Privacy Policy

DATA MANAGEMENT INFORMATION

VIZI AND PARTNERS LTD.

IMPLICABLE:

FROM 2023.01.01

UNTIL WITHDRAWN

  1. Data controller's data:

Company name: Vizi and Partners Ltd.

Headquarters: 2484 Gárdony, Chernel István street 27.

Tax number: 26346625-2-07

Company registration number: 07-09-029020

Register keeping organisation: Company Court of Székesfehérvár General Court

Company representative: Sándor Vizi managing director

Phone number: 706726563

E-mail address: @email

  1. Purpose of the Privacy Notice:

The controller acknowledges that it is bound by the contents of this legal notice. This Privacy Notice is intended to inform your customers, partners and clients about the processing of their personal data.

The Data Controller shall process personal data only in accordance with the provisions of applicable law and in strict compliance with the provisions of the data management and data protection regulations, taking into account the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy and limited storage.

The data controller shall take all technical and organisational measures to ensure that the personal data of its partners are processed in a secure manner, as required by Regulation (EU) 2016/679 of the European Parliament and of the Council.

The data controller has developed its day-to-day activities, policies, records, templates and information documents in accordance with the above.

The data protection policies relating to the controller's processing are permanently available on the controller's headquarters and websites. The controller reserves the right to change this notice at any time. It will of course inform its audience of any changes in due time.

The data controller is committed to protecting the personal data of its customers and partners and attaches great importance to respecting the right to information self-determination of its customers. The controller treats personal data confidentially and takes all security, technical and organisational measures to ensure the security of the data. The controller describes its data management practices below.

  1. The personal, material and temporal scope of the Privacy Notice:

The personal scope of this Privacy Notice extends to the controller and to the natural persons whose data are included in the processing covered by this Notice, as well as to persons whose rights or legitimate interests are affected by the processing.

The scope of this Notice covers all processing that takes place in the course of the controller's activities as a headhunter.

This Policy shall enter into force on the date of approval and shall remain in force indefinitely until further notice.

  1. Key definitions:

Personal data: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data: any data that fall within special categories of personal data, namely personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data revealing the identity of natural persons, health data and personal data concerning the sex life or sexual orientation of natural persons.

Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction or destruction.

Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

Joint controllers: where the purposes and means of processing are jointly determined by two or more controllers, they are considered to be joint controllers.

Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent of the data subject: a voluntary, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation.

Data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

  1. Lawful processing by the controller:

Personal data are processed by the controller only in the following cases:

  1. where the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes,
  2. the processing is necessary for the performance of a contract to which the data subject is a party,
  3. processing is necessary for compliance with a legal obligation to which the controller is subject,
  4. processing is necessary for the protection of the vital interests of the data subject or of another natural person,
  5. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

The controller examines the lawfulness of data processing at all stages of its activities, and only processes data for which it can justify the purpose and legal basis. In the event that the conditions of a legal basis cease to apply, the processing may only be resumed if the controller can demonstrate an adequate alternative legal basis.

As a general rule, the way of proving the legal basis is in writing, but even in the case of a legal basis created by implied conduct, it must be examined whether it can be clearly proved ex post. In case of doubt, for reasons of reasonableness and economy, written confirmation of the imputability should be sought.

In the case of processing based on consent, the data subject gives his or her written consent to the processing of his or her personal data. Consent is not formally binding, but subsequent evidence requires written consent on paper or in electronic form.

Processing based on a legal basis to fulfil a legal obligation is independent of the data subject's consent, as the processing is defined by law.

Irrespective of the mandatory nature of the processing, the private individual concerned must be informed before the processing starts that the processing is mandatory and cannot be avoided and must be provided with clear and detailed information on all relevant facts concerning the processing of his or her data before the processing starts.

According to the GDPR (General Data Protection Regulation), personal data may also be processed where the processing is necessary for the performance of a contract to which the individual concerned is a party or where the processing is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract. The controller may process personal data for the purposes of the conclusion, performance or termination of the contract on the basis of the legal basis for performance of the contract.

  1. Processing of personal data by the controller:

The data controller provides a headhunting service and advice to its customers. In the course of this activity, personal data of natural persons are processed. It carries out the following processing activities:

  1. The contractual partners of the controller may be both individuals and legal persons. The establishment of a contractual relationship is preceded by a request for proposal, in person, by telephone, by e-mail, by using the contact forms available on the controller's websites (viziandpartners.hu and www.theheadhunter.eu) or through the controller's social networking sites. The applicant shall provide his/her name, telephone number and e-mail address to which the controller shall send his/her offer. If the offer is rejected, the personal data of the interested party will be deleted without delay and at the latest within 30 days of the rejection of the offer. If the applicant does not send any feedback on the offer, the controller shall delete the personal data within 60 days of the sending of the offer. The legal basis for the processing of personal data is the establishment of a contract (Article 6(1)(b) of the General Data Protection Regulation). If the data subject accepts the offer, a contractual relationship is established between the parties. Subsequently, the controller will have access to further personal data of individuals (partners and contacts). The legal basis for the processing is the performance of a contractual obligation (Article 6(1)(b) of the General Data Protection Regulation), and in the case of a contact person of a legal person, the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).

The data controller issues an invoice for the services provided. The invoice will contain the name, address and possibly the tax number of the client. The issuing of the invoice is a legal obligation of the controller. The legal basis for the processing of personal data on the invoice is the fulfilment of a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). The personal data on the invoice are stored by the controller for 8 years in compliance with the retention obligation laid down in Article 169 of Act C of 2000 on Accounting.

  1. In the course of the controller's activities, the personal data of job applicants and employees of the principals will become known. In this respect, the controller is a data processor, since it processes personal data for the purposes specified by the client (as data controller). The data controller shall in any case conclude a so-called data processing contract with the principal, in which it declares that it will fully comply with Regulation (EU) 2016/679 of the European Parliament and of the Council and will not process the personal data of the principal and of its job applicants and employees for purposes other than those documented in the contract of engagement with the principal, unless such processing is required by the applicable legislation in force. The data controller shall take reasonable steps to ensure the reliability of any agent who may have access to the personal data of the principal, job applicant or employee and shall ensure that such access is only granted to those persons who have a strictly necessary need to know or have access to the personal data of the principal, job applicant or employee for the purposes of the contract of engagement.

