iroda@bonebeatrix.hu
+36 30 343 6182
en

Privacy Policy 

INTRODUCTION Dr. Beatrix Bóné, Lawyer (hereinafter: Data Controller or Lawyer), necessarily processes data during her activities; however, she pays increased attention to the protection of personal data, compliance with mandatory legal provisions, and secure and fair data processing. The purpose of this policy is to provide Data Subjects with all essential information and guidance in a concise, transparent, intelligible, and easily accessible form, formulated clearly and plain-spokenly, and to assist Data Subjects in exercising their rights.

In connection with the conclusion and performance of the lawyer engagement contract and other contracts concluded by her, or with natural persons contacting her for other purposes, the Data Controller processes personal data in accordance with the General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – (hereinafter: "GDPR"), as well as Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: "Privacy Act"), Act LXXVIII of 2017 on the Activities of Lawyers (hereinafter: "Act"), and Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (hereinafter: "AML Act").

THE DATA CONTROLLER AND CONTACT DETAILS: Name: Dr. Beatrix Bóné Seat: 1039 Budapest, Temesvári u. 32. E-mail: iroda@bonebeatrix.hu Phone: +36 30 343 6182

I. DEFINITIONS

  1. personal data: any information relating to the data subject which can be associated with the Data Subject or makes the Data Subject identifiable (e.g., name, phone number, online identifier, location data, facial image, voice, etc.) [Regulation Art. 4(1)]. Personal data retains this quality during processing as long as its connection with the Data Subject can be restored using the information and technical conditions held by the Data Controller;

  2. processing: any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

  3. data controller: the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data;

  4. consent of the data subject: any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

  5. data transfer: making the data accessible to a specific third party;

  6. data erasure: making the data unrecognizable in such a way that its restoration is no longer possible;

  7. data marking: supplying the data with an identifying mark for the purpose of differentiation;

  8. restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future;

  9. data destruction: the complete physical destruction of the medium containing the data;

  10. data processor: a legal person which processes personal data on behalf of the data controller;

  11. recipient: a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not;

  12. cookie: a small data packet (text file) sent by the web server and placed on the user's computer for a specified period, which, depending on its nature, the server may supplement upon subsequent visits—i.e., if the browser sends back a previously saved cookie, the provider managing the cookie has the opportunity to link the user's current visit with previous ones, but exclusively regarding its own content;

  13. client: a natural or legal person who has concluded an engagement contract with the Lawyer, or a natural or legal person who uses the Lawyer's services without concluding an engagement contract;

  14. data subject: an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

  15. third party: a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

  16. IP address: in all networks where communication follows the TCP/IP protocol, server machines have an IP address, i.e., an identification number, which allows the identification of the given machines through the network;

  17. objection: a statement by the data subject objecting to the processing of their personal data and requesting the termination of processing or the erasure of the processed data.

II. PRINCIPLES RELATING TO THE PROCESSING OF PERSONAL DATA 

Personal data shall be: 

a) processed lawfully, fairly, and in a transparent manner ("lawfulness, fairness, and transparency");

b) collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes ("purpose limitation");

c) adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed ("data minimization"); 

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate are erased or rectified without delay ("accuracy"); 

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ("storage limitation"); 

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures ("integrity and confidentiality"). 

The data controller shall be responsible for, and be able to demonstrate compliance with, the above ("accountability").

III. LEGISLATION The Data Controller processes the personal data handled by her in all cases in compliance with the current Hungarian and European legislation and data processing principles, ensuring the guarantee conditions necessary for secure data processing. Data processing procedures were developed based on, in particular, but not limited to:

  • Regulation (EU) 2016/679 (GDPR)

  • The Fundamental Law of Hungary

  • Act V of 2013 on the Civil Code

  • Act LXXVIII of 2017 on the Activities of Lawyers (Act)

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Privacy Act)

  • Act C of 2000 on Accounting

  • Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (AML Act)

IV. RIGHTS OF THE DATA SUBJECT:

  1. Right of access: The Data Subject may receive feedback on the processing of their data, access the details of processing, and receive a copy of the data.

  2. Right to rectification: The Data Controller shall rectify inaccurate data without undue delay upon request.

  3. Right to erasure: The Data Subject may request erasure if the data is no longer necessary, consent is withdrawn, or processing is unlawful.

  4. Right to be forgotten: The Data Controller shall strive to notify other controllers of the erasure request regarding data made public.

  5. Right to restriction of processing: Processing may be restricted if accuracy is contested, processing is unlawful, or the data is needed for legal claims.

  6. Right to data portability: The Data Subject may receive their data in a structured, machine-readable format.

  7. Right to object: The Data Subject may object at any time to processing based on legitimate interest.

  8. Responding to requests: Requests are examined within 30 days (15 days for objections).

  9. Initiation of rights: via post (1039 Budapest, Temesvári u. 32) or e-mail (iroda@bonebeatrix.hu).

  10. Right to lodge a complaint: Primarily to the Lawyer, secondarily to the National Authority for Data Protection and Freedom of Information (NAIH).

  11. Right to a judicial remedy: Data Subjects may turn to the competent court against binding decisions of the supervisory authority or in case of unlawful processing.

V. DATA SECURITY 

The Data Controller minimizes processing to reduce risks and ensures transparency to detect incidents. Security measures include:

  • Password protection for electronic storage.

  • Physical protection (locks, alarms) for paper-based data and hardware.

  • Access restricted to authorized persons only.

  • Regular backups and antivirus software.

  • Compliance with lawyer-client privilege regulations.

VI. PERSONAL DATA BREACH 

A breach is a security violation leading to the destruction, loss, or unauthorized access of data. If detected, please notify the Lawyer immediately. Breaches are reported to the authority within 72 hours unless they pose no risk. If high risk, Data Subjects are notified without delay.

VII. DATA PROCESSING ACTIVITIES

  1. Processing within lawyer engagement and identification: Based on the Act, for performance of contract and legal obligations (billing, AML identification). Retention: 8 years from contract termination (5 years after legal disputes).

  2. Case registry: Mandated by Section 53 of the Act. Includes case ID, client name, subject, date of engagement. Retention: 5-10 years depending on the case type.

  3. Mandatory legal representation registry: For cases where legal representation is compulsory. Retention: 8 years.

  4. Partner/Client contact data: Based on legitimate interest for business communication. Retention: until June 30 of the year following cooperation, or 8 years if part of an engagement contract.

  5. Document countersignature for public registries: Mandatory identification under Section 32 of the Act. Retention: 10 years from countersignature.

  6. Client Due Diligence (AML): Mandatory identification for transactions over specific thresholds (e.g., HUF 4.5 million) or business relationship establishment.