International Tax, Accounting and Law Firm in Hungary

Privacy policy

Gyarmathy&Partners 

Data Management Guide

 

CONTENTS:

 

  1. Name and contact details of the controller
  2. Concepts
  3. The scope of personal data, purpose, legal basis and duration of data management
  4. Method of storing personal data, security of data management
  5. Data processor used in data management
  6. Information about tracking codes and cookies
  7. Data management for sending newsletters
  8. Data management for contact and inquiry
  9. Additional data handling
  10. Customer access, rectification and erasure rights
  11. Procedural rules
  12. Contact and remedies
  13. Judicial enforcement
  14. Legislation taken into account when preparing this guide

 

1. Name and contact details of the controller

 

Dr. Gyarmathy and Partners Kft. (1136 Budapest, Tátra u. 12 / B), as data controller, recognizes the content of this privacy policy as binding. The purpose of this brochure is to record the principles of data protection and data management applied by Dr. Gyarmathy and Társai Kft. And the data protection and data management policy of the Company.

Dr. Gyarmathy and Partners Kft. takes all measures to ensure that all data processing related to its activities complies with the requirements set forth in this Prospectus and in the legislation in force.

Dr. Gyarmathy and Partners Kft. is committed to protecting the personal data of its clients and partners, and it attaches great importance to respecting the right to self-determination of its clients. Dr. Gyarmathy and Partners Kft. treat personal data confidentially and take all security, technical and organizational measures that guarantee the security of the data.

 

2. Concepts

 

• "personal data" means any information relating to an identified or identifiable natural person ("affected"); identifies a natural person who, directly or indirectly, in particular by reference to an identifier, such as name, number, positioning data, online identifier or one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of a natural person identified;

• "data management" means any set of operations or operations performed automated or non-automated on personal data or files, such as collection, recording, systematization, distribution, storage, transformation or alteration, query, insight, use, communication, distribution or other by making it available in a manner that is accessible in such a way, coordination or interconnection, restriction or erasure

• "Restriction of data management" means the marking of stored personal data in order to limit their future handling;

• 'controller' means a natural or legal person, public authority, agency or any other body that determines the purposes and means of the processing of personal data, either alone or in conjunction with others; if the purposes and means of data processing are defined by EU or Member State law, the specific aspects of the appointment of the controller or the controller may be determined by Union or national law;

• 'data processor' means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

• "third party" means any natural or legal person, public authority, agency or any other body which is not the same as the data subject, the controller, the data processor or the persons who directly manage the personal data under the direct control of the controller or the processor; have been authorized;

• "consent of the data subject" means a declaration of the will of the data subject on a voluntary, concrete and adequate basis, by which he or she expresses his / her consent to the processing of personal data concerning him or her by means of an act expressing unequivocal confirmation;

• “Data Protection Incident” means a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored or otherwise managed.

 

3. The scope of personal data, purpose, legal basis and duration of data management

 

The data management of Dr. Gyarmathy and Társai Kft. is based on voluntary consent, contractual or legal obligations. When personal data about the data subject is collected from the data subject, Dr. Gyarmathy and Társai Kft. will provide each of the following information to the data subject at the time of obtaining the personal data:

1. the identity and contact details of the controller and the representative of the controller;

2. the purpose of the planned management of personal data and the legal basis for the processing;

3. if the personal data were not obtained from the data subject: the categories of personal data concerned;

4. where appropriate, the recipients of the personal data or categories of recipients, if any.

In addition to the above information, we will also provide you with the following additional information:

1. the duration of the storage of personal data or, where this is not possible, the criteria for determining that period;

2. the right of the data subject to apply to the controller for access to, rectification, erasure or restriction of personal data relating to him or her, and to object to the processing of such personal data and his / her right to data portability;

3. in the case of data processing based on voluntary consent, the data subject has the right to withdraw the consent at any time, without prejudice to the lawfulness of the data processing carried out on the basis of consent prior to the withdrawal;

4. the right to lodge a complaint with the supervisory authority;

5. whether the provision of personal data is based on a statutory or contractual obligation or a prerequisite for the conclusion of a contract, and whether the data subject is obliged to provide personal data, and on the possible consequences of failure to provide data.