The controller shall sign an appropriate confidentiality agreement with each such person. The controller shall keep business secrets disclosed to it in the course of its activities, as well as essential information relating to the principal (and its operations), job applicants and employees. It shall use data, procedures, methods, documents, documents or other information relating to the contractor, its applicants or employees only for the performance of its tasks and shall not disclose them to unauthorised persons or organisations, nor shall it disclose them to third parties or otherwise misuse them. Information, documents and analyses provided by the Principal shall be treated confidentially and shall not be disclosed to third parties. If the contractual relationship with the Principal is terminated, the Controller shall hand over all documents to the Principal. The legal basis for the processing is the fulfilment of the contractual obligation (Article 6(1)(b) of the General Data Protection Regulation).

  1. In compliance with the obligation provided for in Government Decree 118/2001 (VI. 30.) on the registration and conditions for the performance of the activities of temporary employment agencies and private employment agencies, the data controller shall provide mandatory data to the National Office for Vocational and Adult Education. The data controller shall use the labour market forecasting system operated by the Authority in order to fulfil its data reporting obligations. The controller processes the personal data recorded in the system on the basis of a legal basis (Article 6(1)(c) of the General Data Protection Regulation) in order to fulfil a legal obligation.
  2. In connection with the headhunter's activities, the data controller builds a database in which the personal data and CVs of job-seeking individuals are collected and stored and then transmitted.

The data controller will request the data subject's consent to the processing (storage and transmission) of personal data in a separate declaration. The statement of consent shall specify the period for which the controller may store the CV and the personal data contained therein. The data subject shall have the right to withdraw his or her consent at any time by sending a notice to the contact details of the controller as set out in this notice. Thereafter, the controller shall delete the stored data without undue delay and at the latest within 30 days. Where the data subject has given his or her consent, the controller shall be entitled, for the duration of the data subject's consent, to transfer the CV and the personal data contained therein to his or her clients, partners and, in the case of temporary employment, to their partners, in order to find the job specified by the data subject. The legal basis for processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation).

  1. The data controller also uses the job search portal profession.hu created by profession.hu Kft. in the course of its activities. Relevant CVs uploaded on the website www.profession.hu for the advertised vacancy will be downloaded, stored and forwarded to its partner. The data subject gives his/her consent to the processing (storage and transmission) of personal data by uploading his/her CV. The data subject has the right to withdraw his/her consent at any time by sending a notice to the contact details of the data controller as set out in this notice. Thereafter, the controller shall delete the stored data without undue delay and at the latest within 30 days. Where the data subject has given his or her consent, the controller shall be entitled, for the duration of the data subject's consent, to transfer the CV and the personal data contained therein to his or her clients, partners and, in the case of temporary employment, to their partners, in order to find the job specified by the data subject. The legal basis for processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation).
  2. The (prospective) partners, clients, customers of the data controller occasionally provide the data controller with business cards containing their personal data (e.g. name, telephone number, e-mail address). The purpose of the processing is to contact the data subject and offer the data controller's services or send a job offer to the data subject. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation), which is given orally when the business card is handed over to the data subject. The data subject shall have the right to withdraw his or her consent at any time by sending a notice to the contact details of the controller as set out in this notice. Thereafter, the controller shall destroy the business card and delete the stored data without undue delay and at the latest within 30 days.
  3. The controller also has contractual relationships with subcontractors, suppliers and service providers in the course of its work, which also provide a basis for the processing of personal data. In this case, the legal basis for the processing of personal data is (in the case of a natural person or a sole trader) the performance of a contractual obligation (Article 6(1)(b) GDPR), and in the case of personal data of a contact of a legal person, the prior informed consent of the data subject (Article 6(1)(a) GDPR).
  4. In the performance of its tasks, the data controller processes the e-mail addresses and telephone numbers of its partners, clients, customers, in the performance of its contractual obligations (Article 6(1)(b) of the General Data Protection Regulation) or on the basis of their individual consent (Article 6(1)(a) of the General Data Protection Regulation).
  5. Natural persons applying to the controller submit a CV to the company. Personal data in the CV are also processed. The purpose of the processing is to fill the advertised vacancy, or to use it in the event of a future vacancy, or to find a suitable qualified employee. The legal basis for the processing is the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation). The CV and the personal data contained therein will be stored by the controller for 3 months after receipt of the CV, after which it will be destroyed, unless the data subject has given his/her consent for a longer period.
  6. The controller occasionally takes photographs or video recordings of its customers, partners, employees, other data subjects. If the recording shows a recognisable individual, the recording will be made and used - in connection with the controller's websites, social networking sites or other appearances - only with the prior, informed, written and voluntary consent of the data subject. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation). If the data subject withdraws consent and requests the cessation of the use of the recording or its deletion, the controller will comply with this request without undue delay, but no later than 30 days.
  7. The data controller presents its activities and services on the websites viziandpartners.hu and www.theheadhunter.eu and www.Theexecutiveheadhunter.com The websites use cookies during their operation, which also collect personal data about visitors. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation).
  8. Visitors to the websites have the possibility to contact the data controller by means of a contact form. The form must contain the name, e-mail address and telephone number of the interested party. The purpose of processing personal data is to contact the site visitor and the person interested in the services of the controller. If the service is not ordered after contacting the data controller, the personal data of the interested party will be deleted immediately, but no later than 30 days after the contact. The controller processes the personal data for the purposes of the contract and on this legal basis (Article 6(1)(b) of the General Data Protection Regulation). By filling in the form, the data subject declares that he or she has read and accepted the Data Controller's Privacy Notice.
  9. The data controller publishes job vacancies and offers on the website theheadhunter.eu and www.Theexecutiveheadhunter.com. Candidates can apply for the advertised job by providing their name, e-mail address, address and telephone number and by uploading their CV. The purpose of the processing is to maintain contact, review the CV of the data subject, the information provided therein, send the application for the job, forward the CV to the partner advertising the job. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation). The data subject has the right to withdraw his or her consent at any time by sending a notice to the contact details of the controller as set out in this notice. Thereafter, the controller shall delete the stored data and the CV without undue delay and at the latest within 30 days.
  10. The data controller presents its cooperation partners on the website theheadhunter.eu. The personal data of the data subject (name and contact details) will only be displayed on the website if he or she has given his or her prior written informed consent. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation). The controller processes personal data until the data subject's consent is withdrawn.
  11. The data controller presents its employees on the website theheadhunter.eu. The personal data of the data subject (name and contact details) will only be displayed on the website if he or she has given his or her prior written informed consent. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation). The controller processes personal data until the data subject's consent is withdrawn.
  12. The data controller also offers the possibility to subscribe to a newsletter by providing your name and e-mail address. The purpose of processing personal data is to send newsletters, direct marketing messages and personalised offers to the data subject. By subscribing to the newsletter, the data subject declares that he/she has read the Controller's Privacy Policy and gives his/her consent to the processing of his/her personal data for marketing purposes. The data subject shall have the rights set out in the Data Protection Notice and shall be able to exercise those rights in the manner and at the places indicated therein. Accordingly, the legal basis for the processing of personal data in the context of sending the newsletter is the prior informed consent of the subscriber (Article 6(1)(a) of the General Data Protection Regulation). If the data subject withdraws his or her consent, the controller shall delete the recorded personal data from its system without undue delay and at the latest within 30 days of the withdrawal of consent.
  13. The controller also operates a social networking site, where personal data are also processed. The legal basis for the processing is the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).
  14. In the course of complaint handling in relation to the activities of the data controller, the purpose of data processing is to enable the communication of the complaint, to identify the data subject and his/her complaint, to record the data required to be recorded by law, to investigate the complaint and to maintain contact in connection with its resolution.

