Transpose Ltd. (1065 Budapest, Révay köz 4. company registration number: 01-09-287974) (the “Company“) performs recruitment and other human resources supply activities. The Company respects the personal data rights of its clients; and declares that data management, data management, data transfer, in accordance with the following Privacy Policy and applicable legislation (including, but not limited to, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, in GDPR,; and Act CXII of 2011 on Informational Self-Determination and Freedom of Information: hereinafter collectively referred to as the “Regulation“), on the basis of the authorization of clients.
The Company undertakes to ensure the security of the data, to take the technical measures to ensure that the recorded, stored or processed data are protected, and to do everything possible to prevent their destruction, unauthorized use and unauthorized alteration during the entire process of data management. It also undertakes to draw the attention of all third parties to whom the data may be transmitted or disclosed to the fulfilment of its obligations in this regard.
PRIVACY POLICY
In connection with the processing of data and in accordance with the above, Transpose Kft. hereby informs the data subjects applying for the advertised jobs (hereinafter: Applicant) and prospective clients interested in its services (hereinafter: Inquiring entity) about the principles and practices it follows in the processing of personal data, as well as about the ways and possibilities of exercising the rights of the Applicant and the Inquiring entity.
- Concepts and principles
1.1. Terms used by the Company
- Service Provider
Transpose Ltd. (1065 Budapest, Révay köz 4. company registration number: 01-09-287974), who operates the Website and provides the recruitment service.
- Home page
All content and services available on http://www.transpose-hr.hu website.
- Recruitment
All services provided by the Service Provider aimed at facilitating the meeting of Applicants and Employers for the purpose of establishing employment/assignment relationships, including the placement of Hungarian citizens abroad and foreign nationals to Hungary, including displaying the job advertisements of the Employers contracted by the Service Provider on the Service Provider’s own website, searching for Applicants/candidates in relation thereto, their CVs collection – either from your own database, by posting an advertisement or by contacting them directly on social media platforms – as well as assessing/pre-screening candidates, selecting candidates, presenting them to the Employer, collecting/checking references.
- Employer
An employer is in a contractual relationship with the Service Provider who is looking for an employee (candidate) to fill a position and uses the services of the Service Provider for this purpose.
- Job advertisement
An advertisement displayed on the Website by the Service Provider or advertised by the Service Provider on another job portal, with content defined / approved by an Employer, which is looking for an employee (candidate) for a position available at the Employer.
- Applicant
A natural person applying for a job advertisement displayed by the Service Provider on the Website or posted by the Service Provider on another job portal, or establishing contact by the Service Provider through its social media interface.
- Inquiring entity
A natural person visiting the Website who requests information / quotation about a service within the scope of activity of the Service Provider.
- User
The Applicant and the Inquiring entity together.
- Application material
When applying for each job advertisement, all data provided by the User, together with the attached CV, motivation letter and other documents and their content.
1.2. Terms defined in the Regulation
- Data subject
A natural person identified or identifiable on the basis of any information. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Personal data
Any information relating to the data subject (referred to in this document as “Applicant” or “Inquiring entity”, collectively referred to as “User”).
- Data manager
A natural or legal person or an organization without legal personality who, alone or jointly with others, determines the purpose of data management within the framework defined by law or a binding legal act of the European Union, makes and implements decisions concerning data management (including the means used) or has them executed by the data processor.
- Data processor
A natural or legal person or an organization without legal personality who or which, within the framework and under the conditions laid down by law or by a binding act of the European Union, processes personal data on behalf of or on the orders of the data manager.
- Data management
Regardless of the procedure used, any operation or set of operations performed on data, in particular its collection, recording, organization, storage, alteration, use, query, transmission, disclosure, alignment or combination, blocking, erasure and destruction, as well as preventing further use of the data, taking photographs, sound or images, as well as physical characteristics suitable for identifying a person (e.g. fingerprints or palmprints, DNA samples, iris images).
- Data transmission
Making the data available to a specific third party.
- Third party
A natural or legal person or an organisation without legal personality other than the data subject, data manager, data processor or persons who, under the direct authority of the data manager or data processor, carry out operations aimed at processing personal data.
- Contribution
Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Personal data breach
Breach of data security leading to the accidental or unlawful destruction, loss, alteration, unauthorised transmission or disclosure of, or access to, personal data transmitted, stored or otherwise processed
1.3. Cases of data management
Transpose Kft. manages the data of natural persons only in accordance with the provisions of the GDPR and domestic legislation on data protection, for a specific purpose, if there is an appropriate legal basis. (see section 2)
1.4. Method of data management
Transpose Kft. manages personal data partly on devices controlled by itself, partly with the use of a data processor (see section 4).
1.5. Managing of particularly sensitive personal data
Transpose Kft. does not collect particularly sensitive personal data, i.e. personal data related to the racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or health condition, sexual orientation or gender identity of the person concerned.
