CLV Partners

News

CLVPartners Csabai & Papp Law Firm’s ESG Commitments for 2024

CLVPartners Csabai and Papp Law Firm is actively seeking opportunities to integrate sustainability considerations into decision-making processes and day-to-day business. At the same time, we recognize the importance of working in a safe, ethical, and sustainable manner. Our ESG commitments for 2024 are as follows.

  1. We are dedicated to fostering an inclusive and diverse workplace, promoting equal opportunities and fair treatment for all employees irrespective of gender, race, ethnicity, or background.
  2. We strive to minimize our carbon footprint, adopting sustainable practices in our operation, by digitalizing most of our processes and we encourage our clients and partners to act in the same manner. Also, our employees are encouraged to adopt sustainable behaviors, and we offer flexible working arrangements to reduce commuting emissions.
  3. We are committed to ensuring work-life balance for our employees, continuing to provide education and training opportunities for them and organizing social events beyond work.
  4. Integrity, transparency, and compliance form the foundation of our governance practices. We conduct business ethically and transparently. Our corporate values guide our interactions with stakeholders and our partners.

As of 1 January 2024, the rules of Act V of 2006 on company registration, court proceedings and winding-up (Ctv.) will be amended and new provisions will be introduced.

We describe below the most important changes.

1. Changes to the company registration procedure

As of 1 March 2024, the Court of Registry will provide the Articles of Association attached to the application with an electronic signature and electronic time stamp and will ensure that the Articles of Association is accessible through the registry. The searchability and quick access of the company documents is made possible by displaying a link in the company details section of the Articles of Association. This service will be available for applications registered on and after 1 March 2024 for the articles of association of incorporation (changes), i.e. in a staggered manner.

In the case of applications for company registration and registration of changes submitted on and after 1 January 2024 the procedure will be simplified, legal representatives will not be required to provide each document with a qualified electronic signature and a qualified time stamp but will only need to sign the application itself in this way.

2. Change in the details of a pledge on a quota of an Ltd.

As of 1 January 2024, in the case of a limited liability company, the registry will not only contain the fact of the pledgee, but also the amount of the claim secured by the pledge or the amount up to which the pledgee may seek satisfaction and, if stipulated, the prohibition of alienation and encumbrance or prohibition of alienation of the quota.

A novelty is that data on the secured pledge created by pledging a quota is also included in the business register. The quota pledge is registered or cancelled on the basis of a request for change registration by the member (pledgor) or the pledgee.

The Court of Registry only examines the contract of pledge whether the details of the company and its member in the contract of pledge match the details in the registry and whether the details requested for registration match the contents of the contract of pledge.

In the case of a quota pledge already registered before 1 January 2024, the new data must be requested in the next amendment to other data of the registry, submitted by 31 December 2024 at the latest, without payment of fees and publication costs. After the deadline, the submission has the general fee and publication costs.

3. Changes related to the new legal instrument of detachment

Prior to the amendment, a legal person could be divided into several legal entities by way of complete division or partial division under the Civil Code. In complete division, the legal person shall terminate and its assets shall pass to two or more legal persons created by the division as legal successors. In partial division, the legal person shall continue to operate and a part of its assets shall pass to another legal person created by the division as a legal successor

With the amendment, a new legal institution, detachment has been introduced as a sub-case of partial division. In the case of a detachment, the separating legal person survives and creates the successor legal person with part of its assets by becoming its sole member.

4. Data transfer

The data received (updated) through the Business Registers Interconnection System (BRIS) must be entered in the Hungarian registry by the Court of Registry. However, the data content received may not fully correspond to the data content required by the company register. According to the law effective as of 1 March 2024, the court will enter the information received via BRIS in the registry and, if it finds that not all the data required by the relevant act are included in the registry, it will simultaneously call on the company to report the missing data within 60 days.

From 1 January 2024, certain labor legislation was amended and new provisions will be introduced.

The most important changes are described below.

1. Legislative changes in the field of labor law

1.1    Introduction of the employment certificate

The employer shall issue a certificate of employment upon termination of employment, except in the case of occasional work relationship. The amendment ensures that employees do not receive several different documents when their employment relationship is terminated, but only one single document containing all the necessary information, either in electronic form or on paper.

The certificate of employment will be issued in electronic form, the content of which will be laid down in a decree by the Minister responsible for employment policy. The employment certificate will be made available on paper at the request of the employee.