Once a complaint has been made, the handling of the complaint, and thus the processing of personal data, is mandatory under Act CLV of 1997 on Consumer Protection. The legal basis for processing personal data is therefore the fulfilment of a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).

The data controller shall keep records of the processing described above. The register shall also include the time limits for the erasure of personal data. The register is annexed to this Privacy Notice.

  1. Processors connected to the controller:

Where the processing is carried out on behalf of the controller, the controller may only use processors that offer adequate guarantees of compliance with the requirements of the General Data Protection Regulation or implement appropriate technical and organisational measures to ensure the protection of the rights of data subjects.

The Data Controller hereby declares that in the course of its work, it will only deal with data processors that have adequate guarantees of compliance with the GDPR Regulation and that they implement appropriate technical and organisational measures to ensure the protection of the rights of data subjects. The relevant declarations of the data processors are available to you.

By reading and acknowledging this Privacy Notice, data subjects accept that the controller transfers their personal data to the processors and joint controllers listed below.

  • The data processor is an accounting firm appointed by the controller:
    • BartaBPO Consulting Tanácsadó, Könyvelő és Szolgáltató Kft.
    • 1132 Budapest, Váci út 16. Fsz. 12. ajtó
    • @email
  • The data controller's partner for issuing invoices:
  • hu Ltd.
  • 1031 Budapest, Záhony str. 7.
  • @email
  • The companies hosting the websites of the data controller are also data processors:
  • InfoNetfort Kft.
  • 7900 Szigetvár Szent István lakótelep 17. IV. em. 25
  • @email
  • A web development contractor working with the data controller is also considered a data processor:
  • InfoNetfort Kft.
  • 7900 Szigetvár Szent István lakótelep 17. IV. em. 25
  • @email
  • The software operator is considered a data processor due to the use of the database management and enterprise management system used by the data controller (also integrated in the theheadhunter.eu and www.Theexecutiveheadhunter.com websites):
  • Recruiterflow, Inc.
  • 2225 E Bayshore Rd, Palo Alto, California, 94303, United States
  • @email
  • When storing data in a cloud-based online database, the service provider is considered a data processor (GoogleDrive):
    • Google Ireland Limited
    • Gordon House, Barrow Street, Dublin 4, Ireland
  • They are joint data controller partners due to the use of the social networking site:
  • LinkedIn Corporation
  • 1000 West Maude AvenueSunnyvale, CA 94085USA
  • The operator of the website profession.hu is considered a joint controller:
    • hu Ltd.
    • 1123 Budapest, Nagyenyed str. 8-14. 4.
    • @email
  • Pursuant to Government Decree 118/2001 (VI. 30.) on the registration and conditions for the exercise of the activities of temporary employment agencies and private employment agencies, the data controller is obliged to provide data, which makes it a data processor and a joint data controller:
  • National Office for Vocational Education and Training
  • 1089 Budapest, Kálvária square 7.
  • @email
  • (06-1) 477-5942
  • eKRÉTA Informatikai Zrt.
  • 1111 Budapest Budafoki str. 59.
  • @email
  • +36-1-5100-494
  • The controller also transfers personal data of its customers to the National Tax and Customs Administration.

The contracted data processing and data management partners will process the personal data of partners only on the basis of instructions given by the data controller (except where required by law) and under an obligation of confidentiality.

  1. Processing of data relating to contracts concluded by the controller:

Customer contracts:

The contractual partners of the controller may be both individuals and legal persons. The establishment of a contractual relationship is preceded by a request for proposal, in person, by telephone, by e-mail, by using the contact forms available on the controller's websites (www.viziandpartners.hu and www.theheadhunter.eu and www.Theexecutiveheadhunter.com) or through the controller's social networking sites. The applicant shall provide his/her name, telephone number and e-mail address to which the controller shall send his/her offer. If the offer is rejected, the personal data of the interested party will be deleted without delay and at the latest within 30 days of the rejection of the offer. If the applicant does not send any feedback on the offer, the controller shall delete the personal data within 60 days of the sending of the offer. The legal basis for the processing of personal data is the establishment of a contract (Article 6(1)(b) of the General Data Protection Regulation). If the data subject accepts the offer, a contractual relationship is established between the parties. Subsequently, the controller will have access to further personal data of individuals (partners and contacts). The legal basis for the processing is the performance of a contractual obligation (Article 6(1)(b) of the General Data Protection Regulation), and in the case of a contact person of a legal person, the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).

The data controller issues an invoice for the services provided. The invoice will contain the name, address and possibly the tax number of the client. The issuing of the invoice is a legal obligation of the controller. The legal basis for the processing of personal data on the invoice is the fulfilment of a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). The personal data on the invoice are stored by the controller for 8 years in compliance with the retention obligation laid down in Article 169 of Act C of 2000 on Accounting.