1.6. Managing of personal data relating to children
Transpose Kft. does not collect data relating to persons under the age of 18. If any data subject nevertheless makes such data available, our company will immediately ensure that the data is deleted.
- Cases of data management
2.1 Legal basis, purpose and time interval of data management of incoming application materials through Service Provider’s website or its email address
Legal basis for data management
The legal basis for data management, in connection with filling the advertised job, on the protection of natural persons with regard to the management of personal data and on the free movement of such data, is the voluntary consent of the Applicant pursuant to Article 6 (1) (a) and/or (b) GDPR.
By applying for a job advertisement, the Applicant confirms that he/she has read and understood this Privacy Policy. He/she accepts the provisions contained therein as binding on himself/herself and voluntarily, informedly and firmly consents to the Service Provider to manage the personal data voluntarily provided to it for the purposes specified in this Policy, within the framework of the Regulation and this Privacy Policy.
Purpose of data management
The purpose of data management is to evaluate the submitted application materials in order to fill the advertised position, to maintain contact with the Applicant, to inform about the evaluation of the application and to notify him/her about other job opportunities in the future.
Time interval of data management
The Service Provider handles the submitted application materials, due to potential future job opportunities, until the consent of the data subject is withdrawn. The Applicant may withdraw his/her consent to data management / request the deletion of his/her data at any time, in which case the Service Provider deletes the Applicant’s application material and all personal data from the system. If the Applicant withdraws his/her consent to data management or requests the deletion of his/her data and the selection process has not yet been completed (the job is still vacant), the Applicant accepts that he/she will be removed from the selection process with his/her withdrawal statement/request for deletion.
2.2 Legal basis, purpose and time interval of data management of applications received through job portals
Legal basis for data management
The legal basis for data management, in connection with filling the advertised job, on the protection of natural persons with regard to the management of personal data and on the free movement of such data, is the voluntary consent of the Applicant pursuant to Article 6 (1) (a) and/or (b) GDPR.
Purpose of data management
The purpose of data management is to evaluate the submitted application materials in order to fill the advertised position, to maintain contact with the Applicant, to inform about the evaluation of the application and to notify him/her about other job opportunities in the future.
Time interval of data management
The Service Provider handles the submitted application materials, due to potential future job opportunities, until the consent of the data subject is withdrawn. The Applicant may withdraw his/her consent to data management / request the deletion of his/her data at any time, in which case the Service Provider deletes the Applicant’s application material and all personal data from the system. If the Applicant withdraws his/her consent to data management or requests the deletion of his/her data and the selection process has not yet been completed (the job is still vacant), the Applicant accepts that he/she will be removed from the selection process with his/her withdrawal statement/request for deletion.
2.3 Legal basis, purpose and time interval of data management of the personal data of potential candidates addressed through social media platforms (LinkedIn, Meta products)
Legal basis for data management
The legal basis for data management, in connection with filling the job advertised, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Article 6 (1) (a) and/or (b) GDPR, section 2.2 (http://www.linkedin.com/legal/privacy-policy) of LinkedIn Privacy Policy and Meta’s privacy policy (https://www.facebook.com/privacy/center), the voluntary contribution of the potential candidate addressed.
Purpose of data management
The purpose of data management is to evaluate the application file of the addressed potential candidate in order to fill the advertised position, to keep contact with the candidate, to inform about the evaluation of the application, and to notify you about other job opportunities in the future.
Time interval of data management
The Service Provider processes the data obtained from the portal, the submitted application materials, due to potential future job opportunities, until the consent of the data subject is withdrawn. The Applicant may withdraw his/her consent to data management / request the deletion of his/her data at any time, in which case the Service Provider deletes the Applicant’s application material and all personal data from the system. If the Applicant withdraws his/her consent to data management or requests the deletion of his/her data and the selection process has not yet been completed (the job is still vacant), the Applicant accepts that he/she will be removed from the selection process with his/her withdrawal statement/request for deletion.
2.4 Legal basis, purpose and time interval of data management ot the data received through the Service Provider’s website for the purpose of requesting a quote
Legal basis for data management
Voluntary consent of the Inquiring entity on the protection of natural persons with regard to the processing of personal data and on the free movement of such data pursuant to Article 6 (1) (a) and/or (b) GDPR.
Purpose of data management
The purpose of data management is to provide the Inquiring entity with the widest possible information about the requested service and the business development activities of the Service Provider.
Time interval of data management
Due to potential future cooperation opportunities, the Service Provider processes the data until the withdrawal of the consent of the data subject or for a maximum period of 5 years.
- Data transmission
At the same time as applying for a job advertisement, the Applicant implicitly consents to the transfer of his/her data to the Employer.
3.1. Purpose of data transfer
The purpose of data transmission is to send the Application Material of the Applicant and other data collected by the Service Provider about the Applicant to the Employer contracted by the Service Provider to provide recruitment services during the recruitment process, and the Employer contacts the Applicant directly based on this, and – if it considers the Applicant suitable for the advertised position – to contact him or her with a job offer and conclude a contract with him/her.