The employer issues the certificate of employment to the employee within five working days of the last day of work in the case of termination, or within five working days of the termination of employment in other cases.

The content of the certificate of employment is supplemented

1.2   Retention obligation

An important new rule is that from January, not only employment documents containing information on earnings and income related to the insured or former insured person’s insurance status, but also all such data and employment certificates must be kept for five years after the insured or former insured person reaches the retirement age.

However, the obligation for employers to keep records will be phased out from 1 January 2025, so that the obligation will only apply to records generated up to 31 December 2024. In future, the data needed to establish the pension benefits will be contained in the public registers.

1.3   Allocation of vacation time

According to the Labour Code, the employer shall grant the additional child leave at the time requested by the employee too. The employee must notify the employer of his/her request for such leave and regarding the parental leave at least fifteen days before the start of the leave.

1.4   Rules on working in front of a screen

Employers are still obliged to ensure that continuous screen time is interrupted by breaks of at least ten minutes per hour, but the amendment removes the limit of 6 hours of screen time per day and the 75% limit on daily working time.

1.5   Suitability for the job

As of 1 September 2024, there will be no general obligation for workers to undergo an occupational health examination. Legislation may specify the types of work for which the employee’s suitability shall be examined before taking up work and on a regular basis during the life of the employment relationship, and employers may also order it.

The mandatory cases will be defined by ministerial decree.

2. Legislative changes in the field of labour safety

2.1    Rules on professional qualifications

As a result of the changes the relevant act, it is now possible to perform certain occupational health tasks defined in the legislation with a professional, but non-medical qualification.

2.2   Occupational safety education

The employer must provide the employee with health and safety training when starting work, when the workplace or job changes and when the requirements for safe and healthy working conditions change.

As of 1 February 2024, the legislation allows employers to provide the training for activities, jobs and positions defined in the decree of the Minister responsible for employment policy by providing the employee with the general training topics.

The handover can also be done by publishing the educational content on an internal electronic network accessible to the employee.

2.3    Rules on accidents at work

The employer must also investigate the circumstances of the accident at work that does not result in disability for work and must determine the method and documentation. There is a new protocol template to be fulfilled in those cases.

2.4   Workplace EHS representative

The novelty is that the legislation sets a deadline for the election of the labour representative. If the employer is obliged to elect an EHS representative, the election must be held within six months of the date on which the obligation arises. In an employer where there is an elected EHS representative, the election thereof must be held within three months after the expiry of the mandate of the safety representative.

Data Protection Officers are under the spotlight in the European Data Protection Board’s latest coordinated enforcement action

Since 25 May 2018, there is hardly a company that has not had to deal with a Data Protection Officer, or DPO. It has been 5 years since the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC („General Data Protection Regulation”; hereinafter: “GDPR“) came into force, but this does not and cannot mean that “the machine is running, the creator rests.” In view of the continuous development of case law, a review of the regulations may be necessary from time to time.

In 2023, the European Data Protection Board (“EDPB“) decided to conduct a coordinated enforcement action focusing specifically on the designation and operation of DPOs. The coordinated action involves 26 European data protection authorities.

The Data Protection Officer is responsible for protecting the rights and freedoms of data subjects and ensuring compliance with data protection rules. Impartiality and independence are among the requirements for DPOs that most often come to the attention of the authorities. Impartiality and objectivity ensure that the officer is able to closely monitor data management processes, effectively manage data breaches and advise the organisation on compliance with the GDPR and other relevant data protection rules. Impartiality guarantees that the DPO represents data protection issues of all interested parties, be it the employees, contractors, or the management of the organisation. The DPO shall be an expert who has no interest in the organisation or its data processing activities. Conflict of interest also means that the appointed data protection professional must not be in a position or engage in an activity that could jeopardise objective and independent decision-making.

A number of decisions on DPOs have been taken by national authorities in previous years, with the following conclusions:

  • The DPO must not only be registered with the competent authority of the mother company, but the organisation must also notify other relevant authorities if the organisation has other branches and the DPO can operate there too.
  • It is not possible to hire an external company as an outsourced DPO and at the same time also appoint a third party as DPO.
  • If the DPO is in charge of compliance, audit and risk management, the independence or impartiality of the role may be compromised.
  • The DPOs are not allowed to engage in a role as the controller’s representative before the data protection authority, as this could jeopardize the impartiality or independence of the DPO.
  • The DPO can be withdrawn if the DPO no longer has the appropriate professional skills or fails to comply with data protection regulations.
  • The DPO cannot be ordered, and therefore it is a breach of the GDRP if the DPO cannot act on his or her own, but only on the instructions of the head of the company (or any other person with the right to make decisions in the company).