Personal data processing of job applicants and employees of the contractors:

In the course of the controller's activities, the personal data of job applicants and employees of the principals will become known. In this respect, the controller is a data processor, since it processes personal data for the purposes specified by the client (as data controller). The data controller shall in any case conclude a so-called data processing contract with the principal, in which it declares that it will fully comply with Regulation (EU) 2016/679 of the European Parliament and of the Council and will not process the personal data of the principal and of its job applicants and employees for purposes other than those documented in the contract of engagement with the principal, unless such processing is required by the applicable legislation in force. The data controller shall take reasonable steps to ensure the reliability of any agent who may have access to the personal data of the principal, job applicant or employee and shall ensure that such access is only granted to those persons who have a strictly necessary need to know or have access to the personal data of the principal, job applicant or employee for the purposes of the contract of engagement.

The controller shall sign an appropriate confidentiality agreement with each such person. The controller shall keep business secrets disclosed to it in the course of its activities, as well as essential information relating to the principal (and its operations), job applicants and employees. It shall use data, procedures, methods, documents, documents or other information relating to the contractor, its applicants or employees only for the performance of its tasks and shall not disclose them to unauthorised persons or organisations, nor shall it disclose them to third parties or otherwise misuse them. Information, documents and analyses provided by the Principal shall be treated confidentially and shall not be disclosed to third parties. If the contractual relationship with the Principal is terminated, the Controller shall hand over all documents to the Principal. The legal basis for the processing is the fulfilment of the contractual obligation (Article 6(1)(b) of the General Data Protection Regulation).

Processing of personal data in the context of the mandatory provision of data to the labour market forecasting system:

In compliance with the obligation provided for in Government Decree 118/2001 (VI. 30.) on the registration and conditions for the performance of the activities of temporary employment agencies and private employment agencies, the data controller shall provide mandatory data to the National Office for Vocational and Adult Education. The data controller shall use the labour market forecasting system operated by the Authority in order to fulfil its data reporting obligations. The controller processes the personal data recorded in the system on the basis of a legal basis (Article 6(1)(c) of the General Data Protection Regulation) in order to fulfil a legal obligation.

Supplier contracts:

 

The data controller also manages the contact details (name, e-mail address, telephone number) of its suppliers and is in contact with service providers and subcontractors. In these cases, personal data (personal data of the contact person or of the natural person, individual entrepreneur) are also processed in order to keep in contact with the partners. The legal basis for the processing of personal data is the fulfilment of the contractual obligation (Article 6(1)(b) of the General Data Protection Regulation) or the consent of the contact person (Article 6(1)(a) of the General Data Protection Regulation).

The data controller will fill out a consent form with the contact persons of the companies, informing them of their rights regarding the processing of personal data and asking for their consent to process their data. In such cases, the legal basis for the processing of personal data is the written informed consent of the data subject to the processing (Article 6(1)(a) of the General Data Protection Regulation). If the contract with the partner has ended and there is no legal obligation to keep data or documents, the telephone numbers and e-mail addresses will be deleted. The personal data contained in the contract and the invoice will be kept by the controller for 8 years in compliance with the retention obligation laid down in Article 169 of the Accounting Act.

  1. Processing of invoices issued to customers and the personal data contained therein:

 

The data controller issues an invoice for the services provided. The invoice will contain the name, address and possibly the tax number of the client. The issuing of the invoice is a legal obligation of the controller. The legal basis for the processing of personal data on the invoice is the fulfilment of a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). Personal data recorded in this way are stored by the controller for a period of 8 years in compliance with the retention obligation laid down in Article 169 of the Accounting Act.

  1. Children's data, processing of special categories of personal data:

The data subject declares that he or she has reached the age of 16 years by subscribing to the newsletter on the website www.theheadhunter.eu, by applying for advertised jobs on the website www.theheadhunter.eu or by consenting to the operation of cookies on the websites of the controller. A person under the age of 16 may not subscribe to the newsletter, apply for a job or consent to the collection of data by the cookies used by the websites, given that, pursuant to Article 8(1) of the General Data Protection Regulation (GDPR), the validity of his/her declaration of consent to the processing of personal data requires the consent of his/her legal representative. The controller is not in a position to verify the age and entitlement of the person giving consent, so the data subject warrants that the data he or she has provided is accurate.

The controller shall not record any special data brought to the attention of the controller or of which it becomes aware. If such data have been introduced into any system without the controller's knowledge, the controller shall delete them from the system immediately upon their detection.

  1. Management of e-mail addresses, telephone numbers:

In the course of its activities, the data controller also obtains the e-mail addresses and telephone numbers of its clients, customers and partners. The personal data thus entered into its system are processed primarily for the purpose of fulfilling its contractual obligations (Article 6(1)(b) of the General Data Protection Regulation). If the contract with the partner has been terminated and the legal obligation to keep the data and documents no longer applies, the telephone numbers and e-mail addresses will be deleted. In some cases, the controller will still have a legitimate interest in retaining the data and will ask for the data subject's written consent to retain his or her personal data (Article 6(1)(a) of the General Data Protection Regulation).

Processing of personal data on business cards provided to the controller:

The (prospective) partners, clients, customers of the data controller occasionally provide the data controller with business cards containing their personal data (e.g. name, telephone number, e-mail address). The purpose of the processing is to contact the data subject and offer the data controller's services or send a job offer to the data subject. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation), which is given orally when the business card is handed over to the data subject. The data subject shall have the right to withdraw his or her consent at any time by sending a notice to the contact details of the controller as set out in this notice. Thereafter, the controller shall destroy the business card and delete the stored data without undue delay and at the latest within 30 days.

  1. Processing of applications and CVs received by the data controller:

Data processing in relation to CVs submitted in response to job advertisements by the data controller:

 

Natural persons applying to the controller submit a CV to the company. Where the CV is submitted because the controller is looking for an employee and has advertised the vacancy, the CV may only be used in relation to that vacancy.

 

If the applicant did not meet the conditions for the advertised position and another candidate was selected, the CV will be immediately destroyed. The controller may only retain the application on the basis of the explicit, unambiguous and voluntary consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation), provided that its retention is necessary for the purposes of the processing.

The data controller does not post "anonymous" job advertisements (job advertisements in which the employer does not disclose its name, so that at the time of sending the job application, applicants may not be aware of the employer to which they are applying for the job), as this is contrary to the requirement of prior information about the identity of the data controller. In any case, the controller shall inform the data subjects of his identity when advertising a job.

If the applicant has voluntarily sent a CV to the controller without an advertisement, he or she shall declare whether he or she consents to the processing of personal data by the controller. The submission of a CV does not imply that the data subject consents to the controller keeping his/her application file. It is also important to note that the controller may use the CV only in relation to vacancies indicated by the job applicant. As a general rule, CVs will be kept for 3 months, unless the data subject specifies a longer period in his/her consent.

