Privacy Notice

I. The Goals and Objectives of this Notice

The objective of this Privacy Notice (hereinafter referred to as: ‘Notice’) is to state the data protection and data processing principles and policies as applied by the Riesz Law Firm (registered seat: 1093 Budapest Lónyay utca 19.) and the Péteri Law Firm (registered seat: 1125 Budapest, Fészek u. 16/B.; mailing address: 1461 Budapest PF. 74.)  (hereinafter jointly referred to as: „Law Firm” or „Controller”), based on those legal rules and standards which the Law Firm considers binding for itself as data controller

This Privacy Notice states the principles applied when processing personal data of the users of the Website (as defined below) operated by the Law Firm, and of any natural persons inquiring about services provided by the Law Firm, via the Website, by e-mail, phone or by any other means (hereinafter jointly referred to as: ‘Data Subject’ or ‘Data Subjects’).

Unless otherwise stated herein, this Privacy Notice does not apply to the data processing of personal data of natural persons in connection with the professional activities provided by the Law Firm to their Clients under a retainer agreement.

Our Clients will be notified individually on the data processing in connection with their case at the time of the execution of the retainer agreement.

When drawing up this Notice, special attention was paid to the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: „GENERAL DATA PROTECTION REGULATION” or ‘GDPR’), to the Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter referred to as: ‘INFOTV’) as well as the Act LXXVIII of 2017 on the professional activities of attorneys-at-law.

 II. Definitions

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller, joint controllers: a person which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers.

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal data transmitted, stored or otherwise processed. 

Data processor: a natural or legal person, public authority, agency or other body which processes Personal data on behalf of the Controller. Under this Notice Data Processors may be:

  • Magyar Posta Zártkörűen Működő Részvénytársaság Budapest, Dunavirág utca 2-6. 1138
  • WebDream Bt. 1023 Budapest, Gül baba u. 30.
  • Domain Regisztráció Kft. 1196 Budapest, Nagysándor József utca 158.

Website:; websites operated by the Law Firm as joint data controllers.

III. The Personal data processed by the Law Firm and the purpose, legal basis and period of processing

  1. To contact, place inquires or request in connection with the services of the Law Firm through the Website, by phone or by any other means.

Personal Data

  • name;
  • e-mail address;
  • phone number;
  • the subject and content of the massage.

Purpose of Processing Activities

The purpose of the process of Personal data under this section to answer, handle and respond to inquiries.

The Controller is not using the provided Personal data for purposes other than set out in this sections.

 Legal Basis and the Retention period

The legal basis of processing is the consent of the Data Subject.

Personal data may be processed until it is compatible with its purposes, but no later than the withdrawal of consent by the Data Subject, if there is no other legal basis whereunder further process necessary.

In case of processing upon consent, the Data Subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent, however, shall not affect the lawfulness of processing based on consent before its withdrawal.

  1. Processing the data of the visitors of the Website, Using Cookies.

By visiting the Website, the Data Subject consents to the placement of cookies on his or her computer (or other device) that help the operation of the Website and provide information about the behaviour of users on the Website.

Controller uses these information to improve the Website.

The cookies used by the Controller only provide anonymized and aggregated technical information. These cookies are primarily to ensure easy navigation on the Website, to identify which parts are of particular interest to visitors, and to improve the Website in general. Based on the information collected in this way, the user cannot be uniquely identified.

The Controller does not wish to uniquely identify visitors unless they voluntarily provide their data through the Website in any way.

In case of the usage of the cookies, the data carried by the cookies may be processed as long as the Data Subject does not disable their use in the browser’s settings, but at the latest as long as the data processing is necessary for the technical operation of the Website

IV. Profiling

Controller use no automated decision-making, does not perform profiling regarding the Data Subjects using the data available to it, and it does not use the data of the Data Subjects for direct marketing purposes.

V. Rights of the Data Subject and ways of enforcement

The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not his or her Personal data are being processed, and, where that is the case, access to the Personal data, particularly to the information as listed below:

  • the purposes of the processing;
  • the categories of Personal data concerned;
  • the recipients or categories of recipients to whom the Personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the Personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the Data Subject’s right to request from the Controller rectification or erasure of Personal data or restriction of processing of Personal data or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the Personal data are not collected from the Data Subject, any available information as to their source;
  • the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as about the significance and the envisaged consequences of such processing for the Data Subject.

