Privacy Policy

1. Purpose and scope of the information document

(1)   The purpose of this Data Management Information (hereinafter: the “Information”) is to determine the legal order of the use of the registers / databases maintained by HR-Evolution Kft. (Hereinafter: the “Data Controller”), to ensure law and data security requirements, and that everyone has the right to have their personal data within the framework of legal regulations, to know the circumstances of their processing and to prevent unauthorized access, alteration and unauthorized disclosure of data. This Information also serves as an information to stakeholders on the data management practices of the Data Controller. The Data Controller acknowledges that the content of the Information is binding on him / her, but reserves the right to change it by notifying the public of the changes in due time.

(2)   The scope of the Information extends to the processing of personal and special data of all organizational units of the Data Controller.

 

2. Governing Law

Regulation 2016/679 (27th April 2016) of the European Parliament and the European Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation; hereinafter referred to as the "GDPR")

§  2011 CXII. Act on the Right to Self-Determination of Information and Freedom of Information (hereinafter: the Information Act)

§  Act V of 2013 on the Civil Code (hereinafter: the “Civil Code”)

§  Act CXXX of 2016 on Civil Procedure. Act (hereinafter: “Pp.”)

 

3. Data Controller Data

The current company data of the Data Controller is as follows:

§  Company name:          HR-Evolution Kft. (Hereinafter: “Company” or “Data Controller”)

§  Registered office:       4th Zsolt Street, 1st Ground Floor Budapest 1016

§  Registration No.:         01-09-913709

§  Tax No.:                      14653508-2-41

§  Registry Court:            Metropolitan Court as a court of registration

§  Represented by:          János Szalkai, Managing Director

§  Phone:                        + 36 20 485 7867

§  E-mail:                         info@hrevolution.hu

 

4. The scope of the personal data processed, the purpose, duration and title of the data processing

(1)   The Data Controller shall carry out its data processing on the basis of the legal basis set out in the GDPR, in particular with the consent of the data subjects, for the conclusion or performance of a contract, for the performance of a legal obligation or for the legitimate interests of itself or a third party. The data subject may at any time request detailed information on the processing of his or her personal data or have access to his or her personal data, request their rectification, erasure or restriction of processing, and in certain cases may object to the processing of his or her personal data and exercise his or her right to data portability. Where the legal basis for the processing is the data subject's consent, the data subject may withdraw that consent at any time, without prejudice to the lawfulness of the data processing prior to the withdrawal.

(2)   Reporting agents shall communicate all information provided to the best of their knowledge.

(3)   If the data subject does not provide his or her personal data and the legal basis for data processing is the data subject's consent, the data subject shall be obliged to obtain the data subject's consent.

(4)   If the Data Controller transmits the data-to-data processors or other third parties (recipients), the Data Controller shall keep records thereof. The record of the transfer shall contain the recipient, method and date of the transfer and the scope of the data transferred. The Company shall provide a list of its data processors upon request of the data subject.

(5)   The data processing belonging to each activity of the Data Controller, broken down according to the individual data management purposes, is detailed below:

 

I.              Website Data Management

 

1.) Purpose of Data Management: logging of the website of the Data Controller

Legal basis for Data Management: the consent of the visitor to the website (data subject) pursuant to Article 6 paragraph (1) point (a) of the GDPR

Scope of Special Data Management: any personal data involved in logging and operating the website

Purpose of Data Management: authorization management, liaising with website administrators, tracking website administrator activity for easier content editing, debugging, troubleshooting

Data processor(s): GBLT IT Group Kft., Webtrek Kft., Kvazar.cloud Kft.

Deadline for Data Deletion: up to the end of the 2nd year from the date of logging

Possible Consequence of Lack of Disclosure: Data Subject will not have the right to administer the website, obstructing communication

 

Name of the Data Processor

Extreme Net Kft.

Address of the Data Processor

20th Tímár Street, 2nd Floor Budapest 1034

Contact of the Data Processor

E-mail

info@extremenet.hu

Tel.

+36 30 834-61-38

Website

https://extremenet.hu/

Scope of Data Management

user data recorded on the website

Purpose of the Data Management

performing web development tasks

 

Name of the Data Processor

Kvazar.cloud Kft.

Address of the Data Processor

13th Bánya tó Street Budapest 1108

Contact of the Data Processor

E-mail

info@kvazar.cloud

Tel.

+36 1 880 4400

Website

https://gbl.hu/

Scope of Data Management

user data recorded on the website

Purpose of the Data Management

performing service distributor tasks

 

5. The rights of the data subjects, the possibilities of legal remedies

(1)   The data subject may at any time request detailed information in writing from the Data Controller on the processing of his or her personal data, access his or her personal data, request their rectification, erasure or restriction of processing, and in certain cases object to the processing of his or her personal data. The data subject may exercise his or her right to data portability and withdraw his or her previously agreed consent to the contact details provided in Section 3.