A control plan may formalise the DPO’s procedure, but a direct instruction does not comply with the GDPR.

  • It is also a breach of the GDPR to have several hierarchical levels between the DPO and the senior management of the organisation because this way the DPO is no longer directly accountable to the management.
  • It is not an appropriate solution if the DPO is appointed, but the DPO also performs compliance functions in the company, thus compromising independence and impartiality. The authority in the case confirmed that the DPO cannot perform a role that allows him or her to determine the purposes and means of processing personal data.
  • Similarly, it has been held to be contrary to the prohibition of conflicts of interest, if the DPO is also a managing director of two subsidiaries which are responsible for processing data for the main company. In this case there is a conflict of interest because the DPO supervises the adequacy of the data processing tasks, while having a legitimate interest in the profits and operations of the data processing companies.

As the EDPB will focus on DPOs in its coordinated enforcement actions in 2023, we can expect to see a growing number of decisions in which the determining data protection authority makes decisions in principle on the functioning and impartiality of the DPOs. Further guidelines or statements may be issued by national or EU authorities.

Government Decree 462/2023 (X. 5.) on emergency measures for the protection of the labour market and the population of Hungary was published

The Decree which was published on 5 October envisages a comprehensive re-regulation of the residence and employment conditions of third-country nationals in Hungary. 

The Government Decree prohibits the application of Act L of 2023 on guest workers during the period of the state of emergency. The Act otherwise lays down the conditions of residence and work of guest workers, i.e. third-country nationals from non-neighbouring countries, who come to Hungary for work purposes, as well as the rules for a single residence permit, which enters into force on 1 November 2023, but cannot be taken into account for the time being. 

At the same time, the Government has also decided to propose new legislation on immigration and employment, which is expected to fundamentally change the rules applicable for third country national in the future. 

If there is any progress in this area, we will of course inform you immediately. 

CLVPartners celebrates its 20 Year Anniversary!

Today, we are thrilled to celebrate a significant milestone – our law firm’s 20th anniversary! Over the last two decades, we have remained dedicated to providing exceptional legal services to our clients through hard work and commitment. Our journey has been incredible, marked by numerous successful cases, partnerships, and meaningful connections. We want to express our gratitude to our exceptional team, past and present, for making this possible. We also want to thank our clients for entrusting us with their legal matters – your trust has been the foundation of our success.
Here’s to the memories we’ve created and the ones we’re yet to make!

Legislation implementing the Whistleblowing Directive is published

On 25 May 2023, Act XXV of 2023 on Complaints and Whistleblowing and on the Rules Relating to the Reporting of Abuses (“Complaints Act” or “Act“) was published in the Hungarian Gazette, implementing the Directive 2019/1937 on the protection of persons reporting violations of EU law, i.e., the “Whistleblowing” Directive (“Directive“) into the Hungarian law. The Act has introduced the internal whistleblowing system, which allows employees (including future and former employees), contractors and owners to report information on any abuse to the system in place at the company.

Who is required to set up an internal whistleblowing system and when?

The Complaints Act will be introduced in two steps.

From 24 July 2023, the following companies will have to comply with the rules:

  • companies with at least 250 employees;
  • service providers covered by the AML Act, such as estate agents, accountants, auditors, tax advisors, lawyers, head office service providers.

Companies with at least 50 but no more than 249 employees will have to comply with the provisions of the Act from 17 December 2023. An additional relief for such medium businesses is the possible creation of a common internal whistleblowing system, reducing the administrative burden.

What are the basic obligations for employers when setting up internal reporting channels?

  • Appointment of a responsible person: companies that set up an internal whistleblowing system must designate an impartial person or department, or contract with an external organisation, a whistleblower lawyer, to operate the system.
  • Making a policy: in view of the Act, it may be essential to review existing policies and possibly amend related internal procedures (e.g. the data protection policy).
  • Disclosure: To ensure that persons entitled to report abuse are aware of the internal whistleblowing system, companies should provide adequate information on the procedures.
  • Record keeping: in order to enable the company to decide whether to disregard a notification on the grounds that it has already been examined or that it was received after the time limit specified in the Act, it is necessary to keep accurate records of all notifications received.

What are the consequences, if someone does not meet the requirements?

