NOTICE ON DATA PROTECTION - Dr. Tibor Firtkó

I. Data Controller

Company name: Legal Arts Limited Liability Company (Legal Arts Kft.)
Registered office: 1024 Budapest, Káplár utca 11–13., Hungary
E-mail: contact@energyadvisory.hu
Website: www.energyadvisory.hu
Represented by: Dr. Tibor Firtkó, Managing Director

(hereinafter: Data Controller)

The Data Controller provides energy and energy law advisory services.

For any data protection-related inquiries, data subjects may contact the Data Controller at:

E-mail: contact@energyadvisory.hu
Postal address: 1024 Budapest, Káplár utca 11–13., Hungary

The Data Controller is not required to appoint a Data Protection Officer pursuant to Article 37 of the GDPR.

II. Principles of Data Processing

The Data Controller processes personal data:

  • lawfully, fairly and in a transparent manner;

  • for specified, explicit and legitimate purposes;

  • limited to what is necessary for the purposes pursued (data minimisation);

  • for no longer than necessary;

  • with appropriate technical and organisational security measures in place.

III. Categories of Processing Activities

1. Client Relationship and Contractual Advisory Services

Purpose:
Provision of energy and energy law advisory services, contract drafting and review, regulatory and litigation representation, and client communication.

Categories of data processed:
Name, e-mail address, telephone number, position/title, company name, billing data, and factual information relating to the specific case.

Legal basis:
Article 6(1)(b) GDPR – performance of a contract or steps taken prior to entering into a contract;
Article 6(1)(f) GDPR – legitimate interest (establishment, exercise or defence of legal claims).

Retention period:
Five (5) years following termination of the contractual relationship (general civil law limitation period);
Accounting documents: eight (8) years pursuant to applicable accounting legislation.

2. Regulatory and Court Proceedings

Purpose:
Establishment, exercise and defence of legal claims; representation before authorities (e.g. MEKH, GVH) and courts.

Legal basis:
Article 6(1)(c) GDPR – compliance with legal obligations;
Article 6(1)(f) GDPR – legitimate interest;
Where special categories of data are processed: Article 9(2)(f) GDPR.

Retention period:
Five (5) years following the final conclusion of the proceedings, unless a longer statutory retention period applies.

3. Website Operation and Communication

a) Contact form / e-mail inquiries

Purpose:
Responding to inquiries, providing quotations, preparing advisory engagement.

Categories of data processed:
Name, e-mail address, telephone number, message content.

Legal basis:
Article 6(1)(b) GDPR – pre-contractual steps taken at the request of the data subject.

Retention period:
If no contract is concluded: maximum one (1) year.

b) Cookies and Analytics

The website uses technical (session) cookies necessary for operation.

Statistical analytics services such as Google Analytics and Meta Pixel may be used.

Legal basis:
Article 6(1)(a) GDPR – consent.

Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

IV. Data Processors

The Data Controller engages the following data processor:

Hosting provider:
Rackforest Kft.
1132 Budapest, Victor Hugo u. 18–22., Hungary

The processor processes personal data solely on documented instructions from the Data Controller.

An up-to-date list of data processors is available upon request.

V. Data Transfers

Personal data may be transferred to:

  • courts;

  • public authorities (e.g. MEKH, GVH, NAIH);

  • external legal counsel or experts involved in the matter;

  • accountants or tax advisors,

where necessary for the provision of services or compliance with legal obligations.

VI. Transfers to Third Countries

Where website analytics services involve transfers of personal data to third countries (e.g. the United States), such transfers are carried out on the basis of:

  • an adequacy decision of the European Commission; or

  • appropriate safeguards, including Standard Contractual Clauses (SCCs).

VII. Data Security

The Data Controller implements appropriate technical and organisational measures, including:

  • access control systems;

  • logging and periodic review of access rights;

  • encrypted communication (SSL);

  • organisational security policies.

VIII. Rights of Data Subjects

Data subjects have the right to:

  • request access to their personal data;

  • request rectification;

  • request erasure;

  • request restriction of processing;

  • data portability;

  • object to processing based on legitimate interests;

  • withdraw consent at any time.

The Data Controller shall respond to requests without undue delay and at the latest within one (1) month of receipt.

IX. Remedies

Data subjects may lodge a complaint with the Hungarian supervisory authority:

National Authority for Data Protection and Freedom of Information (NAIH)
1055 Budapest, Falk Miksa utca 9–11., Hungary
Website: www.naih.hu

Data subjects also have the right to seek judicial remedy and to claim compensation for material or non-material damage resulting from unlawful data processing.

Final Provisions

The Data Controller reserves the right to amend this Privacy Notice. Amendments shall take effect upon publication on the website.

We also want to store cookies while using the site. Do you allow these?
For more information, read the Privacy Policy.