Privacy notice
Data of the Data Controller
- The data controller is Dávid and Sike Law Office (“Data Controller”)
- Registered office: 1164 Budapest, Cukornád utca 56.
- Represented by Dr. Péter Dávid
- Email: info@fintechjog.hu
The Data Controller is responsible for the preparation of this Privacy Notice (the “Notice”), for the enforcement of its contents, for the control and for the implementation of the necessary changes. The current version of this Notice is available at the Data Controller’s registered office and on the fintechjog.hu website (hereinafter referred to as the Website).
1. Data processed by the Data Controller
1.1 On the fintechjog.hu website operated by the data controller
The Data Controller shall carry out the following data processing activities in respect of the Data Subject visiting the fintechjog.hu website (hereinafter referred to as the Website) operated by the Data Controller:
| Personal data | Purpose of processing | Legal basis | Time of processing |
| Other personal data provided by the Data Subject in a text message sent by the Data Subject or on the contact sub-page, such as name, email address | Maintaining contact, the primary aim of which is to provide the Data Subjects with appropriate information, and to deal efficiently and promptly with any questions that may arise;
Providing information on specific services, and performing information tasks. |
THE GDPR 6. Article 4(1)(a), the Data Subject’s voluntary consent, which he or she gives to the Data Controller by sending the message. | The Data Controller shall process personal data for the duration of the purpose of the processing, primarily in connection with the provision of contact and services, or until the Data Subject requests the erasure of his or her data or withdraws his or her consent. |
| Information from cookies and similar technologies | Some of the cookies we use are essential for the proper functioning of the site (session cookies), others are used to make the site more convenient for you. To facilitate navigation and thus the use of the website by recording the visitor’s preferences and usage habits. | The Data Subject’s voluntary consent, which is given to the Data Controller by sending the message. | The Data Controller shall process personal data for the duration of the purpose of the processing, primarily in connection with the provision of contact and services, or until the Data Subject requests the erasure of his or her data or withdraws his or her consent. |
1.2 Responsibility for the data provided by the Data Subject
The Data Subject may only provide his/her own personal data. If you do not provide your own personal data, it is the responsibility of the data provider to obtain the consent of the data subject.
2. Accessibility of personal data
Only the Data Controller is entitled to direct access to personal data.
The Data Controller shall make all reasonable technical efforts to ensure the secure storage of the Data Subject’s data. The 1. The Data Controller shall treat the information generated by the provision of the data specified in point (a) with the utmost care and in strict confidence.
3. Data transmission
By accepting this Privacy Notice, the Data Subject, acknowledging the data protection principles, expressly consents to the Data Controller transferring the data provided to service providers having a direct contractual relationship with the Data Subject. The data transmitted may be used by each data subject solely for the performance of the contractual task and may not be retained for further use or disclosed to third parties in any form.
The Data Controller will not make the stored data available to any third party, except in cases specified by law (e.g. in the context of criminal proceedings) or in the performance of its contractual duties.
The Data Controller does not transfer data in the course of providing the service.
4. Data processing
The Data Controller shall only use data processors who provide adequate guarantees of compliance with the data protection legislation in force at the time of processing, who ensure the protection of the rights of data subjects as a matter of priority and who take appropriate technical and organisational measures to protect personal data.
The following partner acts as Data Processor for the Data Controller in the processing of the data:
| Data processor | The activities carried out by the Data Processor, the data collected by the Data Processor |
| The Webparadicsom Media Group Kft. (registered office: 1027 Budapest, Bem József utca 9.) provides hosting services for the operation of the website. | During the provision of the hosting service and the possible error correction, Webparadicsom Media Group Kft. see the data stored in the repository. |
5. Rights of the Data Subject
Upon the Data Subject’s request, the Data Controller shall provide information about the personal data processed by the Data Controller, their source, the purpose, legal basis and duration of the processing, and, in the case of the transfer of the Data Subject’s personal data, the legal basis and the recipient of the transfer. Information can be requested by e-mail at info@fintechjog.hu, in both cases by providing proof of identity and a postal address. The Data Controller shall respond in writing within 25 (twenty-five) days of receipt of the request at the latest.