Compliance with the obligations related to the operation of the whistleblowing system will be monitored by the Hungarian employment supervisory authority. The authority may take the following decisions:

  • issue a warning,
  • oblige the employer to remedy the infringement, the shortcoming or the failure to fulfil the employment obligation,
  • prohibit the continued employment of an employee who has committed an infringement until the infringement has been corrected, if the infringement or its likely consequences are serious and the infringement cannot be remedied within a short time.

When setting up and operating an internal whistleblowing system, all businesses should pay particular attention to strict data protection rules. Failure to comply with data protection rules can result in financial penalties in the event of action by the national authority for data protection.

What are the potential challenges of the new requirements?

Studying the Act raises a number of practical questions, but we believe that solutions can be found. Below are a few issues that every company should consider.

Not all notifications must be checked by the employer, and there may be several cases where an investigation can be waived, such as:

  • the notification was made by an unidentified notifier,
  • the notification was not made by the person entitled to do so,
  • a repeated application was handed in by the same applicant with the same content as the previous application, or
  • the harm to the public interest or to an important private interest would not be proportionate to the restriction of the person’s rights concerned by the notification resulting from the investigation of the notification.

The employers also have to question, whether it is necessary to notify another authority or to take any further action, either when a criminal offence is suspected or in a less obvious case where a request to the competition authority is justified.

Companies must be prepared for the challenges of protecting trade secrets and data protection when registering and recording whistleblowers and incident reports. Too little information collected can impact the success of an investigation, while too much information can raise privacy concerns. So there is a need to find a middle path where sufficient, but not too much information is available to companies. The quality of the information flow should also be taken into account in the communication with the whistleblower and the persons affected by the notification, as the Act imposes a number of information obligations on companies, but the detail level of the notification issued is not indicated.

Under the Complaints Act, companies are obliged to refrain from taking any detrimential action to the whistleblower, if it is related to the complaint. Such adverse action may include, inter alia:

  • termination;
  • a demotion or refusal to promote;
  • delegation of tasks;
  • negative performance assessment or job references;
  • failure to renew or early termination of a fixed-term employment contract.

If a company applies any of those measures to an employee and the employee challenges them in court, the company must be able to prove that there was another legitimate reason for its decision.

Several groups, mainly with an international background, have already set up internal whistleblowing systems following the entry into force of the Directive. As the published text of the Act sets out requirements that are stricter, Hungarian subsidiaries that already have a whistleblowing regime in place will need to review their procedures.

If you have any questions about the above, please do not hesitate to contact us.

Practical problems with cookie data management

Introduction

In today’s digital world, methods and technologies for collecting and processing personal data (e.g. cookies) are extremely widespread because they allow data controllers to learn essential information about us. For example, after a single search for a shoe on the Internet, we are almost inevitably confronted with advertisements for the same or similar shoes on other platforms.

The relationship between data controllers and individuals is fundamentally unequal, as average users are typically unaware of the many ways in which their personal data are handled. To balance this, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (“ePrivacy Directive“) and Regulation 2016/679/EU on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR“) were adopted to ensure privacy and the protection of personal data. These EU laws set out minimum requirements for data controllers to compensate for asymmetric relationships.

NGOs such as None of Your Business (“NOYB“) are helping to ensure that these rights are effectively enforced. As a result of NOYB’s work the European Data Protection Board’s Cookie Banner Taskforce has published its newest report. In this, the Taskforce has identified 7 main cookie management practices which it considers to be inadequate in the light of the relevant legislation. These are briefly summarized below in order to help website operators to adapt their practices and users to be more aware of them:

No reject button on the first layer: It does not meet the requirements for consent if the information window on cookies that require consent only offers the option “accept” or “more information”, but without containing a button to reject the cookies.

Pre-ticked boxes: Indeed inadequate to pre-tick the boxes from the available options that the data controller prefers when setting cookies.

Use of a link: The accept button for cookie-related data management typically pops up automatically on all pages, but some data controllers provide the rejection option only through a separate link, making it difficult for users to make a voluntary choice and putting pressure on them.

Deceptive button colours and contrast: For valid consent it is also an important factor how the possibilities are visually represented. Indeed, if the colour or contrast of the buttons displayed is misleading for the data subject (e.g. if, in addition to the clear display of the accept button, the contrast between the colours of the reject and additional options button is so minimal that the text is almost unreadable), the consent given will most likely be considered invalid. Of course, this should always be considered on a case-by-case basis.

