Dr. Emese Ladányi (hereinafter referred to as the Data Controller), as the operator of the website available at ladanyiemese.hu (hereinafter referred to as the Website), hereby publishes the following information regarding the processing of personal data in connection with the services available on the website.

By using the Website and its services, any vistor of the Website and any user who makes use of the services provided by the Data Controller (hereinafter referred to as the User) accepts all the terms and conditions set out in this Privacy Policy (hereinafter referred to as the Policy). Therefore, we kindly ask you to read this Policy carefully before using the Website or the services provided through it. If you have any questions, please do not hesitate to contact the Data Controller using any of the available contact details. The text of this Policy is continuously available and accessible in Hungarian at ladanyiemese.hu/adatvedelmi-nyilatkozat, and in printed form at the Data Controller’s registered office.

This Policy is primarily based on the relevant provisions of the following legislation:

-Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.);

-Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Device 95/46/EC (GDPR).

1. Data Controller’s Information

Name: Dr. Emese Ladányi

Registered office: 1051 Budapest, Dorottya u. 1. IV. em.

Tax ID No.: 52992337-1-41

Telephone: +36 30 620 2643

Electronic address: ugyved@ladanyiemese.hu

Website: ladanyiemese.hu

Registration authority: Budapest Bar Association

2. Principles

Personal data may only be processed for purposes that are clearly defined, lawful, and necessary for the exercise of a right or the fulfillment of an obligation. At every stage of data processing, the purpose of the processing must be observed, and the collection and processing of data must be fair and lawful. (“lawfulness, fair trial and transparency”)

Only personal data that is strictly necessary for achieving the purpose of the processing and suitable for that purpose may be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the intended purpose. (“purpose limitation”)

Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. (“data minimisation”)

During data processing, the accuracy and completeness of personal data must be ensured, and-where necessary in light of the purpose of processing-it must be kept up to date. Data subjects must only be identifiable for as long as necessary for the purposes of the data processing. (“accuracy”)

Personal data must be stored in a form which permits identification of data subjects for no longer than it is necessary for the purposes for which the personal data are processed. Data shall be considered personal as long as the connection to the data subject can be restored. Such a connection may be considered restorable if the Data Controller possesses the technical means necessary for re-identification. (“storage limitation”)

The appropriate technical and organisational measures must be implemented during data processing to ensure the adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. (“integrity and confidentiality”)

The Data Controller is responsible for compliance with the above principles and must be able to demonstrate such compliance. (“accountability”)

3. Contact

For personalised offers or information, you may contact the Data Controller through the contact details provided on the Website by voluntarily providing your personal data. Please note that the Data Controller bears no responsibility for the content of any message you share, nor for any personal data contained therein. Therefore, we kindly ask that you only provide information that you explicitly wish the Data Controller to access. The personal data provided-primarily including the data subject’s name, phone number, e-mail address, and the subject of the inquiry-will be stored for a maximum of 30 (thirty) days from the date of receipt, unless there is another specific purpose for the processing. In such a case, the data will be stored until the data subject withdraws their explicit consent. The purpose of processing is to enable communication and maintain contact with the User who expresses interest in the service offered by the Data Controller, and to provide the User with relevant information.

By initiating contact, the User consents to the processing of their personal data by the Data Controller in accordance with this Privacy Policy. The legal basis for processing is the User’s voluntary and informed consent. Users may only provide their own personal data. If a User provides someone else's personal data, it is their responsibility to obtain the data subject’s prior consent.

4. Automatic Data Collection Related to the Website (Cookie Notice)

In order to ensure the most efficient operation of its Website, the Date Controller may use cookies. The legal basis for such data processing is the Data Controller’s legitimate business interest, which includes the ability to further develop and enhance the security of the Website. Cookies are small text files placed in the browser of the user’s computer by websites they visit. Cookies are widely used to make websites function properly or to provide various web services and features. Cookies can be either “persistent” or “session” cookies. A persistent cookie is stored by the browser until a specified expiration date, unless deleted by the user beforehand. A session cookie, on the other hand, is not stored by the browser; it is automatically deleted when the browser is closed. Storage takes place on the user’s device.

If you wish to disable or block cookies, you can do so by adjusting your browser settings. Please note that if cookies are blocked, many features of the Website-or even the entire website-may become unavailable or unusable until cookie usage is re-enabled and the block is lifted.

The purpose for which the Data Controller processes personal data in this context do not require the identification of the data subject (so-called non-identifiable data processing). The Data Controller is not in a position to identify the data subject.

5. Data Processing

The data processor shall process personal data solely in accordance with the instructions of the Data Controller and is not entitled to make any substantive decisions regarding the data processing. The data processor may process the personal data it becomes aware of only in accordance with the Data Controller’s directions, shall not process such data for its own purposes, and must store, retain and keep such data confidential in accordance with the instructions of the Data Controller. The data processor may not engage any additional data processors without the prior written specific or general authorisation of the Data Controller. For the processing of data for various purposes, only trusted partners are engaged. The following contracted data processor is permanently authorised to process personal data:

Data Processor and the registered office: NetMasters Europe Kft.

Electronic contact information: netmaters.hu

Purpose of data processing: Hosting services

6. Technical and Organisational Measures

The Data Controller stores data carriers containing personal data at its registered office. The Data Controller ensures the security of the data in proportion to the associated risks and implements the necessary technical and organisational measures, as well as procedural rules, to enforce the requirements of the GDPR, the Infotv. and other applicable data and confidentiality protection regulations. The Data Controller protects personal data through risk-proportionate measures, particularly against unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction or damage, and data inaccessibility resulting from changes in the technology used. As part of these measures, the Data Controller stores your personal data in password-protected and/or encrypted databases. In accordance with risk-based protection, the Data Controller secures the data using firewalls, antivirus software, encryption mechanisms, content filtering and other technical and procedural solutions. Employees receive regular training to stay informed about current data and information security requirements. No automated decision-making or profiling takes place.

