributing or otherwise agreement, interconnection, restriction, removal or destruction;
  • “restriction of data processing” means the marking of stored personal data with the aim of restricting their processing in the future;
  • “controller” means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or specific criteria for the appointment of the controller may be determined by Union or Member State law;
  • “processor” means any natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller;
  • “third party” means any natural or legal person, public authority, agency or any other body that is not the data subject, controller, processor or persons who, under the direct control of the controller or processor, are authorized to process personal data;
  • “data subject’s consent” means a voluntary, specific, conscious and unambiguous declaration of consent by the data subject to the processing of personal data concerning him by means of a declaration or an unequivocal statement;
  • “unauthorized access to personal data” means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to transmitted, stored or otherwise processed personal data;
  • “client”: those who are interested in the services of the Lawyer in person, on the Website, by phone or in any other way, or who have entered into an agency agreement with the Lawyer.

5. Scope of personal data, purpose, legal basis and duration of data processing

The processing of the lawyer’s data is based on contractual or legal obligations or voluntary consent.

The lawyer processes the following personal data of clients for the purposes listed below:

5.1. Interest in legal services by sending an email, in person, by phone or otherwise

(a) name: information necessary to identify the client,
(b) email address, telephone number: information required to contact the client later,
(c) subject of interest (for example, details of the planned transaction, other data relevant to the case): data necessary to clarify the interests of the client and an appropriate response based on the client’s own message.

The legal basis for data processing is the consent of the interested party. The data processing lasts for the period specified by the interested party or until the consent is withdrawn.

Personal data processed by the Advocate may be disclosed to subcontractors and employees of the Advocate to the extent necessary to achieve the purpose of data processing specified in this section.

5.2. Individual request for the cost of the service

(a) name: information necessary to identify the client
(b) email address, telephone number: information required to contact the client later,
(c) subject of interest (circumstances of the case covered by the possible order): data necessary to ascertain the customer’s interest and respond accordingly, based on the customer’s own communication.
The legal basis for data processing is the consent of the interested party. The data processing lasts for the period specified by the interested party or until the consent is withdrawn.

5.3. Conclusion and execution of a contract of assignment to a lawyer

(a) name: information necessary to identify the client
(b) email address, telephone number: information required to contact the client later,
(c) information relating to the subject matter of the contract (for example, information about property, marital status, personal circumstances): definition of the subject matter of the contract, data and circumstances necessary for the performance of the contract and the execution of the order,
(d) mandatory data that must be registered on a mandatory basis and as defined in the TMP and ADV (for example, personal identification data, copies of identity cards, data on the quality of key government roles, data on the natural identity of beneficial owners): data must be registered in accordance with mandatory legal requirements.
The legal basis for data management is the execution of the contract and the provision of any legal disputes arising in connection with it, as well as the mandatory requirements of PMT and Adv.
The duration of data processing is the term of the contract plus 5 years (total term for the fulfillment of civil legal claims), in the case of documents generated and not subject to destruction, the storage period is unlimited, in the case of data collection based on PMT and Adv 8 years from the termination of the task, which may be extended in exceptional cases provided by law.
In the absence of such a legal obligation, the Advocate will not verify the personal data provided to him. The person who provided the data is fully responsible for the accuracy of the information provided. If the User or client provides any of the email addresses involved, he is also responsible for being the only one using the email address provided.

6. Create a profile

The lawyer does not use automated decision making and does not create a data subject profile from the data available to him, nor does he use data subjects for direct commercial purposes.

7. Addressees and categories of addressees of data processing

The lawyer will usually transfer the client’s personal information to the following third parties on a data controller to data controller basis:

  • организации, предоставляющие услуги Адвокату или клиентам (например, страховая компания, поставщик аудиторских или IT-услуг и т. д.);
  • третьи лица, участвующие в выполнении договора поручения (противная сторона, органы власти, суды, эксперты, юристы или другие привлеченные Адвокатом или клиентом поставщики услуг, нотариусы);
  • надзорный орган, иные контролирующие учреждения и органы.

Clients can request personal information about the processing of personal data processed by the Advocate in connection with them (purpose of data processing, legal basis, scope of data, data transfer, duration of processing), through the following contacts:

email: mail@guseva.eu,
tel.: +36705418812,
address: 1146 Budapest Ajtósi Dürer sor 27/A, fszt. 3.

8. Method of storing personal data, security of personal data

The lawyer’s computer systems and other data storage locations are located in his office at the legal address and on the corresponding servers.

The lawyer selects and uses the IT tools used for the processing of personal data in the provision of services in such a way that the processed data:

  • be available only to those who are entitled to it;
  • have the ability to ensure their authenticity and authentication;
  • would be verifiable for immutability;
  • are protected from unauthorized access.

Advocate takes appropriate measures to protect data, in particular against unauthorized access, alteration, transfer, disclosure, deletion or destruction, as well as against accidental destruction, damage or inaccessibility as a result of changes in the technology used.

Taking into account the current state of technology, Advocate ensures the protection of the security of data processing through such technical and organizational measures that provide a reasonable level of protection commensurate with the risks associated with data processing.