Misrepresentation of the legal basis: It is not lawful for the site operator to base data processing first on the consent of the visitor or, in the absence of consent, on legitimate interest. In this respect, it is particularly unlawful where the user has no possibility to object to the consent, given that in the absence of consent, the controller will process the data on the basis of his legitimate interest, as this may give the impression that the data subject can only consent to the processing and has no other choice.

Inaccurately classified “essential” cookies: The Taskforce has highlighted in its report, that many data controllers classify cookies as essential or strictly necessary, that in fact shall not be considered as essential.

No withdraw icon: A further requirement for consent is that it should be revocable at any time, in the same simple way as it was given by the data subject. Thus, data controllers should also provide for this possibility in relation to cookies (e.g. by placing a floating revocation button or link).

Summary

As can be seen from the above, data controllers must act in such a way as to ensure that users have access to the right information and are thus put in a position to make decisions. Of course, it is the responsibility of the data subjects to actually inform themselves and thus act and make decisions as informed users with regard to their own data (e.g. by customizing their preferences, leaving the visited pages after use, reading the NAIH’s information notices, the controller’s privacy policy).

The draft Hungarian legislation transposing the Whistleblowing Directive has been adopted

On the last day of February, the Government submitted a new draft law transposing Directive 2019/1937 on the protection of persons who report violations of EU law, i.e. the “Whistleblowing” Directive (the “Directive”) into domestic law. The aim of the legislation is to allow employees and contractors in companies with 50 or more employees to report abuses and breaches of law in the company without fear of retaliation and to ensure that these reports are investigated by companies according to a pre-defined procedure.

If passed by Parliament, the Bill will enter into force 60 days after its publication, so there is likely to be a short timeframe for compliance to be developed.

Satellite workplace and employees

The term ‘satellite workplace’ or ‘satellite employee’ is becoming increasingly common. In this article, we present these concepts from a labour law perspective.

What is a satellite office and who is a satellite employee?

A satellite workplace is when an employer employs employees living in a geographical location other than the registered seat of the employer in a way that these employees work partly from home and partly from offices run by the employer in a location separate from its main seat, such as rented premises, co-offices, branch offices, in short satellite workplaces. Employees employed in such arrangements are called satellite employees, who, although they belong to the organisational unit of the employer’s headquarters in terms of the employer’s organisational structure, may be physically present in another organisational unit of the employer during the course of their work.

What benefits can we expect?

There are many advantages to running a satellite workplace. For example, when recruiting new employees, the distance between the employee’s home and the employer’s seat may not be a primary consideration.  The model can be used to provide a wider range of employment opportunities for candidates living in locations other than the employer’s headquarter. This allows a larger pool of employees to be selected for the most suitable position, which is a competitive advantage, especially in jobs which are difficult to fulfil.

The employment structure avoids the negative effects of teleworking, such as professional isolation and blurring of the boundaries between work and private life.

Satellite working can also be a solution in temporary situations, when a company wants to expand into a new market or location, or when a project requires certain colleagues to work temporarily in a place differing from the company’s main address.

The perception of satellite employees from a labour law perspective

From a labour law point of view, satellite employees are teleworkers, given that they work at a location separate from the employer’s seat. Teleworking takes place irrespective of whether they work in an office run by the company or provided otherwise.

Under Hungarian law, the teleworking agreement must be included in the employment contract. The employment protection requirements vary depending on whether the work related to a particular job is performed with or without the use of a computing device.

Opportunities for implementation

There are several opportunities for creating satellite workplaces. The company can provide working conditions in its own or in a longer-term leased office space for exclusive use or it can arrange office services with community office providers. The number of satellite employees, the amount of costs that can be absorbed and the planned duration of the whole structure may be factors in choosing the most advantageous option.

Cross-border satellite work

The satellite work model can be envisaged not only within a country but also across borders. There are no barriers to cross-border employment, but there are a number of considerations to be taken into account, including:

  • employment protection rules,
  • tax considerations (tasks involved in setting up an establishment),
  • rate of pay, currency of payment,
  • comparison of costs and savings to be made,
  • equal treatment,
  • business confidentiality and data management, data security requirements.

In summary

Working in a location other than the employer’s seat can address a number of challenges that are increasingly important today, such as the need for companies to choose colleagues from a larger labour market. However, to avoid potential tax and labour law risks and unnecessary costs, it is essential that entities take their decisions with all aspects of satellite employment in mind and carefully consider them.