Paper-based documents containing personal data are stored in a lockable, fire-protected and security-monitored area. Manually handled documents containing personal data are archived in compliance with the Data Controller’s document retention obligations. These archives are also located in a secure, fire-protected and access-restricted facility. The Data Controller maintains a record of any data protection incidents. If necessary, it informs the affected data subjects of the incidents and depending on the nature of the incident, notifies the competent data protection authority.

7. Data Subject Rights and Legal Remedies

The User may exercise the rights set out in the sections below by submitting a request to the Data Controller. The contact details of the Data Controller are provided in Section 1 of this Privacy Policy and on the Website. The Data Controller shall respond to the data subject’s request without undue delay, and in any event within one month of receipt of the request. This period may be extended by a further two months where necessary, taking into account the complexity and number of the requests. The Data Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

7.1. Right to Information Regarding the Processing of Personal Data

Upon request, the Data Controller shall provide the data subject with information about the personal data it processes or that is processed by a data processor on its behalf or according to its instructions. This information shall include the source of the data, the purpose, legal basis, and duration of the processing, the name and address of the data processor, and details of its processing activities, the circumstances and effects of any personal data breach and the measures taken to address it. In the case of data transfers, the Data Controller shall also provide information on the legal basis and the recipient of the transfer.

7.2. Right of Access to Personal Data

The data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed. Where such processing is taking place, the data subject shall have the right to access the personal data and the following information:

a) the purposes of the processing;

b) the categories of personal data concerned;

c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing concerning the data subject, or to object to such processing;

f) the right to lodge a complaint with a supervisory authority;

g) where the personal data are not collected from the data subject, any available information as to their source;

h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. The Data Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested, the information shall be provided in a commonly used electronic format.The right to obtain a copy shall not adversely affect the rights and freedoms of others.

7.3. Right to Rectification

The data subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

7.4. Right to Erasure (Right to be Forgotten)

The data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay, and the Data Controller shall be obliged to erase personal data without undue delay where one of the following grounds applies:

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b) the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;

c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

d) the personal data have been unlawfully processed;

e) the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the Data Controller is subject;

f) the personal data have been collected in relation to the offer of information society services.

Where the Data Controller has made the personal data public and is obliged to erase them in accordance with the above, the Data Controller shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other data controllers processing the personal data that the data subject has requested the erasure of any links to, or copies or replications of, those personal data.

The right to erasure shall not apply to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; for the establishment, exercise or defence of legal claims.

7.5. Right to Restriction of Processing

The data subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;

b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or

d) the data subject has objected to processing pending the verification of whether the legitimate grounds of the Data Controller override those of the data subject.

Where processing has been restricted under the above conditions, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

The Data Controller shall inform the data subject who has requested restriction before the restriction of processing is lifted. The Data Controller shall communicate any rectification, erasure or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the data subject about those recipients if requested.

7.6. Right to Data Portability

The data subject shall have the right to receive the personal data concerning them, which they have provided to a Data Controller, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided, where:

a) the processing is based on the data subject’s consent or on a contract; and

b) the processing is carried out by automated means.

In exercising their right to data portability, the data subject shall have the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible. The exercise of the right to data portability shall not adversely affect the right to erasure. This right shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller. The exercise of this right shall not adversely affect the rights and freedoms of others.

7.7. Right to Withdraw Consent

The data subject shall have the right to withdraw their consent to the processing of personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

7.8. Right to Lodge a Complaint with a Supervisory Authority

The data subject may initiate the investigation of the lawfulness of the Data Controller’s actions by the National Authority for Data Protection and Freedom of Information (hereinafter: the “Authority”), if the Data Controller restricts the exercise of the data subject’s rights or rejects their request to enforce these rights. The data subject may request the Authority to conduct a data protection supervisory procedure if they consider that the Data Controller or the data processor acting on its behalf or under its instructions violates the provisions relating to the processing of personal data laid down in the legislation or in the binding legal acts of the European Union.

Name: National Authority for Data Protection and Freedom of Information

Registered office: 1055 Budapest, Falk Miksa utca 9-11.

Mailing address: 1363 Budapest, Pf. 9.

Phone: +36 1 391 1400

Fax: +36 1 391 1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

7.9. Right to Judicial Remedy

The data subject shall have the right to bring proceedings before a court against the Data Controller, or -in relation to data processing operations within the scope of the data processor’s activities - against the data processor, if they consider that the Data Controller or the data processor acting on its behalf or under its instructions processes their personal data in violation of the provisions laid down in legislation or in binding legal acts of the European Union concerning the processing of personal data.

The Data Controller on the data processor shall bear the burden of proof that the data processing complies with the provisions laid down in legislation or in binding legal acts of the European Union concerning the processing of personal data.

The data subject may initiate the proceedings before the court competent according to their place of residence or habitual residence, at their choice. A party to the proceedings may also be a person who otherwise does not have legal capacity in the case. The Authority may intervene in the proceedings in favor of the data subject.

8. Final Provisions

The Data Controller regularly reviews the content of this Privacy Policy and reserves the right to modify it at any time at its discretion and in accordance with the current content of the applicable laws. The Data Controller shall provide detailed information about data processing not listed in this Privacy Policy at the time of data collection and before the commencement of the data processing. Amendments to this Privacy Policy shall take effect simultaneously with their publication on the Website.

Dated: Budapest, March 1, 2025