hungarian flag
Facebook Linkedin X-twitter
Contact us

Privacy Policy

DATA PROCESSING NOTICE

Dr. Rácz Gergely Law Office
Effective date: March 29, 2026

1. Details of the Data Controller

Data Controller: Dr. Rácz Gergely Law Office
Registered office: 1067 Budapest, Podmaniczky utca 29. 5th floor 21.
Tax number: 19344016-2-42
Bar registration number: 5260 (Budapest Bar Association)
E-mail: ugyved@drraczgergely.hu
Website: www.drraczgergely.hu
Phone number: +36 20 369 0897

Contact person and representative:
Dr. Rácz Gergely, attorney-at-law, head of office
(Bar ID: 36067555)

2. Purpose and Scope of the Notice

The purpose of this Data Processing Notice (hereinafter: Notice) is to define the data protection and data processing principles applied by Dr. Rácz Gergely Law Office (hereinafter: Data Controller or Office), which the Data Controller considers binding upon itself.

The Notice also aims to inform data subjects (clients, persons initiating contact, partners) about:

  • the processing of their personal data,
  • the protection of such data,
  • and the rights they are entitled to.

The Data Controller declares that it pays particular attention to the protection of personal data, complies with applicable legal provisions, and ensures that its data processing practices comply with this Notice and applicable laws.

3. Applicable Legislation

The following legislation primarily governs data processing:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information
  • Act LXXVIII of 2017 on Attorneys
  • Act V of 2013 on the Civil Code
  • Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing

4. Definitions

The terms used in this Notice are interpreted in accordance with Article 4 of the GDPR:

Personal data: any information relating to an identified or identifiable natural person.

Processing: any operation performed on personal data, whether automated or not, such as collection, storage, use, transmission, or deletion.

Data Controller: the entity determining the purposes and means of data processing.

Data Processor: the entity processing personal data on behalf of the Data Controller.

Data subject: an identified or identifiable natural person.

Consent: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes.

Data breach: a breach of security leading to accidental or unlawful destruction, loss, alteration, or unauthorized access to personal data.

5. Principles of Data Processing

The Data Controller applies the principles set out in Article 5 of the GDPR:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

6. Purpose, Legal Basis and Duration of Data Processing

6.1. Legal services

Purpose:

  • Conclusion and performance of legal service contracts
  • Provision of legal advice
  • Legal representation (litigation and non-litigation)
  • Drafting and countersigning documents
  • Compliance with legal obligations

Processed data:

  • Identification data
  • Contact details
  • Financial data
  • Case-related documents
  • Any data necessary for legal representation

Legal basis:

  • GDPR Article 6(1)(b) – performance of a contract
  • GDPR Article 6(1)(c) – legal obligation

Retention:

  • 8 years after termination
  • In case of disputes: 5 years after closure
  • Certain documents: 5–10 years
  • Files destroyed after 10 years as required by law

6.2. Case registry

Purpose: maintaining mandatory legal records
Legal basis: GDPR Article 6(1)(c)
Retention: 5 or 10 years

6.3. Client due diligence (AML)

Purpose: compliance with anti-money laundering obligations
Legal basis: GDPR Article 6(1)(c)
Retention: 8 years

6.4. Contact-related processing

Purpose:

  • Communication
  • Consultation
  • Providing information

Processed data:

  • Name
  • E-mail
  • Phone number
  • Additional data provided by the user

Legal basis:

  • Consent
  • Legitimate interest

Retention:

  • Until withdrawal of consent
  • If no contract: 1 year

6.5. Website data processing

Purpose:

  • Website operation
  • Analytics
  • Communication

Processed data:

  • Contact form data
  • Technical data (IP address, browser, timestamp)

Legal basis:

  • Consent
  • Legitimate interest

Retention:

  • Contact data: as above
  • Technical data: 1 year

Cookies: regulated in a separate Cookie Notice

6.6. Billing

Purpose: accounting compliance
Legal basis: GDPR Article 6(1)(c)
Retention: 8 years

7. Data Transfers and Processors

7.1. Data transfers

Data may be transferred:

  • to authorities (legal obligation)
  • to partners (with consent)
  • to fulfill contracts

The Data Controller is bound by attorney-client confidentiality.

7.2. Data processors

Accounting provider: [to be completed]
IT provider: [to be completed]

Processors provide appropriate GDPR guarantees.

7.3. Transfers to third countries

No transfers outside the EU/EEA are carried out as a rule.
If necessary, appropriate safeguards are applied.

8. Rights of Data Subjects

Data subjects have the following rights:

  • Right to information
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to data portability
  • Right to object

No automated decision-making is applied.

Exercise of rights:

Response time: 1 month

9. Withdrawal of Consent

Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

10. Data Security

The Data Controller applies appropriate technical and organizational measures, including:

  • Physical protection of premises
  • Password-protected systems
  • Firewall and antivirus software
  • Regular backups
  • Secure storage
  • Restricted access
  • Encrypted communication
  • Confidentiality obligations

11. Data Breach Handling

In case of a data breach:

  • Notification to authority within 72 hours (if required)
  • Notification to data subjects (if high risk)
  • Documentation of incidents

12. Right to Lodge a Complaint

Supervisory authority:
National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu

Judicial remedy is also available.

13. Contact

Dr. Rácz Gergely Law Office
Email: ugyved@drraczgergely.hu
Phone: +36 20 369 0897

14. Amendments

The Data Controller reserves the right to amend this Notice.
Changes take effect upon publication on the website.

15. Entry into Force

This Notice enters into force on March 29, 2026 and remains valid for an indefinite period.

Budapest, March 29, 2026
Dr. Rácz Gergely
Attorney-at-law, head of office