Privacy Policy

1 Purpose of the Privacy Policy

LACH (1215 Budapest XXI, Ady Endre út 29 fsz. 2; hereinafter: Service Provider, Data Controller), as data controller, recognizes the contents of this legal notice as binding. It undertakes to ensure that all data processing related to its activities meets the requirements set out in this policy, applicable national legislation, and the legal acts of the European Union.

The privacy guidelines concerning the data processing activities of LACH are continuously available at www.lach.hu/adatvedelem address.

LACH reserves the right to change this notice at any time. Naturally, it will notify its audience of any potential changes in due time.

Should you have any questions regarding this notice, please write to us, and our colleague will answer your inquiry.

LACH is committed to protecting the personal data of its clients and partners, considering the respect for its clients' right to informational self-determination to be of paramount importance. LACH treats personal data confidentially and takes all security, technical, and organizational measures necessary to guarantee the security of the data.

LACH describes its data processing practices below.

2 Data of the Data Controller

If you wish to contact our Company, you may reach the data controller at the lachbalint@gmail.com contact address.

LACH will delete all incoming emails to www.lach.hu, including personal data, no later than 1 year from the date of data disclosure.

Name: LACH

Registered Office: 1215 Budapest, Ady Endre út 29 fsz. 2.

Tax identification number:

Phone number:

E-mail: lachbalint@gmail.com

2.1 Data Protection Officer

Name: Bálint Lach

Phone number:

E-mail: lachbalint@gmail.com

3 Scope of Processed Personal Data

3.1 Personal data to be provided during registration

At the time of issuing this notice, the primary function of the Website is to present a professional portfolio; therefore, direct registration is currently not available. However, the Data Controller reserves the right to make registration-required functions or restricted content available in the future.

In the event that a registration interface is developed on the Website, providing the following personal data may become necessary:

Last name and First name: Required for user identification and personalized communication (Mandatory).

Email address: Required for providing access to the user account, password reminders, and sending system messages (Mandatory).

Password: For the secure protection of the user account and the data stored therein (Mandatory, stored in encrypted form).

Registration date and time, and IP address: Automatically recorded by the system to prevent technical abuses and to ensure the verifiability of consent.

The Data Controller guarantees that it only requests data that are technically essential for providing the service. During registration, the data subject must accept this Privacy Policy via an explicit statement.

3.2 Technical Data

In the course of providing its services, LACH selects and operates the IT tools used for processing personal data in such a way that the processed data:

is accessible to those authorized to access it (availability);
its authenticity and verification are ensured (authenticity of data processing);
its integrity can be verified (data integrity);
is protected against unauthorized access (data confidentiality).

LACH protects the data through appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental loss.

LACH ensures the protection of data processing security through technical, organizational, and structural measures that provide a level of protection appropriate to the risks associated with the data processing.

During the processing of data, LACH preserves

confidentiality: it protects the information so that only those authorized to do so can access it;
integrity: it protects the accuracy and completeness of the information and the method of processing it.
availability: ensures that when an authorized user needs it, they can truly access the desired information and the related tools are available.

3.3 Cookies

3.3.1 The purpose of cookies

they collect information about visitors and their devices;
they remember the visitors’ individual settings, which can be used, for example, during online transactions, so they don’t have to be typed in again;
they make the use of the website easier;
they provide a quality user experience.

For personalized service, a small data package called a cookie is placed on the user’s computer and read back during later visits. If the browser returns a previously saved cookie, the service provider handling the cookie can link the user’s current visit to earlier ones, but only with regard to its own content.

3.3.2 Strictly necessary, session cookies

The purpose of these cookies is to allow visitors to browse the www.lach.hu website fully and smoothly, use its functions, and access the services available there. The validity of this type of cookie lasts until the end of the session (browsing); when the browser is closed, this type of cookie is automatically deleted from the computer or any other device used for browsing.

3.3.3 Third‑party cookies (analytics)

The www.lach.hu website also uses third‑party cookies such as Google Analytics. By using the Google Analytics statistical service, www.lach.hu collects information regarding how visitors use the website. The data is used for the purpose of developing the site and improving the user experience. These cookies also remain on the visitor’s computer or other browsing device in their browser until they expire, or until the visitor deletes them.

