Privacy notice and Cookie policy

We are a cohesive and collaborative alliance of strong independent law firms in the Czech Republic, Hungary, Romania, and Slovakia. With a long-standing history founded on mutual values, friendship, and trust, we united in 2020 with a shared vision to provide comprehensive, tailored legal solutions to clients across the CEE region.

1. NAME OF DATA CONTROLLER

The publisher of this privacy statement and the data controller of the Website is:

Erdős Gábor és Bokor Luca Ügyvédi Iroda

  • Registered seat: 1054 Budapest, Szabadság tér 7.
  • Tax number: 18126941-2-41
  • E-mail address: https://erdospartners.com/
  • Website: office@erdospartners.com

(hereinafter the “Data Controller”)

2. NAME OF DATA PROCESSOR

Data Processor: a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller; (Regulation (EU) 2016/679 of the European Parliament and of the Council, Article 4 (8))

IT Service Providers of the Data Controller:

For the maintenance and management of the Website, the data processor provides IT services (primarily webhosting) to the Data Controller, therefore requiring access to personal data available on our Website during the existence of the contract with it.

Data processor (hosting provider):

Name: Inclust Systems Kft.
Seat: 1054, Budapest, Honvéd utca 8. 1. em. 2. ajtó
Webpage: https://inclust.com/
E-mail: support@inclust.com

Service providers of the Data Controller:

After the visitor contacts the Data Controller, the Data Controller (depending on relevance based on the initial information provided by the visitor) may contact the below-listed legal entities providing legal and/or tax advisory services to the Data Controller, to provide them with personal data shared by the visitor of the Website, in order to enable the visitor or the service provider to contact one another and/or conduct business together.

Name of service provider data processors:

Name: BIRIȘ GORAN SPARL
Seat: 47 Aviatorilor Boulevard, RO-011853, Bucharest, Romania
Webpage: https://birisgoran.ro/
E-mail: office@birisgoran.ro

Name: BIRIȘ GORAN TAX CONSULTING S.R.L.
Seat: 47 Aviatorilor Boulevard, RO-011853, Bucharest, Romania
Webpage: https://birisgoran.ro/
E-mail: office@birisgoran.ro

Name: BIRIȘ GORAN INSOLVENTA S.P.R.L.
Seat: 47 Aviatorilor Boulevard, RO-011853, Bucharest, Romania
Webpage: https://birisgoran.ro/
E-mail: office@birisgoran.ro

Name: HKV Law Firm s.r.o.
Seat: Poštová 6, 811 06 Bratislava (Slovakia)
Webpage: https://www.hkv.sk/en/
E-mail: office@hkv.sk

Name: ROWAN LEGAL, law firm, s.r.o.
Seat: a Pankráci 1683/127, Nusle, 140 00 Prague 4 (Czech Republic)
Webpage: https://rowan.legal/en/
E-mail: praha@rowan.legal

(hereinafter jointly the “Service Providers”)

3. LAWFULNESS OF PROCESSING

  1. Data processing based on the data subject’s consent

It is considered a statement of consent if the visitor sends a message to the Data Controller via the Website’s built-in contact form, and if the visitor signifies agreement to the processing of personal data relating to him or her, by clicking on a related pop-up window on the Data Controller’s Website or on any document provided to him or her, also making any technical adjustments related to information society services. This also applies to any other statement or action, which signifies clearly the consent of the data subject to the purposed processing of his or her personal data.

In consent-based data collecting, the data controller may process the collected data without any further consent of the data subject, and also after the withdrawal of consent, if the processing is necessary for the performance of legal obligations.

  1. Data processing based on legitimate interests

Processing shall be lawful if processing is necessary for the purposes of the legitimate interests pursued by the Law Firm or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Processing personal data for direct marketing purposes and for communication with data subject is considered to be legitimate interest.

Legitimate interest tests have been performed related to data processing based on legitimate interests, which are part of the appendix of this privacy notice. These are available upon request by the data subjects.

  1. Data processing based on contractual interests

Data processing may also be based on a contractual interest if it is necessary for the performance of a contract to which the data subject is a party or if it is requested by the data subject in order to prepare the contract.

  1. Data processing based on performing legal obligations

The processing of personal data for compliance with a legal obligation is based on the regulation, regardless of the consent of the data subject.

  1. Data processing for other purposes

Where the controller intends to further process the personal data for a purpose other than for which the personal data was collected, the controller shall provide the data subject prior to such further processing with information on such other purpose. If it is necessary, the Data Controller requires the consent of the data subject regarding the new purpose.