 

4. Method of storing personal data, security of data management

 
The computer systems and other data storage locations of Dr. Gyarmathy and Társai Kft. can be found at its headquarters and on its respective servers.
 
Dr. Gyarmathy and Társai Kft. select and operate the IT tools used in the provision of personal data for the management of personal data so that the data processed:
 
1. is only accessible to authorized persons;
2. is subject to authenticity and authentication;
3. is unchanged;
4. is protected against unauthorized access.
 

Dr.Gyarmathy and Partners Kft. protects the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as unavailability due to accidental destruction, damage, or alteration of the technique used.

With respect to the state of the art, Dr.Gyarmathy and Társai Kft. provide technical, organizational and organizational measures to protect the security of data management, providing a level of protection appropriate to the risks involved in data management.

At the same time, we inform those concerned that electronic messages transmitted over the Internet, from protocol (e-mail, web, ftp, etc.) are vulnerable to network threats that lead to unfair practices, contract disputes, or disclosure or modification of information. In order to protect against such threats, Dr.Gyarmathy and Társai Kft. Will take all the necessary precautions from him.

 

5. Data processor used in data management

 

Dr. Gyarmathy and Társai Kft. use business partners to provide personal data for processing purposes. For example, a contractor for the delivery of mail or software license registration with the software owner. Dr.Gyarmathy and Partners Kft. ensures that the data is transferred only to the extent necessary for the fulfillment of the obligations of the relevant contract, agreement or order.

Data may also be transmitted to data controllers and data processors in countries outside the European Economic Area if this is necessary for the execution of the order or if the User has given his explicit and informed consent (Article 49 GDPR).

The legal basis for the data processing is the informed consent of Infotv. Article 5 (1) of the Act, and CVIII of 2001 on certain aspects of electronic commerce services and information society services; Art 13 / A. (3).

The data handled by Dr. Gyarmathy and Társai Kft. is primarily handled by our competent internal staff and is passed on to third parties solely for legitimate interest (eg debt collection), legal obligation, or if the User has given its prior consent.

At the request of the data subject, the data controller shall provide information on the data processed by the data subject, or on the data processor processed by him or her, or on his behalf, the purpose of the data processing, the legal basis, duration, the name, address and data management activity of the data processor, the circumstances of the data protection incident,  its effects and the measures taken to prevent it, and, in the case of transmission of the personal data of the data subject, the legal basis and the addressee of the transfer. Information is generally free of charge if the person requesting the information has not submitted a request for information to the Data Controller in the current year. In other cases, a cost reimbursement can be required. The amount of the reimbursement may be fixed by contract between the parties. Repayment of costs already paid must be refunded if the data have been illegally treated or the request for information has led to a correction.

 

6. Information about tracking codes and cookies

 

During visits to the websites of Dr. Gyarmathy and Társai Kft., the Service Provider sends one or more cookies, ie a small file containing a string, to the visitor's computer, through which its browser can be uniquely identified. These cookies are sent to the visitor's computer only when visiting certain sub-pages, so we only store the time and date of visiting the given sub-page, and no other information. Dr.Gyarmathy and Társai Kft.  does not use automated decision-making and does not create a profile from the available data, nor does it use the data of the affected parties for direct marketing. Dr.Gyarmathy és Társai Kft.  does not apply bidding or invitations to tender, does not make marketing offers, does not engage in direct marketing or commercial activities.

The Data Controller reserves the right to make changes to the content of the Website or this Policy at any time. The User may be kept informed of the current Policy under the “Privacy and Data Management Rules” section of the Website.

Legal background and legal basis for cookies:

The legal background to data management is Act CXII of 2011 on Information Self-Determination and Freedom of Information (Infotv.) and  Act CVIII of 2001 on Certain Aspects of Electronic Commerce Services. The legal basis for data management is Infotv. Your consent is in accordance with Section 5 (1) (a).

Dr.Gyarmathy and Társai Kft. can use Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing to measure the attendance of the websites of Dr. Gyarmathy and Társai Kft. and to monitor the behavior of visitors. Codes that can be embedded in the home page and each subpage: Google analytics code, Google adwords remarketing code, Google adwords conversion tracking code, Facebook remarketing code, Facebook conversion tracking code.

In the above cases, the IP address of visitors to our website is recorded by Google and Facebook, and they can place ads on the Google Display Network, Facebook Message Wall, within 30 days of your visit.