3.4 Data related to online orders

There is currently no direct online ordering option on the Website. If such a feature is introduced in the future, the following data will be requested during the ordering process:

Surname and first name: Required for identifying the customer and for billing purposes. (Mandatory field)
Billing address (City, street, house number, postal code): Required for issuing an invoice in accordance with accounting regulations. (Mandatory field)
Shipping address (if different from the billing address): Essential for fulfilling delivery when a physical product (e.g., a book) is being shipped. (Mandatory field when delivery is requested)
Email address: Required for order confirmation and communication. (Mandatory field)
Phone number: Needed to coordinate delivery accurately. (Optional field)

3.5 Data related to online administration

Online administration takes place via the email address provided on the Website (for contacting us) or through a customer service interface to be developed in the future. During the administration process, the following data will be requested:

Full name: Required for identifying the client and providing a professional response. (Mandatory field)
Email address: Essential for sending the response message and maintaining ongoing communication. (Mandatory field)
Subject of the message: Required for categorizing the type of administration (e.g., portfolio‑related inquiry, professional request). (Mandatory field)
Message text: Required for understanding the content of the inquiry and for carrying out substantive administration. (Mandatory field)

3.6 Data related to the newsletter

If a visitor to the Website wishes to receive updates about LACH’s news or professional work, they may subscribe to the newsletter.

The scope of the processed data:

Name: Required for the personalized addressing of newsletters.
Email address: Essential for the technical delivery of the newsletter.

Method of subscription: Subscription is based on voluntary consent, provided either by completing the form available on the Website or by sending an email to the Data Controller expressing the intention to subscribe. At the time of subscription, the data subject must explicitly accept the privacy notice.

Possibility of unsubscribing and ensuring “opt‑out”: The Data Controller ensures that visitors may unsubscribe from the newsletter at any time, without justification and free of charge.

Automatic unsubscription: Each newsletter sent includes a direct unsubscribe link (“Leiratkozás” or “Unsubscribe”) in the footer, and clicking it immediately removes the user from the mailing list.
Unsubscription via email: The data subject may also indicate their request for deletion by contacting the email address lachbalint@gmail.com.

Following unsubscription (opt‑out), the Data Controller will immediately delete the data subject’s name and email address from the newsletter database.

4 Planned use and retention period of the processed data

Name of data processing	Use of the data	Legal basis	Retention period
Contact (email)	Professional consultation and responding to inquiries.	The data subject’s voluntary consent.	Until the case is closed, but no longer than 1 year.
Technical logging (IP address)	Protection of the IT system and troubleshooting.	The Data Controller’s legitimate interest.	30–90 days.
Newsletter distribution	Sending professional updates and portfolio news.	The data subject’s voluntary consent.	Until unsubscribed.
Registration	Providing personalized services.	The data subject’s voluntary consent.	Until the user account is deleted.
Billing data	Fulfilment of a legal obligation in the case of an order.	Statutory requirement (Accounting Act).	8 years.

5. Purpose, Method, and Legal Basis of Data Processing

5.1 General Data Processing Principles

The data processing activities of LACH are based on voluntary consent or statutory authorization. In the case of data processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing.

In certain cases, the processing, storage, and transmission of certain categories of the provided data are required by law, about which we inform our clients separately.

We draw the attention of those providing data to LACH that if they supply personal data other than their own, it is the data provider’s responsibility to obtain the data subject’s consent.

Its data processing principles are in accordance with the applicable data protection legislation, in particular the following:

Act CXII of 2011 – on the Right of Informational Self‑Determination and Freedom of Information (Infotv.);
Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
Act V of 2013 – on the Civil Code (Ptk.);
Act C of 2000 – on Accounting (Számv. tv.)
Act LIII of 2017 – on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.);
Act CCXXXVII of 2013 – on Credit Institutions and Financial Enterprises (Hpt.).

6 Physical Storage Locations of the Data

Your personal data (that is, any information that can be linked to you) may come into our possession in the following ways: on the one hand, in connection with maintaining the internet connection, technical data related to the computer, browser, IP address, and visited pages you use are automatically generated in our computer system; on the other hand, you may also provide your name, contact details, or other information if you wish to establish personal contact with us while using the website.

The data technically recorded during the operation of the system are those details of the data subject’s logging‑in computer that are generated during the voting process and are recorded by the www.lach.hu system as an automatic result of technical processes. The system logs these automatically recorded data upon entry and exit without any separate declaration or action by the data subject. These data cannot be linked with other personal user data, except in cases required by law. Access to the data is restricted exclusively to www.lach.hu.

7. Data Transfer, Data Processing, and the Scope of Persons with Access to the Data

The Data Controller transfers personal data to third parties only in exceptional cases, for the purpose of fulfilling a legal obligation, or to the Data Processors named below in order to maintain technical services.