The data controller will only check and obtain information from the applicant's profile page on the social networking site when assessing the job application if it has informed the data subjects beforehand. Even in such cases, only public data will be consulted and only information that is relevant to the job application or the job will be taken into account in the selection process. Under no circumstances will the job applicant's profile page be saved or stored and transmitted to third parties.

If the data subject is not selected for the job in question, the controller will inform him/her of this and of the reasons for the rejection.

Processing of personal data in connection with the database's construction activities:

In connection with the headhunter's activities, the data controller builds a database in which the personal data and CVs of job-seeking individuals are collected and stored and then transmitted.

The data controller will request the data subject's consent to the processing (storage and transmission) of personal data in a separate declaration. The statement of consent shall specify the period for which the controller may store the CV and the personal data contained therein. The data subject shall have the right to withdraw his or her consent at any time by sending a notice to the contact details of the controller as set out in this notice. Thereafter, the controller shall delete the stored data without undue delay and at the latest within 30 days. Where the data subject has given his or her consent, the controller shall be entitled, for the duration of the data subject's consent, to transfer the CV and the personal data contained therein to his or her clients, partners and, in the case of temporary employment, to their partners, in order to find the job specified by the data subject. The legal basis for processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation).

The data controller also uses the job search portal www.profession.hu created by profession.hu Kft. in the course of its activities. Relevant CVs uploaded on the website www.profession.hu for the advertised vacancy will be downloaded, stored and forwarded to its partner. The data subject gives his/her consent to the processing (storage and transmission) of personal data by uploading his/her CV. The data subject has the right to withdraw his/her consent at any time by sending a notice to the contact details of the data controller as set out in this notice. Thereafter, the controller shall delete the stored data without undue delay and at the latest within 30 days. Where the data subject has given his or her consent, the controller shall be entitled, for the duration of the data subject's consent, to transfer the CV and the personal data contained therein to his or her clients, partners and, in the case of temporary employment, to their partners, in order to find the job specified by the data subject. The legal basis for processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation).

  1. Taking photographs and video recordings at the controller's premises:

 

The controller occasionally takes photographs or video recordings of its customers, partners, employees, other data subjects. If the recording shows a recognisable individual, the recording will be made and used - in connection with the controller's websites, social networking sites or other appearances - only with the prior, informed, written and voluntary consent of the data subject. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation). If the data subject withdraws consent and requests the cessation of the use of the recording or its deletion, the controller will comply with this request without undue delay, but no later than 30 days.

  1. The controller's websites:

The data controller presents its activities and services on the websites www.viziandpartners.hu and www.theheadhunter.eu.

The websites of the data controller use cookies in their operation. The legal basis for the processing of personal data obtained by them is the consent of the visitor (Article 6(1)(a) of the General Data Protection Regulation).

The www.viziandpartners.hu website uses the following cookies in its operation:

  • cookie-agreed
  • duration: 3 months 8 days
  • type: other
  • cookie-agreed-version
  • duration: 3 months 8 days
  • type: other

The www.theheadhunter.eu website uses the following cookies in its operation:

  • cookie-agreed
  • duration: 3 months 8 days
  • type: other
  • cookie-agreed-version
  • duration: 3 months 8 days
  • type: other

What cookies do:

  • collect information about visitors and their devices;
  • remember visitors' individual preferences, which are used;
  • facilitate the use of websites;
  • provide a quality user experience.

To provide a personalised service, a small piece of data, called a cookie, is placed on the user's computer and read back during a subsequent visit. When the browser returns a previously saved cookie, the cookie provider has the possibility to link the user's current visit to previous visits, but only in relation to its own content.

Session cookies are strictly necessary:

The purpose of these cookies is to allow visitors to browse the websites, use their features and services fully and smoothly. These cookies are valid until the end of the session and are automatically deleted from the computer or other browsing device when the browser is closed.

The data subject's choice about the cookie:

Web browser cookies:

In the browser settings, the data subject can accept or reject new cookies and delete existing cookies. You can also set your browser to notify you each time a new cookie is placed on your computer or other device. You can find more information about cookie management in the "help" function of your browser.

If you choose to disable some or all cookies, you will not be able to use all the features of the websites.

In relation to the acceptance of the use of cookies on the controller's websites, the data subject declares that he or she is at least 16 years of age. A person under the age of 16 may not declare his or her acceptance or refusal of cookies used by the websites, given that, pursuant to Article 8(1) of the General Data Protection Regulation (GDPR), the validity of his or her declaration of consent to processing requires the consent of his or her legal representative. The controller is not in a position to verify the age and entitlement of the person giving consent, so the data subject warrants that the data he or she has provided are accurate.

Processing of personal data when using the contact forms:

 

Visitors to the websites have the possibility to contact the data controller by means of a contact form. The form must contain the name, e-mail address and telephone number of the interested party. The purpose of processing personal data is to contact the site visitor and the person interested in the services of the controller. If the service is not ordered after contacting the data controller, the personal data of the interested party will be deleted immediately, but no later than 30 days after the contact. The controller processes the personal data for the purposes of the contract and on this legal basis (Article 6(1)(b) of the General Data Protection Regulation). By filling in the form, the data subject declares that he or she has read and accepted the Data Controller's Privacy Notice.

 

Processing of personal data when applying for jobs advertised on the website:

The data controller publishes job vacancies and offers on the website www.theheadhunter.eu. Candidates can apply for the advertised job by providing their name, e-mail address, address and telephone number and by uploading their CV. The purpose of the processing is to maintain contact, review the CV of the data subject, the information provided therein, send the application for the job, forward the CV to the partner advertising the job. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation). The data subject has the right to withdraw his or her consent at any time by sending a notice to the contact details of the controller as set out in this notice. Thereafter, the controller shall delete the stored data and the CV without undue delay and at the latest within 30 days.

The person concerned declares that he/she is over 16 years of age when applying for the advertised jobs. A person under 16 years of age may not apply for a job in this way, given that, pursuant to Article 8(1) of the General Data Protection Regulation (GDPR), the validity of his/her declaration of consent to data processing requires the consent of his/her legal representative. The controller is not in a position to verify the age and entitlement of the person giving consent, so the data subject warrants that the data he or she has provided are accurate.