 

(2)   The data subject may not exercise the right to delete and protest in the case of mandatory data processing.

 

(3)   Content of the right to information: Based on the data subject's request, the Data Controller shall provide the data subject with the information listed in Articles 13 and 14 of the GDPR and provide the information referred to in Articles 15 to 22 and 34 in a concise, comprehensible form.

 

(4)   Content of the right of access: Upon the request of the data subject, the Data Controller shall provide information on whether the data processing concerning him or her is in progress at the Data Controller. If the Data Controller is in the process of processing the data concerning the applicant, the data subject is entitled to access the following:

a.    personal data relating to him or her;

b.    the purpose(s) of the Data Processing;

c.     the persons to whom the data of the data subject have been or will be communicated;

d.    the duration of Data Storage;

e.    the right to rectification, erasure and restriction of Data Processing;

f.      the right to apply to a court or supervisory authority;

g.    the source of the data processed;

h.    the transfer of processed data to a third country or international organization.

(5)   In the event of a request for data in accordance with the above, the Data Controller shall provide the data subject with an electronic copy of the data processed by him or her in accordance with the request. Upon special request, it is possible to request delivery by post from the Data Controller against payment of postage.

(6)   The deadline for the release of the requested data is one month from the receipt of the request.

(7)   Right to rectification: The data subject may request the rectification of inaccurate data processed by him or her by the Data Controller.

(8)   Right of cancellation: If any of the following reasons exist, the Data Controller shall, at the request of the data subject, delete the data relating to the data subject as soon as possible and at the latest within 5 working days:

a.    The data was processed unlawfully (without legal authorization or personal consent);

b.    the processing of the data is not necessary to achieve the original purpose;

c.     the data subject withdraws his or her consent to the data processing and the Data Controller has no other legal basis for the data processing;

d.    the data in question were collected in connection with the provision of information society services;

e.    personal data must be deleted in order to fulfill the legal obligations of the Data Controller.

(9)   The Data Controller shall not be able to delete the data if the data processing is still necessary for any of the following:

a.    further data management is required to meet the legal requirements for the Data Controller;

b.    necessary for the exercise of the right to be heard and to be informed;

c.     in the public interest;

d.    for archival, scientific, research or statistical purposes;

e.    to enforce or defend legal claims.

(10)         Right to restrict data processing: If any of the following reasons exists, the Data Controller shall restrict data processing at the request of the data subject:

a.    the data subject disputes the accuracy of the data concerning him / her, in which case the restriction applies to the time until the accuracy and correctness of the data in question is reviewed in a credible manner;

b.    the data processing is illegal; however, the data subject requests that the deletion not be deleted, only that the data processing be restricted;

c.     the data are no longer required for data processing, but the data subject requests that they be further stored in order to enforce or protect his or her legal claims.

(11)        If the Data Controller imposes a restriction on any data processed, it shall process the data concerned during the period of the restriction only if and to the extent that:

a.    the data subject consents to this;

b.    necessary to assert or defend legal claims;

c.     necessary to enforce or protect the rights of another person;

d.    necessary to safeguard the public interest.

(12)        Right of withdrawal: The data subject has the right to withdraw his consent to the Data Controller in writing at any time. In the event of such a request, the Data Controller shall immediately and permanently delete all data which it has processed in relation to the data subject and the further storage of which is not required by law or necessary for the exercise or protection of rights related to legitimate interests. The lawfulness of data processing prior to the withdrawal of consent shall not be affected by the withdrawal.

(13)        Right to data transfer: The data subject has the right to request that the Data Controller transfer the data concerning him or her to another Data Controller in a commonly used format that can be read by computer software. The Data Controller shall comply with the request as soon as possible, but no later than within 1 month.

 

6. Contact

The e-mail received during the contact with the Data Controller and its content (especially the name, address, date, attachments of the sender) will be stored by the Data Controller for the period specified in Section IV 2) and then deleted.

 

7. Method of data storage, provision

(1)   The Data Controller shall store the data processed by it in paper form at its registered office, while in electronic form on its own network data storage facility.

(2)   The exception to point (1) is the data stored at the data processors of the Data Controller, the data processors of which are obliged to ensure the preservation of such data by introducing appropriate security measures.

(3)   A Data Controller shall use an IT system for its operation that ensures that the data:

a.    be accessible to those entitled to it (availability);

b.    and to be protected against unauthorized access (data confidentiality).

(4)   Data protection shall cover in particular:

a.    unauthorized access;

b.    to change;

c.     for cancellation;

d.    accidental injury;

e.    or becoming inaccessible as a result of a change in the technology used.

