Kapolyi Law Firm (“Data Controller”) is continuously ensuring in respect of all personal data processed by it the legality and limited purpose of the data processing.

The purpose of this policy is to provide appropriate information for the persons who provide their personal data on the www.kapolyi.com website about the conditions, guarantees and duration of the data processing by the Data Controller.

The data processing of the Data Controller complies with the relevant acts of law, especially the following ones:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, henceforth: GDPR)
Act CXII of 2011 on the right of informational self-determination and on freedom of information

Contact information of the Data Controller:
Name: Kapolyi Law Firm
Seat: 1051 Budapest, József nádor square 5-6. 3rd floor
Phone: +36-1-267-3975
E-mail: info@kapolyi.com
website: www.kapolyi.com („Website”)

1. Getting in touch with the Data Controller

The Data Controller provides the opportunity for the customers on the Website to make their reservations by electronic means.
Processor of personal data: the Data Controller
Purpose of data processing: the facilitation of accommodation reservation
Legal basis of data processing: consent of the data subject pursuant to GDPR Article 6 (1) a).
Processed personal data: name, e-mail address, subject and contents of the message.
Duration of data processing: five years from the termination of the given case or six month from of the message sending if no client instruction is concluded upon the email
Utilization of Data Processor: hosting provider as indicated on the imprint page.

Providing personal data is not mandatory, the possible consequences of the failure to provide data: the data subject will be unable to use the messaging function.

Rights of the data subject:
may request the access to the personal data concerning him/her,
may request the amendment of those,
may request the deletion of those,
may request the restriction of processing of personal data subject to the circumstances pursuant to GDPR Article 18 (namely the Data Controller shall not delete or destruct the data until the request of courts or authorities, but at the longest for 30 days and furthermore the data shall not be processed with any other aim).
if it is necessary, that the data processing shall happen pursuant to legal interest of the Data Controller as well, may object against the processing of personal data.
can practice the right for data portability. Pursuant to the latter right, the data subject is entitled to obtain the personal data concerning him/her in the format of MS Word or Excel, and furthermore entitled, that the Data Controller shall forward the data for another Data Controller on his/her demand.

2. Application to a job ad via the Website

The Data Controller provides the opportunity for the customers on the Website to upload their job application.
Processor of personal data: the Data Controller
Purpose of data processing: application to job ad
Legal basis of data processing: consent of the data subject pursuant to GDPR Article 6 (1) a).
Processed personal data: name, e-mail address, subject and contents of the message.
Duration of data processing: until the job interview or job offer, but for a maximum duration of six months.
Utilization of Data Processor: hosting provider as indicated on the imprint page.

Providing personal data is not mandatory, the possible consequences of the failure to provide data: the data subject will be unable to apply.

Rights of the data subject:
may request the access to the personal data concerning him/her,
may request the amendment of those,
may request the deletion of those,
may request the restriction of processing of personal data subject to the circumstances pursuant to GDPR Article 18 (namely the Data Controller shall not delete or destruct the data until the request of courts or authorities, but at the longest for 30 days and furthermore the data shall not be processed with any other aim).
if it is necessary, that the data processing shall happen pursuant to legal interest of the Data Controller as well, may object against the processing of personal data.

3. Cookies

To make this site work properly, the Data Controller places a small data file called cookie on the visitor’s device. Most websites do this too.

A cookie is a small text file that a website saves on the computer or mobile device of the visitor when he or she visits the site.

The Website uses Google Analytcs, that is operated by Google LLC. With these cookie („__utma” és „__utmz”) we can analyze the traffic of the Website. The use of this system only lets the Website to store the IP address (internet protocoll address, ie. the identification code of a computer or other device that is conntected to the internet) and the interactions ont he Website, based on this neither Google LLC nor the Data Controller can identify the visitor, but based on the IP address the country and city from where the page is visited and internet service provider of the visitor can be identified and based ont he IP address the internet service provider can identify the subscriber.

The Website further uses the cookies of WordPress („aviaCookieConsent” és „itsec-hb-login-c5acc86d42aa8955cf43ce83484693c5”). With the former cookie the Website saves for two months wether the visitor has consented to the use of the cookies on the Website. The latter cookie serves security purposes.
The visitor of the website can control and/or delete cookies as he or she wishes. For details aboutcookies.org may be consulted. The visitor can delete all cookies that are already on his or her computer and can set most browsers to prevent them from being placed. If the visitor does this, however certain functionalities may not work.

4. Rigths of the persons concerned, possibility for legal remedy.

The data subject may require information on the processing of his/her personal data, as well as may require the amendment of his/her personal data, furthermore – with the exception of the obligatory data processing – the deletion and withdrawal of them, may exercise his/her right to data portability and to objection as indicated at the data recording or on the contacts of the Data Controller as indicated above.

For the request of the data subject the information is forwarded without undue delay by electric means, but at the latest within one month. The Data Controller performs these requests of the persons concerned free of charge.

Rights of information:
The Data Controller implements appropriate measures in order to provide for the persons concerned all information regarding the processing of personal data pursuant to GDPR Article 13 and 14 and all instructions pursuant to GDPR Article 15-22 and 34 in a compact, transparent, comprehensible and easily accessible form, formulated in a clear and easy to understand way, precisely at the same.