Personal data processing during the presentation of cooperating partners:

The data controller presents its cooperation partners on the website www.theheadhunter.eu. The personal data of the data subject (name and contact details) will only be displayed on the website if he or she has given his or her prior written informed consent. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation). The controller processes personal data until the data subject's consent is withdrawn.

Personal data processing during the introduction of employees:

The data controller presents its employees on the website www.theheadhunter.eu. The personal data of the data subject (name and contact details) will only be displayed on the website if he or she has given his or her prior written informed consent. The legal basis for the processing is the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation). The controller processes personal data until the data subject's consent is withdrawn.

  1. Subscribe to newsletter:

The data controller also offers the possibility to subscribe to a newsletter by providing your name and e-mail address. The purpose of processing personal data is to send newsletters, direct marketing messages and personalised offers to the data subject. By subscribing to the newsletter, the data subject declares that he/she has read the Controller's Privacy Policy and gives his/her consent to the processing of his/her personal data for marketing purposes. The data subject shall have the rights set out in the Data Protection Notice and shall be able to exercise those rights in the manner and at the places indicated therein. Accordingly, the legal basis for the processing of personal data in the context of sending the newsletter is the prior informed consent of the subscriber (Article 6(1)(a) of the General Data Protection Regulation). If the data subject withdraws his or her consent, the controller shall delete the recorded personal data from its system without undue delay and at the latest within 30 days of the withdrawal of consent.

The purpose of data processing in connection with the sending of newsletters is to provide the recipient with complete general or personalized information about news, latest news, discounts, in accordance with the applicable and valid legislation. The subscription to the newsletter and/or DM mailing is based on voluntary consent, the data controller will of course give the data subject the opportunity to withdraw his consent and unsubscribe from the newsletter at any time.

The data subject declares on the controller's website www.viziandpartners.hu that he or she is at least 16 years of age when subscribing to the newsletter. A person under 16 years of age may not subscribe to the newsletter, given that, pursuant to Article 8(1) of the General Data Protection Regulation (GDPR), the validity of his/her declaration of consent to the processing of personal data requires the consent of his/her legal representative. The controller is not in a position to verify the age and entitlement of the person giving consent, so the data subject warrants that the data he or she has provided is accurate.

  1. The controller's community page:

The controller also operates a LinkedIn page, where personal data is also processed. The data controller also promotes and presents its activities and services on LinkedIn.

https://www.linkedin.com/company/80547770

On the social networking site, the personal data of the followers are processed by the data controller on the basis of their consent (Article 6(1)(a) of the General Data Protection Regulation), which is deemed to be given when the person concerned likes, follows or comments on the page and its posts.

  1. Personal data processing in the use of cloud-based applications:

The data controller mainly uses cloud-based services for storing, backing up and sharing documents. A common feature of such services is that they are not provided by the user's computer, but by a remote server, a server centre located anywhere in the world. Such services are also provided by online hosting. A major advantage of cloud applications is that they provide a highly secure, flexible and scalable IT storage and processing capacity, essentially independent of geographical location.

In these cases, the cloud service provider can be considered as a data processor, processing personal data on behalf of the data controller. Cloud service providers are obliged to keep personal data confidential and may only process personal data on the instructions of the controller.

The data controller selects its cloud service partners with the utmost care, takes all measures normally expected to ensure that they are contracted in a way that takes into account the data security interests of its customers and clients, that their data management principles are transparent to them and that data security is regularly monitored.

Cloud storage is password protected and only the data controller has access to the data stored there.

The data controller's partners expressly consent to the transfer of data necessary for the use of cloud applications by accepting this Privacy Notice. The legal basis for processing is the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).

  1. Handling of complaints about the controller's activities:

The purpose of data processing in the course of complaint handling in relation to the activities of the data controller is to enable the communication of the complaint, to identify the data subject and his/her complaint, to record the data required to be recorded by law, to investigate the complaint and to maintain contact in connection with its resolution.

Once a complaint has been lodged, the handling of the complaint, and thus the processing of personal data, is mandatory under Act CLV of 1997 on Consumer Protection. The legal basis for processing personal data is therefore the fulfilment of a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).

The data controller keeps the record of the complaint and a copy of the reply for 3 years, on the basis of which the personal data are also processed during this period.

  1. Security of data processing:

The data controller undertakes to ensure the security of the data, to take technical and organisational measures and to maintain procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration. It also undertakes to require any third party to whom it transfers or discloses the data to comply with the requirements of data security.

The controller shall ensure that the data processed cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. The data processed may only be accessed by the controller and its data processor(s) and shall not be disclosed to third parties not entitled to access the data.

The data controller takes great care to ensure the security of the personal data of its clients, customers and partners. It acts in full compliance with the legal provisions and requires all its partners to do the same. The protection of personal data includes physical protection (storage of documents in a lockable room monitored by a security camera) and IT protection (firewall, antivirus, password protection).

The controller shall store the personal data provided by the data subject primarily on the servers of the data processor(s) indicated in this Privacy Notice, equipped with the usual protection systems, and partly on its own IT equipment, in case of paper media, at its headquarters, in an appropriately locked manner.

The data subjects acknowledge and accept that, in the event that they provide their personal data, the data protection cannot be fully guaranteed on the Internet and on the computer system. In the event of unauthorised access or disclosure, despite the efforts of the controller, it is necessary to proceed as described in this notice.

  1. Rights of data subjects:
  • Transparent information:

The purpose of this Privacy Notice is also to provide clear, concise, transparent and understandable information about the processing activities of the controller.

  • Right of access:

The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:

  • the purpose of the processing,
  • the categories of personal data concerned,
  • the recipients to whom the personal data have been disclosed,
  • the intended duration of the storage of the personal data.

You can request information about the above data from the data controller at the following address, e-mail address:

Vizi and Partners Ltd. 2484 Gárdony, Chernel István str. 27.

E-mail: @email

A The controller hereby informs you that it will respond to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

  • Right to rectification:

The data subject has the right to obtain, at his or her request, the rectification of inaccurate personal data relating to him or her.

You can request information about the above data from the data controller at the following address, e-mail address:

Vizi and Partners Ltd. 2484 Gárdony, Chernel István str. 27.

E-mail: @email

A The controller hereby informs you that it will respond to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

  • Right to erasure:

The data subject has the right to obtain, at his or her request, the erasure of personal data relating to him or her. The controller shall, on the basis of such a request, erase personal data if one of the following grounds applies:

  • the personal data are no longer necessary for the purposes for which they were collected,
  • the data subject withdraws his or her prior consent and there is no other legal basis for the processing,
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
  • the personal data have been unlawfully processed,
  • the data must be erased in order to comply with a legal obligation under EU or Member State law.