At the same time, the Controller informs interested parties that electronic messages transmitted over the Internet, regardless of protocol (e.g. email, Internet, etc.), are vulnerable to network threats that lead to fraud, contract disputes or disclosure or modification of information. To protect against such threats, the Counsel shall take all precautions required of him.

The data processed by the Lawyer is primarily accessed by its employees and subcontractors, and is shared with third parties solely for the purpose of fulfilling the Lawyer’s instructions or other legitimate interests (for example, debt collection), legal obligations or with the prior express consent of the data subject.

9. International transfer of personal data to a third country

Customers’ personal data may also be transferred to controllers and processors in countries outside the European Economic Area if this is necessary for the fulfillment of an order or with the customer’s explicit consent based on information previously provided to him (Art. 49 GDPR).
Before concluding the contract, the Lawyer informs the client that data transferred outside the European Union is properly protected in relation to a recipient outside the European Union:

(a) through the general data protection provisions adopted by the Commission in accordance with the verification procedure referred to in paragraph (2) of Article 93 of the GDPR;
(b) through the general data protection provisions adopted by the supervisory authority and approved by the Commission in accordance with the verification procedure referred to in art. 93 para. (2) of the GDPR;
(c) through an approved code of conduct in accordance with Article 40 of the GDPR, as well as a legally binding and enforceable obligation of the controller or processor in the third country to apply appropriate security measures, including with regard to the rights of data subjects;
(d) through an approved certification mechanism in accordance with Article 42 of the GDPR, together with a binding and enforceable obligation of the third country controller or processor to apply appropriate security measures, including with regard to the rights of data subjects. In this context, Advocate will seek to adopt model data protection contractual clauses approved by the European Commission / NAIH with its partners from third countries.

10.Client rights

10.1 Customer access rights (Art. 15 GDPR)

The client has access to his personal data. If the client requires the Lawyer to provide feedback on whether he processes his personal data, the Lawyer is obliged to provide information within the framework established by law.

In some cases, the Advocate does not receive personal information from the data subject. In such cases, the Advocate proceeds from the fact that the person from whom he received the data had the right to transfer them to the Advocate. If the Advocate does not receive data from the data subject, his or her duty to inform the data subject is limited.

However, the Advocate is always at the disposal of the data subject in the event of a request from the data subject and provides the requested information within the framework of the law.

The client’s right to receive feedback on whether the lawyer processes his personal data applies to personal data relating to him, but does not apply to personal data not related to him.

The attorney will provide access and a copy of the personal information to the requesting client upon request. If the client requests an additional/re-copy of his personal data, the Advocate may charge a reasonable fee to cover the administrative costs incurred in connection with the execution of the request, which the client is responsible for.

10.2 Customer’s right to rectification (Art. 16 GDPR)

The client has the right to correct his personal data. This right extends to personal data concerning him; and does not apply to personal data that does not concern him.

At the request of the client, the Lawyer undertakes, within the framework of the law, to correct or supplement his personal data in an appropriate manner, as well as to inform the recipients of such personal data (if any) about the correction of personal data, except in cases where this is not possible, or disproportionate efforts to inform the recipients.

10.3 Customer’s right to cancel (Art. 17 GDPR)

Under certain conditions, the client has the right to delete his personal data.

The lawyer is obliged to delete the personal data of the client without undue delay if the lawyer processes this personal data and the client requests the deletion of his personal data, and the personal data is not necessary for the purposes for which the lawyer processes the personal data.

The lawyer is obliged to delete the client’s personal data without undue delay if the lawyer processes the client’s personal data and the client requests the deletion of his personal data and the client withdraws his consent on which the processing of his data is based, and there are no other legal grounds for the client’s data to be further processed.

The lawyer is obliged to delete the personal data of the client without undue delay if the processing is necessary to protect the legitimate interests of the lawyer or a third party, and the client objects to the processing of his personal data by the lawyer, and the legitimate reason for the processing of such personal data does not take precedence over the objection of the customer.

The lawyer is obliged to delete the client’s personal data without undue delay if the client requests the deletion of his personal data and the processing of such data by the lawyer is not illegal or the deletion is mandatory in accordance with applicable law, or the client’s data was collected in relation to information society services.

The lawyer informs the recipients of such personal data (if any) about the deletion of the client’s personal data, except in cases where informing the recipients is impossible or disproportionate.

10.4 Customer’s right to restrict data processing (Art. 18 GDPR)

The client may, within the framework of the law, demand the restriction of the processing of his personal data.
The right of the client to demand restriction of the processing of his personal data applies to personal data concerning him; and does not apply to personal data that does not concern him.

The lawyer limits the processing of the personal data of the client for a period during which he or she checks the accuracy of such data, if the client requests the restriction of the processing of his or her personal data and the client disputes the accuracy of such data.

The lawyer restricts the processing of the client’s personal data if the client asks to restrict the processing of data, the processing of which is illegal, and the client objects to the deletion of such data.

The lawyer limits the processing of the client’s personal data if the client requests the restriction of the processing of his personal data and these data are no longer needed by the lawyer for the purposes of data processing and the client requests his data to store, enforce or defend a legal claim.