To disable Analytics web activity, visit the Google Analytics Disabling page and install the plugin for your browser. For more information about installing and removing the plugin, see the help for that browser.

Further information concerning data protection and the possibilities of exercising data protection rights pertaining to social media and other third party providers can be obtained directly on the following websites:

Google: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Facebook: https://hu-hu.facebook.com/policies/cookies/

Instagram: https://help.instagram.com

Linkedin: https://www.linkedin.com/legal/privacy-policy

Twitter: https://twitter.com/de/privacy

Legislative background and legal basis: The background to data management is the CXII of 2011 on Information Self-Determination and Freedom of Information and Act CVIII of 2001 on Certain Aspects of Electronic Commerce Services;The legal basis for data management is Infotv. Your consent is in accordance with Section 5 (1) (a).

By using this website, you consent to the storage of such codes on your computer and access to the Data Controller. Codes are generally stored for 30 days, but you can use the browser program to set and block code activity. However, please note that in the latter case, without the use of codes, you may not be able to use every feature of the website.

 

7. Data management for sending newsletters

 

Legal background and legal basis of data management: The background of data management is Act  CXII of 2011 on Information Self-Determination and Freedom of Information. Act XLVIII of 2008 on the Essential Conditions and Certain Limitations of Economic Advertising Activities Act (Grt.). The legal basis for data management is Infotv. 5 (1) (a) and Grt. In accordance with Section 6 (1) - (2), your consent.

Purpose of data management: The purpose of data management is general information.

Scope of data processed: Data management requires the name, e-mail, telephone number and field of expertise.

Duration of data processing: Until consent is withdrawn.

 

8. Data management for contact and inquiry

 

Legal background and legal basis of data management: The background of data management is the CXII of 2011 on Information Self-Determination and Freedom of Information. (Infotv.)

The legal basis for data management is Infotv. Your consent is in accordance with Section 5 (1) (a).

Purpose of data management: The purpose of data management is to be able to answer your question and to create the best offer for you.

The range of data processed: Name, company name, address, e-mail address, phone number, and contact information.

Duration of data management: The personal information provided during the contact is stored until withdrawal, but at any time you have the option of deleting it.

 

9. Additional data handling

 

If the Data Controller wishes to carry out further data management, it will provide prior information on the relevant circumstances of the data management (the legal background and legal basis of data management, the purpose of data management, the scope of the data processed, the duration of the data management).

We will inform you that the Data Controller will have to fulfill the authorities' written requests for the provision of data. The Data Controller keeps records about  such Data Transfers in accordance with Article 15 (2) - (3) of Infotv., containing what personal data has been forwarded to which authority, on what legal basis unless its information is excluded by law.

Our Company reserves the right to unilaterally amend this Privacy Policy at the notice of the affected parties.

Our company does not verify the personal information given to it. Only the person providing it is responsible for the adequacy of the data provided. Whenever you enter an email address for any affected person, you also take responsibility for the exclusive use of the email address you provide.

We inform our clients that they the Data Controller may be required to provide information, to communicate, to transmit or to make available documents, based on the competence of the investigative authority as authorized by law or the National Authority for Data Protection and Freedom of Information.

 

10. Customer access, rectification and erasure rights

 

The data subject has the right to receive feedback from the controller on whether personal data are being processed and, if such data is being processed, to have access to personal data and the following information. The data subject shall have the right, at his request, to correct the inaccurate personal data relating to him without undue delay. Taking into account the purpose of data management, the data subject is entitled to request the supplementation of incomplete personal data, including by means of a supplementary declaration.

Upon request, the data subject shall have the right to delete the personal data relating to him or her without undue delay and the controller shall, if other conditions are met, delete the personal data relating to the data subject without undue delay.

The data subject shall have the right to limit the data controller's request, if one of the following is true:

1. the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period that allows the controller to verify the accuracy of the personal data;

2. data processing is unlawful and the data subject is against the deletion of the data and instead requests a restriction on their use;

3. the data controller no longer needs personal data for data processing purposes, but the data subject requests them for the submission, validation or protection of legal claims; or

4. the data subject has objected to the data processing; in this case, the limitation shall apply for the period until it is established whether the legitimate reasons of the controller prevail over the legitimate reasons of the data subject.