You can request information about the above data from the data controller at the following address, e-mail address:

Vizi and Partners Ltd. 2484 Gárdony, Chernel István str. 27.

E-mail: @email

A The controller hereby informs you that it will respond to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

  • Right to restriction of processing:

The data subject has the right to request the controller to restrict processing, in particular if:

  • the accuracy of the data is contested,
  • The data subject may request the erasure of the data if the data subject considers that the processing is unlawful but does not request the erasure of the data for any reason.

You can request information about the above data from the data controller at the following address, e-mail address:

Vizi and Partners Ltd. 2484 Gárdony, Chernel István str. 27.

E-mail: @email

A The controller hereby informs you that it will respond to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

  • Right to data portability:

The data subject has the right to receive personal data relating to him or her in a structured, commonly used, machine-readable format and the right to transmit such data to another controller.

You can request information about the above data from the data controller at the following address, e-mail address:

Vizi and Partners Ltd. 2484 Gárdony, Chernel István str. 27.

E-mail: @email

A The controller hereby informs you that it will respond to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

  • Right to object:

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data, as provided for in Article 21 of Regulation (EU) 2016/679 of the European Parliament and of the Council.

You can request information about the above data from the data controller at the following address, e-mail address:

Vizi and Partners Ltd. 2484 Gárdony, Chernel István str. 27.

E-mail: @email

A The controller hereby informs you that it will respond to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

  • The right of the data subject in case of automated decision-making:

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her. Automated decision making is any process or methodology whereby a technical automatism evaluates personal aspects relating to the data subject and which produces legal effects concerning him or her or significantly affects him or her. The controller shall not use IT automated mechanisms, including profiling, which produce legal effects concerning the rights of the data subject.

You can request information about the above data from the data controller at the following address, e-mail address:

Vizi and Partners Ltd. 2484 Gárdony, Chernel István str. 27.

E-mail: @email

A The controller hereby informs you that it will respond to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

The controller undertakes to inform any recipient of requests sent to it in connection with the above rights to whom it has disclosed the personal data, unless this proves impossible. It also undertakes to notify the data subject (applicant) of the decision on the processing of the above requests within 30 days at the latest.

  1. Data breach:

A personal data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

In the event of a data breach, the level of the breach must be at a serious risk level, i.e. the breach must be of such a degree that the personal data:

  • destruction,
  • loss,
  • alteration,
  • unauthorised disclosure or
  • unauthorised access.

An incident is considered to occur if any one of the above occurs, but this does not exclude that more than one of the above may occur at the same time. This includes not only intentional malicious conduct but also negligent injuries. An incident therefore occurs when it is caused by an accidental or unlawful act.

Examples of data breaches include:

  • illegal transfer of personal data on a document, portable device, storage medium or IT system (e.g. by mail),
  • unauthorised access to a computer system or application that processes personal data,
  • corruption or loss of part or all of a database containing personal data,
  • rendering part or all of an IT system unusable by a virus or other malicious software, etc.

A data breach may cause physical, pecuniary or non-pecuniary damage to natural persons, including loss of control over their personal data or restriction of their rights, discrimination, identity theft, if not addressed in an appropriate and timely manner, or misuse of identity, financial loss, unauthorised impersonation, damage to reputation, damage to the confidentiality of personal data protected by professional secrecy, or other significant economic or social disadvantages suffered by the natural persons concerned.

In the event of a potential data breach (unless the data breach is unlikely to pose a risk to the rights and freedoms of natural persons), the controller shall immediately notify the National Authority for Data Protection and Freedom of Information. As soon as the controller becomes aware of the incident, it shall notify it without undue delay and, if possible, no later than 72 hours after becoming aware of the personal data breach. If the notification cannot be made within 72 hours, the notification shall state the reason for the delay and provide the required information in detail without further undue delay.

The National Authority for Data Protection and Freedom of Information operates a dedicated system on its website for the notification of data breaches, through which notifications can be made electronically.

The data controller shall keep a record of the data breaches, indicating the facts related to the data breach, its effects and the measures taken to remedy it. The controller shall keep records of the data relating to the incident, including the causes, the events and the personal data involved. In addition, the record should also include the effects and consequences of the incidents and the measures taken to remedy them, and the conclusions of the controller (for example, why it thinks the incident is not reportable, or if the notification is delayed, the reason for the delay).

An incident that is unlikely to pose a risk to the rights and freedoms of natural persons does not need to be notified to the supervisory authority.

Where the personal data breach is likely to present a high risk to the rights and freedoms of the data controller's principals, clients or partners, the data controller shall immediately inform the partner concerned. The information provided to the data subject shall clearly and plainly describe the nature of the personal data breach and shall include the key information and measures to be taken.

The data subject need not be informed as described above if any of the following conditions are met:

  • the data controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular measures that render the data unintelligible to persons who are not authorised to access the personal data;
  • the controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
  • the provision of information would require a disproportionate effort. In such cases, the data subjects shall be informed by means of publicly disclosed information or by means of a similar measure ensuring that the data subjects are informed in an equally effective manner.
  1. Information on the main relevant legislation:
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR);
  • Act CXII of 2011 – on the Right to Informational Self-Determination and Freedom of Information (Info. tv.);
  • Act V of 2013 – on the Civil Code (Civil Code);
  • Act C of 2000 – on Accounting (Accounting Act);
  • Government Decree No 118/2001 (30.VI.) – on the registration and conditions for the performance of temporary employment and private employment agency activities;
  • Act CLV of 1997 – on Consumer Protection.
  1. Right to apply to the courts:

The data subject may take the controller to court if his or her rights are infringed. The court shall rule on the case out of turn.

  1. Data protection authority procedure:

You can lodge a complaint with the National Authority for Data Protection and Freedom of Information:

Name: Hungarian National Authority for Data Protection and Freedom

of Information

Headquarters: 1055 Budapest, Falk Miksa str. 9-11.

Letter adress: 1363 Budapest, PO. 9.

Phone number: 0613911400

Fax: 0613911410

E-mail address: @email

Website: http://www.naih.hu

  1. Other provisions:

The data controller shall provide information on data processing not listed in this notice at the time of recording the data. In such cases, the provisions of the applicable legislation shall prevail.