The lawyer limits the processing of the client’s personal data if the client objects to the processing of personal data, which, however, is necessary for the lawyer’s legitimate interests, and the client is waiting for confirmation of the existence of a legitimate reason for the processing of the client’s personal data by the lawyer, which reason takes precedence over the client’s protest.

The lawyer informs the recipients of such personal data (if any) of any restrictions on the processing of the client’s personal data, except in cases where informing the recipients is impossible or disproportionate.

If the Advocate restricts the processing of the client’s personal data, then

  • may store such personal data,
  • may process such personal data with the consent of the client,
  • may process personal data for the establishment, assertion or defense of legal action or for the protection of human rights.

10.5 Customer’s right to data portability (Art. 12 GDPR)

The client has the right to receive personal data about himself provided to the data controller in a structured, widely used machine-readable format, and transfer this data to another data controller without preventing it (if this is technically possible). to whom personal data has been provided, if the processing is based on consent or is necessary for the performance of a contract and the processing is carried out in an automated manner.

The client’s right to data portability extends to personal data concerning him; and does not apply to personal data that does not concern him.

10.6 Right to protest:

The data subject has the right to object to processing at any time for reasons relating to his or her situation, if it is necessary for the performance of a task in the public interest or within the framework of a public authority entrusted to the Data Controller, or if the Data Controller or a third party has a legitimate interest .

The lawyer is obliged to provide the requested information in writing as soon as possible (without undue delay) from the date of application, but no later than within 30 days, or delete the data in case of withdrawal of consent. In the event of correction or deletion, the Advocate informs all recipients to whom the data was transferred.

If the Advocate is unable to comply with the request of the data subject, he must inform the data subject within 30 days.

Counsel informs data subjects that the withdrawal of consent to data processing does not affect the lawfulness of data processing carried out on the basis of consent prior to withdrawal.

11. Unauthorized access to personal data

If unauthorized access to personal data in the system of Advocate may pose a high risk to the rights and freedoms of individuals, Advocate shall inform the data subject of the data protection incident without undue delay.

Unauthorized access to personal data is any event related to the illegal handling or processing of personal data in connection with personal data that is processed, transmitted, stored or processed by the Data Controller, in particular, unauthorized or accidental access, modification, transfer, deletion, loss or destruction, or accidental destruction resulting in injury.

The Controller must, without undue delay, but no later than 72 hours after becoming aware of the unauthorized access to personal data, notify NAIH of the incident, unless the Controller can demonstrate that the unauthorized access to personal data is unlikely to place threat to the rights and freedoms of the individual. If notification cannot be made within 72 hours, the reason for the delay must be given and the required information may be provided in detail without further undue delay. The NAIH notice must contain at least the following information:

  • the nature of unauthorized access to personal data, the number and category of data subjects and personal data;
  • the name and contact details of the data controller;
  • the likely consequences of unauthorized access to personal data;
  • measures taken or planned to eliminate, prevent or eliminate unauthorized access to personal data.

Where unauthorized access to personal data may be of high risk, the Controller must inform data subjects of the data protection incident via the Data Controller’s website within 72 hours of the discovery of the data protection incident. The information must contain at least the information specified in this paragraph.

The data controller maintains a record of incidents of unauthorized access to personal data in order to track measures related to a data protection incident and to inform data subjects. The register must contain the following information:

  • the scope of the relevant personal data;
  • range and number of stakeholders;
  • date of the incident related to unauthorized access to personal data;
  • circumstances and consequences of an incident with unauthorized access to personal data;
  • measures taken to address the incident of unauthorized access to personal data.

The data contained in the register must be stored by the Data Controller for 5 years from the date of detection of unauthorized access to personal data.

12. Customer Relations

If the client has any comments, questions or problems with the management of the data of the Advocate or when using his services, he can contact him using the contact details on the Website.

13. Links to other websites

This site contains links to other providers that are not covered by this privacy statement. When a client leaves the Attorney’s website, it is recommended that you carefully read the privacy policy for all relevant websites that collect personal information.

14. Other

Advocate reserves the right to unilaterally amend this Privacy Policy with notice to interested parties.

Counsel informs his clients that they may contact Counsel to provide information, disclose data, or provide documents to an investigating authority, the National Data Protection and Freedom of Information Authority, or other bodies authorized by law.

15. Rules of procedure

The controller must provide, delete and correct personal data information within 30 days. If the Controller does not comply with such a request from the data subject, it must notify the reasons for the refusal in writing within 30 days.

16. Data Protection Authority

Complaints can be filed with the National Data Protection and Freedom of Information Authority:

National Data Protection and Freedom Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság
Legal address:1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Tel: 06-1-391-1400,
Fax: 06-1-391-1410
email: ugyfelszolgalat@naih.hu
site: http://www.naih.hu

Phone: +36 70 541-88-12
Fax: mail@guseva.eu
Ajtósi Dürer sor 27/a fszt. 3.
1146, Budapest
© 2022 All Rights Reserved Terms of Use and Privacy Policy