7.1. Designated Data Processors

Hosting provider (IT infrastructure and e‑mail services):

Sybell Informatika Ltd.
Registered office: 1138 Budapest, Tomori Street 34., 2nd floor
Cégismertető: A társaság biztosítja a lach.hu weboldal fizikai tárolási helyét (szerver), az informatikai infrastruktúrát és az e-mail fiókok technikai hátterét.

Google Ireland Ltd. (Web analytics)
Registered office: Gordon House, Barrow Street, Dublin 4, Ireland.
Company profile: Through the Google Analytics service, the company collects statistical data about website traffic in an anonymized manner.

7.2. Scope of Persons with Access to the Data

A személyes adatokhoz kizárólag az alábbi kör férhet hozzá:

Bálint Lach (as Data Controller and Data Protection Officer).

The designated technical staff of the above‑named Data Processors, solely to the extent necessary for performing their duties (server operation, troubleshooting).

8. Rights of the Data Subjects and Enforcement Options

The data subject may request information about the processing of their personal data and may request the rectification of their personal data or – with the exception of mandatory data processing – its deletion or withdrawal. They may also exercise their right to data portability and their right to object in the manner indicated at the time of data collection or via the contact details of the Data Controller provided above.

8.1. Right to Information

LACH takes appropriate measures to ensure that all information relating to the processing of personal data referred to in Articles 13 and 14 of the GDPR, as well as each notification required under Articles 15–22 and 34, is provided to data subjects in a concise, transparent, intelligible, and easily accessible form, expressed clearly and in plain language.

8.2. Right of Access by the Data Subject

The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them are being processed, and, where such processing is taking place, they have the right to obtain access to the personal data and to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, including in particular any recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the right to request rectification or erasure of personal data or restriction of processing, as well as the right to object to such processing; the right to lodge a complaint with a supervisory authority; information on the source of the data, where the personal data were not collected from the data subject; the existence of automated decision‑making, including profiling, and, at least in such cases, meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject. The controller shall provide the requested information within one month of receiving the request.

8.3. Right to Rectification

The data subject may request the rectification of inaccurate personal data concerning them processed by LACH, as well as the completion of incomplete data.

8.4. Right to Erasure

The data subject shall have the right to obtain from LACH the erasure of personal data concerning them without undue delay where one of the following grounds applies:

the personal data are no longer needed for the purposes for which they were collected or otherwise processed;
the data subject withdraws the consent on which the processing is based, and there is no other legal ground for the processing;
the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been processed unlawfully;
the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
the personal data were collected in connection with the offering of information society services.

Erasure cannot be requested where the processing of personal data is necessary for the exercise of the right to freedom of expression and information; for compliance with a legal obligation requiring the processing of personal data under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health, or for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes; or for the establishment, exercise, or defence of legal claims.

8.5. Right to Restriction of Processing

The controller shall restrict processing at the request of the data subject where one of the following conditions applies:

the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead;
the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defence of legal claims; or
the data subject has objected to the processing; in this case, the restriction shall apply for the period during which it is verified whether the controller’s legitimate grounds override those of the data subject.

If the processing is subject to restriction, the personal data may—apart from storage—be processed only with the data subject’s consent, or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

8.6. Right to Data Portability

The data subject has the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used, machine‑readable format, and has the right to transmit those data to another controller.

8.7. Right to Object

he data subject has the right, on grounds relating to their particular situation, to object at any time to the processing of personal data concerning them where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defence of legal claims.

8.8. Automated Decision-Making in Individual Cases, Including Profiling

The data subject has the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or similarly significantly affects them.

8.9. Right to Withdraw Consent

The data subject has the right to withdraw their consent at any time.

8.10. Right to Lodge a Complaint with a Supervisory Authority or Seek Judicial Remedy

The data subject may bring the matter before a court if their rights have been infringed in connection with the processing of their personal data. The court shall proceed with the case without undue delay.

8.11. Data Protection Authority Procedure

A complaint may be lodged with the National Authority for Data Protection and Freedom of Information. Name: National Authority for Data Protection and Freedom of Information

Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C Postal address: 1530 Budapest, P.O. Box 5

Telephone: +36 1 391 1400

Fax: +36 1 391 1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

9. Other Provisions

We provide information about any data processing activities not listed in this notice at the time the data is collected.

The controller may be contacted by courts, prosecutors, investigative authorities, administrative offence authorities, administrative bodies, the National Authority for Data Protection and Freedom of Information, the Central Bank of Hungary, or other bodies authorised by law for the purpose of providing information, disclosing or transferring data, or making documents available.

LACH shall disclose personal data to authorities only to the extent and in the manner strictly necessary for the fulfilment of the purpose specified in the authority’s request, provided that the authority has indicated the precise purpose and the scope of the requested data.