The controller shall inform all recipients of any rectification, erasure or data management restriction with whom or with whom the personal data were communicated, unless this proves impossible or requires a disproportionate effort. At the request of the data subject, the controller shall inform those addressees.

The data subject shall be entitled to receive personal data relating to him / her which is made available to him / her by a data controller in a structured, widely used, machine-readable format and shall be entitled to forward such data to another controller without being hampered by the controller whose provided personal data to you if the processing is based on voluntary consent or contract and automated.

If the processing of personal data is done for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data relating to him or her, including profiling, if related to direct marketing.


If the data subject objects to the handling of personal data for the purpose of direct marketing, then personal data will no longer be processed for this purpose.

The data subject shall have the right not to be subject to a decision based solely on automated data management, including profiling, which would have legal effect on him or would equally be significantly affected by it.

If a possible data protection incident is likely to pose a high risk to the rights and freedoms of natural persons within the system of Dr.Gyarmathy and Társai Kft., The data controller shall without undue delay inform the data subject of the data protection incident.

 

11. Procedural rules

 

The data controller has 30 days from the personal data to send, delete or correct the information. If the data controller does not comply with such a request, he or she shall communicate the reasons for the refusal in writing within 30 days.

 

12. Contact and remedies

 

Dr. Gyarmathy és Társai Kft.
Budapest
H-1136 Budapest
Tátra u. 12/B.
Telephone: (36-1) 349 2954
E-mail: office@gyarmathy.hu
Monday-Friday: 09:00 – 17:00
 

If, in your opinion, the Data Controller has violated any statutory provisions on data management or has not complied with any of its requests, we recommend that you initiate a consultation with the Data Controller at the above address in order to terminate the alleged unlawful data management. In addition, the National Authority for Data Protection and Freedom of Information may initiate an investigation procedure. Address:1125 Budapest, Szilágyi Erzsébet fasor 22/C., PO Box: 1530 Budapest, Pf.: 5, Telephone: 06.1.391.1400, Fax: 06.1.391.1410, E-mail: ugyfelszolgalat@naih.huhttp://www.naih.hu .

 

13. Judicial enforcement

 

The data controller is obliged to prove that the data management complies with the law. The data bearer must prove the legality of the data transmission.

The lawsuit may, at the option of the data subject, be brought before the competent court of the place of residence or stay of the data subject. If the court approves the application, the data controller obliges the data controller to provide information, correct, block, delete, cancel the decision made by automated data processing, to take into account the right of protest of the data subject, and to issue the data requested by the data receiver.

If the court rejects the data subject's request, the data controller must delete the personal data of the data subject within 3 days from the date of delivery of the judgment.

The controller shall also delete the data if the data importer does not go to court within the specified time limit. The court may order the disclosure of its judgment by publishing the identity of the controller if it is required by the interests of data protection and the greater number of protected rights of the data subject.

 

14. Legislation taken into account when preparing this guide

 

For matters not covered by this guide, the following laws apply:

  • Act LIII of 2017 on the Prevention and Prevention of Money Laundering and Terrorist Financing; (Pmt.)
  • Act LII of 2017 on the Implementation of Financial and Property Restrictions imposed by the European Union and the UN Security Council; law
  • Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) (GDPR)
  • Act CXII of 2011 on Information Self-Determination and Freedom of Information (hereafter: Infotv.)
  • Act CVIII of 2001 on certain aspects of electronic commerce services and information society services
  • Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers;
  • Act XLVIII of 2008 - on the basic conditions and limitations of economic advertising
  • Act XC of 2005 on Electronic Information Freedom
  • Act C of 2003 on Electronic Communications
  • Recommendation of the National Authority for Data Protection and Freedom of Information on Preliminary Information Privacy Requirements

 

The Data Controller reserves the right to modify this brochure at any time. This Privacy Policy is governed by Hungarian law. In the event of any divergence in the interpretation of this brochure in Hungarian and in foreign languages, the Hungarian text shall prevail.

 



We are dedicated to adding value to our clients’ businesses through understanding their objectives and supporting them in achieving their goals. We provide full scale services at a single point of contact.


In our Case Studies we have described some examples of how we work for our clients and what benefits we have achieved for them.


A member firm of DFK International a worldwide association of independent accounting firms and business advisers