The data subject is entitled to request the rectification of his/her personal data (indicating the correct data) also by e-mail to info@fintechjog.hu, in each case by providing proof of identity and a postal address. The controller shall promptly make the correction in its records and notify the data subject in writing of the correction.
In addition to the above, the data subject may at any time request the deletion or restriction of the processing of his or her data, free of charge and without giving any reason, by sending an e-mail to info@fintechjog.hu, providing proof of identity and a postal address. The Data Controller shall, immediately upon receipt of the request for erasure, ensure the cessation of the processing and erase the Data Subject from its records.
Instead of deletion, the Data Controller shall limit the processing of personal data if the Data Subject so requests. If the processing is restricted, such personal data, except for storage, may only be processed with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.
If the Data Controller does not comply with the Data Subject’s request for rectification, restriction of processing or erasure, the Data Controller shall, within 25 (twenty-five) days of receipt of the request, communicate in writing the factual and legal grounds for refusing the request for rectification, restriction of processing or erasure.
In case of refusal of a request for rectification, erasure or restriction of processing, the Data Controller shall inform the Data Subject of the possibility of judicial remedy and of recourse to the National Authority for Data Protection and Freedom of Information.
The Data Subject may object to the processing of their personal data,
- where the processing or transfer of personal data is necessary solely for compliance with a legal obligation to which the Controller is subject or for the purposes of the legitimate interests pursued by the Controller, the recipient or a third party, except in cases of mandatory processing;
- if the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes; and
- in other cases specified by law.
The Data Controller shall examine the objection within the shortest possible period of time from the submission of the request, but not later than 15 days, shall decide on the merits of the objection and shall inform the applicant in writing of its decision. If the Data Subject does not agree with the decision of the Data Controller or if the Data Controller fails to comply with the above deadline, the Data Subject may, within 30 days of the notification of the decision or the last day of the deadline, have recourse to the court of the Data Subject’s domicile or the seat of the Data Controller.
6. Data security
The Data Controller undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration. You also undertake to require any third parties to whom you transfer or disclose data on the basis of the Data Subject’s consent to comply with the requirement of data security.
The Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. The processed data may only be accessed by the employees of the Data Controller, the Data Controller shall not disclose them to third parties who are not entitled to access the data.
The Data Controller shall make every reasonable effort to ensure that the data are not accidentally damaged or destroyed. The Data Controller also requires the above commitment from its employees involved in the processing activity.
Under no circumstances will the Data Controller collect sensitive data, i.e. data revealing racial or ethnic origin, membership of national or ethnic minorities, political opinions or party affiliations, religious or other beliefs, membership of an interest group or criminal records.
In the event of a personal data breach, the Data Controller shall notify the supervisory authority without undue delay and no later than 72 hours after becoming aware of the personal data breach, unless the personal data breach is unlikely to pose a risk to the rights and freedoms of natural persons. In the unexpected case where the notification is not made within 72 hours, the Data Controller shall also attach to the notification the reasons justifying the delay.
Where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the personal data breach without undue delay.
When the Data Controller informs the data subject of a likely high risk personal data breach:
- describes the nature of the data breach in a clear and plain language;
- provide information on the name and contact details of other contacts who can provide further information;
- describes the likely consequences of a data breach;
- describe the measures taken or envisaged by the Data Controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.
7. Enforcement options
The Controller will make every effort to ensure that personal data are processed in accordance with the law. If you do not believe that you meet these requirements, please contact us in writing at info@fintechjog.hu.
If you consider that your right to the protection of your personal data has been infringed, you have the right to seek redress from the competent bodies in accordance with the applicable legislation.
- National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11.)
- the court in the place of residence of the Data Subject or the place where the Controller is established.
8. Other provisions
This Notice is subject to EU Regulation 2016/679 (“GDPR”) and Hungarian law, in particular the Hungarian Act on the Right to Informational Self-Determination and Freedom of Information of 2011. CXII. the provisions of the Act shall apply.
The Data Controller reserves the right to unilaterally amend this Privacy Policy at any time, with prior notice to the data subjects.
Budapest, 2024. 5 March.
David and Sike Law Office
Data Controller