Data Processing Statement
INFORMATION REGARDING DATA PROCESSING
– in connection with personal data related to legal representation activities and related service provision –
This information provides full disclosure regarding the processing of personal data and includes the Data Processing Information (hereinafter referred to as the “Data Processing Information”).
I. THE DATA CONTROLLER
Abojous Wafa (registered number: 60251927), headquarters: 1072 Budapest, Damjanich Street 18, tax number: 90900277-1-42,
e-mail: twasl.szolg@gmail.com, telephone: +36701550080
II. PURPOSE OF DATA PROCESSING
The purpose of data processing is:
• immigration administration, education, performing training activities, for which the following data is processed: personal data, photos, documents, work experience.
• contact establishment, communication, administration, contract preparation/conclusion, for which data such as contact information are processed: phone number and e-mail address.
• for invoicing and cost accounting purposes, for which the following data are processed: name and address on the invoice, tax number, bank account number (if provided).
III. YOUR RIGHTS
You have the right to request information from the Data Controller regarding the processing of your personal data and to correct or supplement personal data related to you and your child.
Upon request and under certain legal conditions, the Data Controller must delete or restrict the processing of your personal data. You also have the right to object to the processing of your data and, in certain cases, the right to data portability. If the processing is based on your consent, you are entitled to withdraw it at any time.
You can enforce your rights by:
• Sending a postal letter to the address of the Al Safeer Office or by e-mail to twasl.szolg@gmail.com,
• Or by electronic message or phone at +36701550080
You can also contact the Data Controller personally at their headquarters. If you believe your rights have been violated, you can lodge a complaint with the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/C, ugyfelszolgalat@naih.hu, +36-1-3911400, www.naih.hu), or you may also turn to the competent court.
IV. AUTOMATED DECISION MAKING, PROFILING
We inform you that the Data Controller does not make decisions based solely on automated data processing related to you. The available personal data do not form a profile about you.
Data Processing Information
1.1. The Data Controller declares and acts accordingly that, in relation to this document and any educational activity, it complies with all applicable data protection regulations, in particular the currently applicable Info Act and the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”) – complies with the mandatory provisions and ensures that others do so as well; the Client – in connection with its activities – handles the data of natural persons concerned (hereinafter referred to as the “Data Subjects”) confidentially, takes the necessary technical and organizational measures, and develops the procedural rules required for compliance with the GDPR and other applicable data protection and confidentiality regulations.
1.2. The Data Controller primarily processes data on paper, secondarily within the framework of electronic processing, at its physical premises or at the headquarters of the Data Controller. The location of data processing may change, but primarily it is at the premises of the Client and the annexes to this document contain the names and addresses of the data processing locations. The Data Controller processes personal data provided by the Client and/or collected by the Client as well as data related to the performance of the contract in a way that is limited to the necessary extent.
1.3. The Data Controller only processes personal data of the Data Subjects that have been recorded in writing between the Parties with the consent of the Data Subjects. If data is transferred to a third country (outside the European Union, outside the EEA) or to an international organization, such transfer shall only take place if the Data Subject has expressly consented to it or if the transfer is based on an adequate level of data protection, and adequate safeguards as required by the GDPR are provided.
1.4. The Data Controller informs the Client that personal data processed in connection with the assignment concerning clients and third parties are processed by the Data Controller based on the instructions of the Client and only for the purpose of fulfilling the assignment and the contractual instructions, in full compliance with the law applicable to the Data Controller and the Client.
1.5. With regard to the above, the legal basis for the data processing by the Data Controller is Article 6 (1) of the GDPR:
a) “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”
b) “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
c) “processing is necessary for compliance with a legal obligation to which the controller is subject”.
1.6. The Data Controller obtains any personal data relating to the Client either from the Client voluntarily – or with regard to this – based on the Client’s authorization or legal authorization for data transfer, from third parties.
1.7. Duration of data processing: The duration of the assignment.
1.8. The Data Controller informs the Data Subject that no data protection officer has been appointed, taking into account the criteria set out in Article (91) of the GDPR preamble.
1.9. The Client may request further information from the Data Controller regarding the handling of his or her personal data, and may request the correction of personal data or, as specified by law, other actions.
The Client, or any other concerned party, is entitled to access the following information related to the personal data concerning them:
- A copy of the personal data
- The purposes of data processing
- The categories of data
- Data related to automated decision-making and profiling
- Information regarding the source of the data
- Recipients or categories of recipients to whom the data has been or will be disclosed
- Information and guarantees related to data transfer to third countries
- The duration of storage, or the criteria for determining this
- Information about the data subject’s rights
- The right to lodge a complaint
1.10. The Client, or any other concerned party, is entitled to object to the processing of their personal data, especially if:
- The processing or transmission of the data serves only the Data Controller’s legal obligation or legitimate interests, or those of a third party
- The purpose of the data processing or transfer is direct business acquisition, public opinion research, or scientific research
- The data processing is necessary to perform a task in the public interest
If the Client or any other concerned party objects to the processing of their personal data, the Data Controller shall examine the objection within the shortest possible time, but no later than fifteen (15) days, make a decision regarding its justification, and inform the Client or any other concerned party in writing. During the examination, and at the latest within five (5) days from the objection, the Data Controller shall suspend the data processing. If the objection is justified, the Data Controller shall cease processing the data and block them, and notify all recipients to whom the personal data have previously been disclosed of the objection and the measures taken.
If the Client or any other concerned party does not agree with the Data Controller’s decision, or if the Data Controller fails to meet the deadline, the Client or concerned party may take the matter to court within thirty (30) days from the date of the decision or the final deadline.
1.11. In connection with the processing of personal data, the Client or any other concerned party may enforce their rights in court in case of a violation of their rights, or may initiate a procedure before the National Authority for Data Protection and Freedom of Information based on the relevant legal regulations (mailing address: 1534 Budapest, P.O. Box 834; address: 1125 Budapest, Erzsébet Szilágyi Avenue 22/c). The court shall act in the case with priority.
1.12. By signing this document, the Client separately consents to the processing of their personal data as described above; simultaneously, the Client declares that the Data Controller has provided detailed information regarding data processing before obtaining this consent, which the Client acknowledges and understands. The Client gives explicit consent for the Data Controller to process and transfer their personal data to persons or organizations involved in the fulfillment of the assignment, including handling, forwarding, and storing it, as well as to an authorized substitute acting on behalf of the Data Controller during periods of absence. This consent does not extend to sharing the data with unauthorized third parties.