Data Protection Notice

Effective: from 1 October 2022

Németh & Partners Lawyers Association's Privacy Policy (EU) 2016/679 Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR") ("Notice").

1. Introduction, background

The present Notice has been prepared and issued by Németh & Partners Law Firm ("Data Controller") in order to provide data subjects with appropriate information on the processing of their data and their rights in relation to the processing of their data pursuant to Article 13 of the GDPR in relation to the processing of the data detailed below.

The Data Controller shall process the personal data that have come to its knowledge in accordance with the applicable legal provisions, in particular the provisions of the GDPR, Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information ("the Information Act").

2. Name and contact details of the controller and its representative

Data of the Data Controller pursuant to Article 4(7) of the GDPR in relation to the processing in question:

Németh & Partners Lawyers Association

address: Budapest, 1027 Margit krt. 44. I./4.
e-mail address:
website address:;
telephone number: + 36 309212575
name of representative: dr. Zoltán László Németh
contact details: + 36 309212575

3. Name and contact details of the DPO

dr. Tibor Firtkó lawyer
contact address: 1088 Budapest, Krúdy u. 4.
e-mail address:


The Controller processes personal data of data subjects ("Personal Data") in relation to the processing covered by this Notice for the following purposes and on the following legal basis:

Adatkezelési művelet Adatkezelés célja Kezelt adatok köre Jogalap Az adatok forrása
Data processing operation

Purpose of processing

Scope of data processed

Legal basis

Collection and processing of data necessary for the maintenance of the Contact and the performance of the transaction between the Parties

The purpose of the processing of personal data is to provide legal advice to the interested party. In particular, it is necessary to ensure effective communication between the Data Controller and the Partner, to carry out the negotiations related to the transaction, which is an essential part of the provision of legal advice, and any modification thereof.

The Data Controller shall process only the personal data of the data subject which are necessary for the contact and the provision of the legal advice in question and which are provided solely by the data subject, such as, at most, the name, telephone number and e-mail address of the data subject and the most necessary personal data relating to the case (facts) in question.

Legal basis for processing: Article 6(1)(b) of the GDPR, i.e. the performance of a "contract" between the parties or the taking of steps by the Data Controller at the request of the data subject prior to the conclusion of a transaction between the Data Controller and the data subject

Personal Data may only be received from the data subject.


The personal data indicated in point 4 of the Notice will be transferred to lawyers providing legal advice on behalf of the Data Controller, who have the relevant expertise in the given case.


Access to electronically stored data and documents is restricted to the competent and attorneys in charge of the case in order to provide legal advice (access rights system). Access rights are granted in a controlled and logged manner. The access rights granted are reviewed at regular intervals.

The Data Controller has developed detailed internal data security measures based on the relevant standard (ISO 27001) in its ISMS (Information Security Management System) policy.


No data will be transferred outside the European Union/European Economic Area or to an international organisation.

Data Processors:
Data subjects are informed that, at the time of issuing this Notice, the Data Controller does not employ a data processor for the processing of the personal data in question, but the scope of the data processor may change. The current list of data processors will be available on the Controller's website.

The Controller may transfer the personal data concerned to the following third parties: 
• public authorities (e.g. local authorities, police, consumer protection authorities, tax authorities, MEKH, building authorities, etc.)
• courts
• public prosecutors' offices


The Data Controller shall keep the Personal Data for the purpose of the processing pursuant to point 4, but no later than:

In case of processing based on a contract:

• Until the enforcement of claims relating to the Legal Relationship; 
• For the purposes of the Contract: until the claims relating to the Legal Relationship cease to be enforceable. 

For technical reasons, the Controller shall delete the Personal Data within 25 days at the latest after the expiry of the period specified above.


In relation to the processing of Personal Data as set out in this Notice, we grant the data subject the following rights:

• Right of access;
• Right to access to the personal data;
• Right to access and rectification;
• Right to access, rectify, rectify or delete personal data;
• Right to access, rectify, obtain information, have access to the Personal Data; Right to rectification; Right to restriction of processing;
• Right to data portability;

Some of the rights of data subjects are set out below:

Right of access and information

Access to and right of access and rectification of personal data. If so, the Data Controller shall, in addition to providing access, inform the data subject of the categories of data processed, the purposes of the processing, the recipients or categories of recipients of the processing, the duration of the storage of the data or the criteria for determining the duration, the exercise of the rights of the data subject, the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH), the source of the data and the fact of automated decision-making, including profiling. In the event of a transfer of data outside the European Union or the European Economic Area, the data subject will also be informed of the appropriate safeguards provided in relation to the transfer.

Right to rectification

The data subject shall have the right to obtain from the Controller the rectification of his or her data in the event of inaccuracy.

Where the correction of Personal Data processed by the Data Controller is necessary, the data subject may request the correction of the data in writing (by post or e-mail), indicating the correct data.

The data subject shall notify the Data Controller in writing (by post or e-mail) of any change in any Personal Data processed by the Data Controller without undue delay, but no later than 5 days after the change. The defaulting data subject shall be liable for any damage suffered by the Controller as a result of the failure to give or delay in giving such notification.

Right to erasure

The data subject shall have the right to obtain from the Controller, upon his or her request, the erasure of personal data relating to him or her without undue delay and the Controller shall be obliged to erase personal data relating to him or her without undue delay in the following cases:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
In the event that the Controller has disclosed the Personal Data, i.e. transferred them to third parties, the Controller shall, in the event of the exercise of the data subject's right to erasure, take reasonable steps to inform the other controllers to whom the Personal Data have been transferred that the data subject has requested them to delete the links to or copies or replicas of the Personal Data in question.

Right to restriction of processing

The data subject shall have the right to obtain from the controller, at his or her request, the restriction of processing where

- the data subject contests the accuracy of the personal data;

- the processing is unlawful;

- the controllers no longer need the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims;

- the data subject has objected to the processing.

Right to data portability

The data subject shall have the right to receive personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance by the Controller, if:

the processing is based on consent; and
the processing is carried out by automated means.

In exercising the rights listed above, the data subject shall have the right to contact the Controller at the following address

Németh & Partners Lawyers Association (postal address: 1027 Budapest, Margit krt. 44, I. floor 4, 1027 Budapest), or at the following email address:
The Data Controller shall provide information on the measures taken in response to the request in writing and in an intelligible form without undue delay, but not later than 1 month from the date of the request.


Data subjects may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH), whose contact details are as follows:

- Postal address: 1530 Budapest, PO Box 5.

- Address: 1125 Budapest Szilágyi Erzsébet fasor 22/c.

- telephone number: +36 1 391 1400

- fax: +36 1 391 1410

- e-mail address:

- website:

Please also note that, in addition to and without prejudice to the above, you have the right to take legal action against the Company for the processing of your Data in breach of the GDPR and, if you have suffered material or non-material damage as a result of a breach of the GDPR by the Company, to claim damages from the Company.

Németh & Partners Lawyers Association

Lawyers' Associations

About Us
Areas of expertise