The data controller hereby informs its customers that the court, the prosecutor, the investigating authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the National Bank of Hungary, or other bodies authorised by law may contact the data controller to provide information, to disclose or transfer data, or to provide documents. The controller shall disclose to the authorities - if the authority has indicated the precise purpose and scope of the data - personal data only to the extent and to the extent strictly necessary for the purpose of the request.

The website of the Data Protection Authority contains further information on the data protection rights referred to in this Privacy Notice.

Gárdony, 2023.01.01

Vizi Sándor

Managing director
 

ANNEX 1.

Nr.Name of the processing of personal dataPurpose of data processingLegal basis for processingTime limit for deletion of personal data
1.Personal data (name, e-mail address, telephone number) of the natural person or sole trader provided in the request for a tender.To make an offer, to maintain contact.Creation of the contract (Article 6(1)(b) of the General Data Protection Regulation).If the offer is rejected, it shall be rejected without delay and at the latest within 30 days of the rejection of the offer. If the contracting authority does not send a reply to the tender, it shall do so within 60 days of the date of dispatch of the tender.
2.Personal data (name, e-mail address, telephone number) of the contact person of the legal entity provided during the request for a proposal.To make an offer, to maintain contact.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).In case of withdrawal of consent, without delay and at the latest within 30 days. If the offer is rejected, without delay and at the latest within 30 days of the rejection of the offer. If the contracting authority does not send a reply to the tender, it shall do so within 60 days of the date of dispatch of the tender.
3.Personal data processed in the course of the contractual relationship in the case of a natural person, sole trader (name, address, e-mail address, telephone number).In order to fulfil the contract, contact.Fulfilment of a contractual obligation (Article 6(1)(b) of the General Data Protection Regulation) and then of a legal obligation (Article 6(1)(c) of the General Data Protection Regulation), pursuant to Article 169 of Act C of 2000.Within 30 days of the legal obligation to keep the data (8 years).
4.Personal data (name, e-mail address, telephone number) of contact persons processed in the course of a contractual relationship with a legal person.In order to fulfil the contract, contact.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).In case of withdrawal of consent, without delay and at the latest within 30 days. Within 30 days after the termination of the contractual relationship, unless the law provides for a legal obligation to keep the contract (within 30 days after the expiry of the obligation).
5.The data controller also processes the data of job applicants and employees of the data controller in the course of its activities.In order to fulfil the contract, contact.Performance of a contractual obligation (Article 6(1)(b) of the General Data Protection Regulation - processing is necessary for the performance of a contract to which the data subject is a party).The controller processes personal data only in the course of its cooperation with the client.
6.Personal data processed for the fulfilment of data reporting obligations.To provide data.Fulfillment of a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation), pursuant to Government Decree 118/2001 (VI. 30.).Within 30 days of the expiry of the legal obligation to keep the data.
7.Personal data contained in CVs stored in the database and collected for the purpose of fulfilling the mandates of the principals.Building a database to collect, store and forward CVs.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
8.Personal data in the CV.Forward your CV to find the right job.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
9.Personal data from the CV downloaded from www.profession.hu.Forward your CV to find the right employee.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
10.Personal data on the business cards provided.To contact you and offer you a service or send you a job offer.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
11.Personal data on the invoice issued to the users of the service, customers (natural persons or sole traders).To fulfil a legal obligation to issue an invoice.Fulfillment of a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation), pursuant to Article 169 of Act C of 2000.Within 30 days of the legal obligation to keep the data (8 years).
12.Personal data of suppliers, service providers, subcontractors (in the case of a natural person or sole trader).To fulfil contractual obligations, to maintain contact.Fulfilment of a contractual obligation (Article 6(1)(b) of the General Data Protection Regulation) and of a legal obligation (Article 6(1)(c) of the General Data Protection Regulation), pursuant to Article 169 of Act C of 2000.Within 30 days of the legal obligation to keep the data (8 years).
13.Personal data of contact persons of suppliers, service providers, subcontractors.To fulfil contractual obligations, to maintain contact.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).In case of withdrawal of consent, without delay and at the latest within 30 days. Within 30 days after the termination of the contractual relationship, unless the law provides for a legal obligation to keep the contract (within 30 days after the expiry of the obligation).
14.Processing of incoming emails (sender's email address), telephone numbers.To perform a contractual obligation or on the basis of consent.Performance of a contractual obligation (Article 6(1)(b) of the General Data Protection Regulation) or the data subject's consent (Article 6(1)(a) of the General Data Protection Regulation).Within 30 days after the contractual obligation has been fulfilled or immediately after the withdrawal of consent, but no later than 30 days.
15.Personal data provided by job applicants in their CVs.To fill the advertised vacancy or for use in the event of a future vacancy. To find the right quality employee.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).In the case of an advertised vacancy, the resume of an unsuccessful applicant will be destroyed by the Data Controller without delay, but no later than 30 days after the closing date of the application. The data subject's CV submitted voluntarily shall be stored with his/her consent until the deadline specified in the consent.
16.The images contained in photographs and video recordings of customers, partners, employees, other stakeholders.To promote our services, activities and products, and to use the footage on websites, social networking sites and other outlets.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
17.Personal data recorded during the collection of data by the cookies processed by the websites.To enhance the user experience, to improve websites.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
18.Personal data (name, e-mail address, telephone number) provided when using the contact forms on the websites.To contact.To establish a contract (Article 6(1)(b) of the General Data Protection Regulation).Immediately after contact, but no later than 30 days after contact, unless a contractual relationship is established.
19.Personal data (name, e-mail address, telephone number, CV) processed when applying for a job on the website www.theheadhunter.eu.Forward your CV to find the right job.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
20.The personal data (name, photo, contact details) published on the www.theheadhunter.eu website when presenting the cooperating partners.Information, to introduce the partner.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
21.Personal data (name, photo, contact details) published on the www.theheadhunter.eu website when introducing employees.Information, to introduce employees.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
22.Personal data (name, e-mail address) provided when subscribing to the newsletter.To send a newsletter.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
23.Personal data that have come to the knowledge of the data controller during the use of the social networking site.To promote the activity and products.Consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).Without undue delay after the withdrawal of consent, but within 30 days at the latest.
24.Personal data collected in the course of complaint handling.To identify and address the complaint.Fulfillment of a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation), pursuant to Act CLV of 1997.Within 30 days of the legal obligation to keep the data (3 years).