Right of access of the data subject:
The data subject is entitled to access its personal data (receive a copy) and to receive feedback from the Data Controller whether the process of his/her personal data is in progress. If the process of his/her personal data is in progress, the data subject is entitled to gain access to the personal data and in the following enumeration to be found information:
purpose of data processing,
categories of the personal data concerned.
addressees and the categories of addressees, for whom the personal data were disclosed or going to be disclosed, including particularly those third country (non-European Union) addressees, and international organizations,
planned duration of the storage of personal data,
right of amendment, deletion or restriction of data processing and the right of objection,
right of submitting a complaint for the competent supervisory authority,
information regarding the data source; the fact of automated decision making, including profiling as well, and on the applied logics and comprehensible information on what kind of significance this data processing has and what kind of consequences does it have on the data subject.

Right of rectification:
Pursuant to the rule of law anyone shall claim the amendment of inaccurate personal data concerning him/her and supplement of the incomplete data.

Right to erasure:
The data subject in case of the reasons below is entitled to make the personal data concerning him or her deleted on his demand without undue delay:
the personal data are not necessary anymore for the purpose on which they were collected or handled in another way,
the data subject withdraws the consent for data processing and the data processing does not have any other legal basis,
the data subject objects against the data processing and there is not any priority lawful reason ,
unlawful processing of personal data can be determined;
personal data shall be deleted for the fulfilment of obligations prescribed by to the Data Controller applicable the law of the European Union or member states,
personal data is collected regarding services being offered in relation with information society.

The deletion of data cannot be initiated, if the data processing is necessary for the following purposes:
for the purpose of exercising freedom of expression and information,
for the implementation of the task carried out in the framework of the fulfilment of obligation pursuant to the law of the European Union or a member state prescribing the processing of personal data to be applied for the Data Controller or for the exercise of public authority vested on the Data Controller.
for the purpose of public health, archiving, scientific and historical research or statistics based on public interest,
or for submission, enforcement or protection of legal claims

Right of restriction of data processing:
On the request of the data subject, data processing can be restricted pursuant to the conditions set out in GDPR Article 18.
the data subject disputes the accuracy of personal data, the restriction applies to the period of time, which enables the supervision of the accuracy of personal data.
the data processing is unlawful and the data subject opposes the deletion of data and instead claims the restriction of application of those,
the Data Controller does not need the personal data for the sake of data processing, but the data subject requires those for the submission, enforcement or protection for legal claims,
the data subject objected against the data processing; the restriction applies to that period of time, while it is determined whether the lawful reasons of the Data Controller has priority above the reasons of the data subject.

If data processing falls under restriction, personal data with the exception of storage shall be processed only with the consent of the data subject, or for the submission, enforcement or protection for legal claims, or in favor of the protection of rights of natural and legal persons, or for the important public interest of the European Union or other member states. The data subject shall be informed preliminary about the release of the restriction of data processing.

Right of data portability:
The data subject is entitled to receive the personal data concerning him/her, which was provided for the Data Controller in a well-articulated, commonly used and by computer readable format and to forward these data for another Data Controller. The Data Controller shall fulfill these demands of the data subject in the format of MS Word or Excel. The condition of the right of data portability is that the processing is automated and the legal ground is either consent or contract.

Right of objection:
If the processing of personal data is carried out in the interest of direct marketing, the data subject is entitled to object against the processing of the personal data concerning him or her for this purpose at any time, including profiling as well, if it relates to direct marketing. In case of objection against the processing of personal data for the sake of direct marketing, these data shall not be processed. The right of objection applies to the data subject, if the data processing is carried out pursuant to the lawful interest of the Data Controller, however in this case the subject of evaluation is the fulfillment of the request depending on which party’s rights have priority pursuant to GDPR Article 21 (1).

Right of withdrawal:
The data subject is entitled to withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of data processing which based on consent prior to the withdrawal.

Procedural rules:
The Data Controller informs the data subject without undue delay but nonetheless within one month from the arrival of the claim about the implemented measures based on the claim. If it is necessary, taking into consideration the complexity of the claim and the number of claims, the deadline can be prolonged with additional 2 months. The Data Controller informs the data subject within one month calculated from the receipt of the claim about the prolongation of the deadline with indicating the reason of delay.

If the data subject submitted the claim by electronic mean, the information shall be granted also by electronic mean unless the data subject wishes it otherwise.

If the Data Controller does not take measures following the request of the data subject, without undue delay but at the latest within one month from the receipt of the request, the Data Controller informs the data subject about the reasons of the failure of measure, as well as the data subject is entitled to submit a complaint for the supervisory authority and may exercise the right of judicial remedy.

The Data Controller informs all those addressees on all the accomplished correction, deletion or restriction of processing, with whom the personal data were communicated, unless it is impossible or requires disproportionate exertion. On the request of the data subject the Data Controller provides information on these addressees.

If the Data Controller infringes the rights on informational self-determination of the date subject, he or she is entitled to file a complaint at the Hungarian National Authority for Data Protection and Freedom of Information or start a civil suit before the competent court.

Hungarian National Authority for Data Protection and Freedom of Information
postal address: 1530 Budapest, Pf.: 5.
address: 1055 Budapest, Falk Miksa street 9-11.
Phone: +36 (1) 391-1400
E-mail: ugyfelszolgalat@naih.hu
Honlap: http://naih.hu