(5)   In order to protect electronically processed data, the Data Controller shall use a solution that provides an adequate level of security according to the state of the art. During the examination of compliance, special emphasis is placed on the degree of risk arising from the data processing performed at the Data Controller. IT protection ensures that stored data cannot be directly assigned or linked to data subjects (unless permitted by law).

(6)   During its data management, the Data Controller shall ensure that:

a.    the data subject must have access to the data when they need it;

b.    only has access to the information to those who are entitled to it;

c.     the accuracy and completeness of the information and the method of processing are protected.

(7)   The Data Controller and any data processors used shall ensure protection against fraud, espionage, viruses, burglary, damage and natural disasters against their IT systems at all times. The Data Controller (or data processor) uses server-level and application-level protection procedures.

(8)   Messages transmitted to the Data Controller via the Internet, in any form, are increasingly exposed to network threats that lead to the modification of information, access by unauthorized persons or other illegal activities. At the same time, the Data Controller will do everything that can reasonably be done and expected from the state of the art to eliminate such threats. To this end, the systems used are monitored to record security deviations, to obtain evidence of a security incident, and to examine the effectiveness of precautionary measures.

 

8. Rules of procedure

(1)   If the Data Controller receives a request pursuant to Articles 15 to 22 of the GDPR, the Data Controller shall inform the data subject in writing as soon as possible, but no later than within one month, of the action taken on the request.

(2)   If the complexity of the application or other objective circumstances so warrant, the above time limit may be extended once by a maximum of 60 days. The Data Controller shall notify the data subject in writing of the extension of the term, together with the appropriate reasons for the extension.

(3)   The Data Controller shall provide the information free of charge, unless:

a.    the data subject repeatedly requests information / action on substantially unchanged content;

b.    the request is clearly unfounded;

c.     the request is excessive.

(4)   In the cases referred to in point (3), the Data Controller is entitled to:

a.    refuse the application;

b.    make the execution of the request conditional on the payment of a reasonable fee.

(5)   If the applicant requests the transfer of data on paper or on an electronic data carrier (CD, DVD or flash drive), the Data Controller shall provide a copy of the relevant data free of charge in the requested manner (unless the chosen platform would present a technically disproportionate difficulty). For each additional copy requested, it will charge an administration fee of HUF 6 per page and an administration fee of HUF 2,500 per CD, DVD, or flash drive.

(6)   The Data Controller shall notify all persons to whom the relevant data have been previously communicated of the rectification, erasure or restriction carried out by him or her, unless the information is impossible or requires a disproportionate effort.

(7)   If the data subject so requests, the Data Controller shall provide information to which persons his or her data have been transferred.

(8)   The Data Controller shall respond to the request in electronic form, unless:

a.    the data subject requests the response explicitly in a different way and this does not result in an unreasonably high additional cost for the Data Controller;

b.    the Data Controller does not know the electronic contact details of the data subject.

 

9. Compensation

(1)   If any data subject suffers pecuniary or non-pecuniary damage as a result of a breach of data protection law, he or she shall be entitled to claim compensation from the Data Controller and / or the data processor. If both the Data Controller and the Data Processor(s) are involved in the commission of the infringement, they shall be jointly and severally liable for the damage.

(2)   The Data Processor shall only be liable for the damages incurred if it has violated the provisions of the relevant data protection legislation formulated specifically for the data processors or if the damage occurred due to disregard of the instructions of the Data Controller.

(3)   The Data Controller or any Data Processors shall be liable only if they cannot prove that they are not responsible for the event or circumstance causing the damage.

 

10. Remedies

(1)   If you have any objections or problems related to the data management of the Data Controller, please feel free to contact our Company at the contact details indicated in point 3 of this Information.

(2)   If, in the opinion of the data subject, his or her rights have been violated by the Data Controller and / or the data processors, he or she has the right to apply to a court with jurisdiction and competence according to the Pp. The court is acting out of turn in the case.

(3)   If the data subject wishes to make a complaint in connection with data processing, he or she may do so at the National Data Protection and Freedom of Information Authority at the following contact details:

§  Registered office: 9-11th Falk Miksa Street Budapest 1055

§  Mailing address:    9th Mailbox Budapest 1363

§  Tel.:                       06-1 / 391-1400

§  Fax:                       06-1 / 391-1410

§  E-Mail:                   ugyfelszolgalat@naih.hu

§  Website:                https://www.naih.hu/

 

12. Regulatory cooperation

 The Data Controller shall, upon receipt of a formal request from the competent authorities, provide the specified personal data on a mandatory basis.

(1)   The controller shall only transfer data in the cases referred to in point (1) which are strictly necessary for the purpose specified by the requesting authority.

X Your browser is not supported!
Please download another browser!

Your current browser is not supported, so many features of the page cannot be used with this browser.
Please download another browser from below and visit the website again using the new browser!