The Data Subject may request the Controller anytime – by sending a registered letter with acknowledgment of receipt to Controller’s address or an e-mail – to provide information about processing their Personal data.

Information requests via post mails shall be deemed authentic by the Controller, if the Data Subject can clearly be identified based on that request. Information requests via e-mails shall be deemed authentic by the Controller, if sent from the e-mail box as supplied previously by the Data Subject.

The Data Subject shall have the right to have rectified or amended their Personal data processed by the Controller.

Regarding the purpose of processing, the Data Subject shall have the right to have completed their incomplete Personal data.

Personal data supplied by the Data Subject can be amended by sending an e-mail request to Controller’s e-mail address as stated above.

Once the request to amend Personal data has been completed, the prior (erased) data cannot be restored anymore.

The Data Subject shall have the right to have erased their Personal data processed by the Controller. The request may be refused,

  • if the Controller is authorised by law to process Personal data; and
  • processing is necessary for establishment, exercise or defence of legal claims.

The Controller shall notify the Data Subject of any refusal of erasure requests, including the reasons for refusal. Once the request to erase Personal data has been completed, the prior (erased) data cannot be restored anymore.

The Data Subject shall have the right to obtain from the Controller restriction of processing if one of the following applies:

  • the accuracy of the Personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of that Personal data;
  • the processing is unlawful and the Data Subject opposes the erasure of the Personal data and requests the restriction of their use instead;
  • the Controller no longer needs the Personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims; or
  • the Data Subject has objected to processing, pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.

The Data Subject shall have the right to receive the Personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and/or to transmit those data to another controller.

The Data Subject shall have the right to object to the processing of their Personal data, if

  • processing is carried out solely for the purpose of fulfilling the Controller’s legal obligations or for enforcing the rights and legitimate interests of the Controller or of a third party;
  • Personal data are being processed for the purposes of direct marketing, public opinion polling or scientific research; or
  • data are processed for the purposes of carrying out tasks in the public interest.

The Controller shall investigate the cause of objection. If, according to the findings of the Controller, the objection is justified, the Controller shall terminate all processing activities, block the Personal data involved and notify all recipients to whom any of these Personal data had previously been transferred of the objection and of the ensuing measures taken by the Controller.

In case of Personal data breach if a Personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall communicate the Personal data breach to the Data Subject without undue delay. The communication to the Data Subject shall not be required if any of the following conditions are met:

  • the Controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the Personal data affected by the Personal data breach, in particular those – such as encryption – that render the Personal data unintelligible to any person who is not authorised to access that data;
  • the Controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data Subjects is no longer likely to materialise;
  • the communication of data breach would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure taken by the Controller whereby the Data Subjects are informed in an equally effective manner

VI. Processing of personal data

The Controller uses the above detailed Processors for performing its services.

The Processors shall not make individual decisions, they may only process the Personal data in accordance with the agreement concluded with the Controller and with the instructions of the Controller.

The Controller controls the performance of the Processors.

The Processors may only use sub-processor with the prior written consent of the Controller.

VII. Transfer of personal data  

The transfer of the Personal data to the Processors defined in this Privacy Notice may be realized without the prior specific consent of the Data Subject as the Data Subject gave his or her consent by accepting this Privacy Notice. Any disclosure of Personal data to third parties or to authorities – unless otherwise required by law – is only allowed on the basis of authorities’ decisions or upon explicit prior consent of Data Subject.

The Controller shall have the right and be obliged to transfer to the competent authorities Personal data available to and stored by the Controller in a lawful manner, if required to do so by law or by final decisions of authorities. The Controller can not be hold responsible for such data transfer or for resulting consequences.

The Controller shall keep data transfer records for the purpose of checking the lawfulness of data transfer and of ensuring its proper communication to the Data Subject.

VIII. Legal Remedy

The staff of the Controller can be contacted via e-mail with any questions or concerns to data processing:

Users may lodge a privacy complaint directly with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest,
Falk Miksa utca 9-11 phone: 36-1-391-1400; e-mail: web:

In case of infringement of their rights, the Data Subject may bring the matter before a court, which will then have jurisdiction. The case – at the option of the Data Subject – may be brought before the tribunal in whose jurisdiction the Data Subject’s permanent or temporary residence is located. Upon request, the Controller shall inform the Data Subject of the possibilities and means for seeking legal remedy.

Riesz & Péteri is a member of the MSI Global Alliance and Proteus International.

Copyright © Riesz & Péteri