Data Protection Information Notice - For Employment Data Processing

1. Name of the Data Controller

2. Legal Basis for Data Processing

The following regulations apply to employment data processing:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, current text: https://eur-lex.europa.eu/legal-content/HU/TXT/PDF/?uri=CELEX:32016R0679&from=HU 

• Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Info Act), current text: https://net.jogtar.hu/jogszabaly?docid=A1100112.TV

• Act I of 2012 on the Labour Code (Labour Code), current text: https://net.jogtar.hu/jogszabaly?docid=A1200001.TV

3. Information on the Processed Data

Scope of Processed Data and Purpose of Processing

The scope, purpose, duration, legal basis, and method of processing the data are detailed in the appendix of this notice.

4. Access to Data and Data Security Measures

1. Access to Data and Data Transfer 

The personal data you provide is accessible to the Data Controller’s employees for the performance of their duties.

The Data Controller transfers the managed personal data to its subcontractors listed in the annex of this policy.

Az Adatkezelő csak kivételes esetben adja át a személyes adatait más – a mellékletben fel nem sorolt - Adatkezelőknek, állami szerveknek. 

The Data Controller only transfers your personal data to other Data Controllers or state authorities – not listed in the annex – in exceptional cases.

For example, in cases where:

• Legal proceedings involving you are initiated, and the court requires the submission of documents containing your personal data.

• The police request the Data Controller to transfer documents containing your personal data for investigative purposes.

2. Data Security Measures

The personal data you provide is stored by the Data Controller on its servers and, where applicable, in paper-based archives. The Data Controller does not use the services of any other company for the storage of personal data. 

The Data Controller takes appropriate measures to protect personal data, including safeguarding it from unauthorized access or alteration. For example, access to personal data stored on the server is logged, meaning it is always possible to track who accessed what personal data and when.

5. Rights Related to Data Processing

1. Your Right to Access

You, as the data subject, have the right to access your personal data.

 

If you request confirmation from the Data Controller on whether your personal data is being processed, the Data Controller is obligated to provide information on the following:

1. what personal data,

2. on what legal basis,

3. for what purpose,

4. from what source, and

5. for how long it is being processed.

Your right to receive confirmation on whether the Data Controller processes your personal data:

1. applies to personal data related to you;

2. does not apply to anonymous data;

3. does not apply to personal data not related to you; and

4. includes pseudonymized data clearly associated with you.

At your request, the Data Controller will provide access and a copy of your personal data. If you request additional or repeated copies of your personal data, the Data Controller may charge a reasonable fee for the administrative costs incurred in fulfilling the request, which you will be responsible for paying.

2. Your Right to Rectification

You have the right to have your personal data corrected.

This right:

1. does not apply to anonymous data;

2. applies to personal data relating to you;

3. does not apply to personal data not relating to you; and

4. includes pseudonymized data that can be clearly linked to you.

Upon your request, the Data Controller will correct or supplement your personal data as appropriate. The Data Controller will inform the recipients of your personal data (if any) about the rectification of the data. However, the Data Controller is not required to notify recipients if such notification proves impossible or would require disproportionate effort.

3. Right to Erasure

Under certain conditions, you have the right to request the deletion of your personal data.

The Data Controller is obliged to erase your personal data without undue delay if:

1. the Data Controller processes this personal data, and

2. you request the deletion of your personal data, and

3. the personal data is no longer necessary for the purposes for which the Data Controller processed it.

The Data Controller is also obliged to erase your personal data without undue delay if:

1. the Data Controller processes your personal data, and

2. you request the deletion of your personal data, and

3. you withdraw your consent on which the data processing is based, and

4. there is no other legal basis for the further processing of your data.

The Data Controller must erase your personal data without undue delay if: 

1. the data processing is necessary for the legitimate interests of the Data Controller or a third party, and

2. you object to the processing of your personal data, and

3. the legitimate reason for processing does not override your objection.

The Data Controller must erase your personal data without undue delay if: 

1. you request the deletion of your personal data, and

2. the processing of such data by the Data Controller is unlawful, or

3. deletion is mandatory under applicable laws, or

4. your data has been collected in connection with services related to the information society.

The Data Controller will inform the recipients of your personal data (if any) about the deletion of the data. However, the Data Controller is not required to notify recipients if such notification proves impossible or would require disproportionate effort.

4. Your Right to Restrict Data Processing

You have the right to request the restriction of the processing of your personal data.

This right to request restriction of your personal data processing: 

2. does not apply to anonymous data;

3. applies to personal data related to you;

4. does not apply to personal data not related to you; and

5. includes pseudonymized data that can be clearly linked to you.

The Data Controller will restrict the processing of your personal data during the period it verifies the accuracy of the data if you request restriction and dispute the accuracy of the data.

The Data Controller will restrict the processing of your personal data if you request the restriction of data that is processed unlawfully, and you object to the deletion of such data.

The Data Controller will restrict the processing of your personal data if: 

1. you request the restriction of your personal data processing, and

2. the Data Controller no longer needs these data for processing purposes, but

3. you need the data for the submission, enforcement, or defense of a legal claim.

The Data Controller will restrict the processing of your personal data if:

1. you object to the processing of personal data that is necessary for the legitimate interests of the Data Controller, and

2. you are awaiting confirmation of whether there is a lawful basis for the Data Controller to continue processing your personal data that overrides your objection.

The Data Controller will inform the recipients of your personal data (if any) about the restriction of the processing of such data. However, the Data Controller is not required to notify the recipients if such notification proves impossible or would require disproportionate effort.

If the Data Controller restricts the processing of your personal data, it may:

1. store such personal data,

2. process the personal data with your consent,

3. process the personal data for the submission, enforcement, or defense of legal claims, or for the protection of the rights of another person.

5. Your Right to Data Portability

You have the right to receive your personal data, which you have provided to a data controller, in a structured, commonly used, and machine-readable format. You also have the right to request that this data be transferred to another data controller without hindrance from the original data controller, where technically feasible. This applies if the processing is based on your consent or is necessary for the performance of a contract, and the processing is carried out by automated means.

Your right to data portability: 

1. does not apply to anonymous data;

2. applies to personal data relating to you;

3. does not apply to personal data not relating to you; and

4. does not apply to clearly pseudonymized data

6. Time Frame for Processing Your Requests

The Data Controller will respond to your requests concerning the rights described above without undue delay, and at the latest within one month.

7. Right to Lodge a Complaint

If you believe that your rights have been violated, the Data Controller recommends initiating direct contact to resolve the issue. If such a discussion does not lead to a resolution, or if you prefer not to engage in such discussions, you may turn to the court or the Hungarian National Authority for Data Protection and Freedom of Information (NAIH). In the case of court proceedings, you may choose to initiate them at the court competent for your residence or domicile.

NAIH contact information:

Address: 1055 Budapest, Falk Miksa utca 9-11

Phone: +36 1 391 1400

Fax: +36 1 391 1410

Email: ugyfelszolgalat@naih.hu

Website: www.naih.hu

8.  Changes to This Notice

The Data Controller reserves the right to modify this notice at any time. Customers will be informed of such changes by mail or email as required by applicable law.