4. INFORMATION ABOUT DATA PROCESSING BY THE DATA CONTROLLER

A. Processed personal data:

The following personal data are processed regarding the visitors of the Website:

  • To establish the technical connection to the Website and to ensure its security or for debugging purposes we process technical website connection information for https / IP/TCP connections, such as: IP addresses; HTTP header fields; and the requested content or submitted request.
  • To prepare aggregated statistics reports of visitors’ activity, we collect the following information via cookies (only where the visitor consented to such processing): IP address (anonymized); location: country, region, city, approximate latitude and longitude (geolocation); date and time of the request (visit to the website); title of the page being viewed (page title); URL of the page being viewed (page URL) and URL of the page that was viewed prior to the current page (referrer URL); screen resolution of visitor’s device; time in local visitor’s time-zone; files that were clicked and downloaded (Download); links to an outside domain that were clicked (outlink); main language of the browser being used (accept-language header); browser version, browser plugins (PDF, Flash, Java, …) operating system version, device identifier (user-agent header);
  • To connect the visitor to the Service Providers, we collect the following information via the Website’s built-in message platform: the visitor’s name, email address and telephone number, and any other information provided to us by the visitor.

B. Cookie policy on the Website of the Data Controller

Cookies are text files with small pieces of data, that are stored in the user’s computer or phone until their expiration date, and if a user returns to that site in the future, the web browser returns that data to the web server. Their purpose is to store data regarding visiting the Website, and personal adjustments, but these are not personal data of the user. Cookies help to create a user friendly Website and to improve the user’s experience. If the user does not agree to use cookies, the use of the Website will be intermitted.

We use cookies that do not require the visitor’s consent that are strictly necessary for the operation of the site and to support the session, to identify individual user sessions and to facilitate a more convenient use of our website.

We also use cookies that require the visitor’s consent such as third-party cookies, tracking cookies and social plug-in cookies; for more information, please see the table below.

The website uses the cookies that perform four functions, as classified below:

  1. Essential/strictly necessary cookies, which are essential to the functioning of the Website.
  2. Performance cookies, which helps us improve the Website’s user experience. In using performance cookies, we do not store any personal data, and only use the information collected through these cookies in aggregated and anonymized form;
  3. Functionality cookies, which allows us to enhance the visitor’s user experience (for example by remembering any settings you may have selected); and
  4. Marketing/targeting cookies, which we use to track the visitor’s user activity and sessions so that we can deliver a more personalized service.

 

Cookie provider Name of cookie Purpose of cookie Duration of cookie
Google _ga Collect statistical information for Google Analytics service and report Website usage statistics, without personally identifying individual visitors 2 years
Google _gac_ Measuring the visitor’s user activity and the performance of ad campaigns conducted by the Data Controller in relation to the Website 90 days

Some of the cookies we use are temporary and disappear when you close your browser, while some are functionality cookies that are stored on your device for up to 1 year (365/366 days) so that if you visit our website regularly, your browser will remember your previous settings and you will not need to accept our cookie notice each time you visit or regularly adjust your filtering preferences to suit your needs. Marketing and targeting cookies are stored until the date listed in the above table.

Purpose of personal data processing: improvement in user’s internet experience, storage of personal adjustments.

Legal basis of data processing: the data subject’s freely given consent.

Categories of processed personal data: the data controller stores every analytical information without name or any other personal data.

Period for which the personal data are stored: The data subject can delete the cookies anytime on his or her device

5. INFORMATION ABOUT THE RIGHTS OF DATA SUBJECT

You can find further information about the rights of the data subject in General Data Protection Regulation (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679)

  • Information and access to personal data (Article 13 and 14)
  • Right of access by the data subject (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (‘right to be forgotten’ – Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to not be subject to automated individual decision-making, including profiling (Article 22),
  • Right for remedies (Article 77-82).

Right to lodge a complaint with a supervisory authority:

Every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes General Data Protection Regulation.

You can find further information about remedies under Article 77.

Contact of the supervisory authority:

The National Authority for Data Protection and Freedom of Information

  • Registered seat: 1055 Budapest, Falk Miksa utca 9-11.
  • Postal address: 1363 Budapest, Pf.: 9.
  • Phone number: +36 (1) 391-1400
  • E-mail address: ugyfelszolgalat@naih.hu

6. MISCELLANEOUS

The Data Controller reserves the right to change this privacy notice, and in the case of any change in applicable regulation, to amend it. In case this privacy notice is amended the date written in the last section („Last updated:”) of this notice will be modified.

The Data Controller does not transfer personal data outside the European Union.

The Website is not intended for use by individuals under the age of sixteen (16) years (“Minor”).  The Data Controller does not knowingly collect, transfer, or disclose, personal data of Minors. If the visitor of the Website is a Minor, the Data Controller requests the Minor to not provide any personal data, even if this is prompted by the Website. In case a Minor visits the Website and believes that he or she inadvertently provided personal data, the Data Controller requests the Minor to inform his or her parent(s) or legal guardian(s) in order for them to request the Data Controller to delete the provided personal data.

The Data Controller as a law firm is subject to strict secrecy obligations, therefore, in the case of exercising the right to data portability the Data Controller can only transmit personal data classified as attorney-client privilege as per the rules of Act LXXVIII of 2017 on Attorney Activities, if the Data Controller has been exempted from our confidentiality obligation in advance and to the extent necessary for the data transfer by the data subject as the person entitled to grant exemption from such obligation.

Automated decision-making, profiling:

No automated individual decision-making or profiling is performed in the course of the data processing of the Data Controller concerning the data subjects.

Dated: Budapest, November 13th, 2024