In case of the prior consent of the Applicant (according to Section 2 of this Privacy Policy) – in order to serve the labour needs of other Employers (or the same Employer) or to send additional/subsequent offers/job opportunities to the Applicant and to carry out screening for the Employers – Service Provider stores data listed in Section 3.2. The Service Provider forwards the Applicant’s data to another Employer – or to another job advertisement of the same Employer – only with the express, prior consent of the Applicant.
3.2. Scope of data transmitted
The Service Provider forwards the following data to the Employer in case of a positive evaluation of the Applicant’s application: The Applicant’s personal data – provided in his application – application material, as well as the information obtained during the personal/telephone interview – relevant to the position indicated in the job advertisement. The Service Provider forwards the above-mentioned data only to the job opportunity applied for by the Applicant or agreed with him or her in advance and approved by him/her.
3.3. The Employer as data controller
After the transfer of data to it, the employer qualifies as an independent data controller and acts on the basis of its own data management rules. In connection with data management by the Employer – after data transfer – information and/or enforcement of the User’s rights listed in points 5.1-5.6 may be requested from the given Employer.
- Data processing
Name of hosting provider: Adept Consulting Kft.
Headquarters: 1139 Budapest, Forgách utca 37.
E-mail address: adept@adept.co.hu
Website: http://www.adept.co.hu/
Activity: System maintenance, hosting, data protection
- Rights and obligations of the user
5.1. Information and access to personal data
The Applicant/Inquiring entity (together: User) has the right to access his or her personal data stored by the Service Provider and the information related to their processing. The User has the right to request and check what data the Service Provider records about him or her at any time, and he is also entitled to have access to personal data. The User shall send his/her request for access to the data to the Service Provider in writing (electronically or by post) and the requested data shall be provided by the Service Provider in writing (electronically or by post). The Service Provider does not provide oral information in this context.
If the right of access is exercised, the information shall include the following data:
- determination of the scope of managed data: name/birth name, contact details and all data provided by the User during his/her application/request for quotation;
- purpose, time and legal basis of data management regarding the scope of managed data;
- data transfer: to whom the data have been or will subsequently be transferred;
- mark up a data source;
The Service Provider shall provide the User with a paper or electronic copy of the personal data free of charge. For further copies requested by the User, the Service Provider may charge a reasonable fee based on administrative costs. If the User requests the release of a copy electronically, the Service Provider shall provide the information to the User by e-mail, in a widely used electronic format.
After being informed, if the User does not agree with the data management or the correctness of the his/her data, he or she may request the rectification, completion, deletion, restriction of management of personal data concerning him or her, object to the management of such personal data, or initiate the procedure specified in Section 5.8 as specified in points 5.1-5.6.
5.2. Right to rectification and completion of managed personal data
At the request of the User, the Service Provider shall, without undue delay, correct the inaccurate personal data indicated in writing by the User or complete the incomplete data with the content indicated by the User. The Service Provider shall inform all Employers to whom the personal data has been disclosed about the correction or addition, unless this proves impossible or requires disproportionate effort. The Service Provider informs the User about the data of these customers if he requests it in writing.
5.3. Right to restriction of data management
The User shall have the right to restrict data management by the Service Provider upon written request if:
- The User disputes the accuracy of the personal data, in which case the restriction applies for a period enabling the Service Provider to verify the accuracy of the personal data;
- the data management is unlawful and the User opposes the erasure of the data and requests the restriction of their use instead;
- The Service Provider no longer needs the personal data for the purpose of data management, but the User requires them for the establishment, exercise or defence of legal claims;
- The User objects to data management.
In this case, the restriction applies for the period until it is established whether the legitimate reasons of the Service Provider take precedence over the legitimate reasons of the User. The Service Provider shall inform the User in advance of the lifting of the restriction of data management, at whose request it has restricted data management.
5.4. Right to erasure (right to be forgotten)
At the request of the User, the Service Provider shall delete the User’s personal data without undue delay if one of the following reasons applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by the Service Provider;
- The User withdraws his/her consent on which the data management is based and there is no other legal basis for the data management;
- The User objects to data management for reasons related to his/her particular situation and there is no legitimate reason for data management;
- the Service Provider manages the personal data unlawfully;
- personal data have been collected on the basis of consent, in connection with the offer of information society services to children.
The User may not exercise his right to erasure or forgetfulness if data management is necessary:
- for exercising the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as exercising the right to erasure would render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims;
5.5. Right to data portability
The User shall have the right to receive the personal data concerning him or her, which he or she has provided to the Service Provider, in a structured, commonly used and machine-readable format and shall have the right to transmit these data to another controller without hindrance from the controller to which the personal data have been provided, if:
- data management is based on consent , and
- data management is carried out by automated means.
In all cases, the right is limited to the data provided by the User, there is no possibility to port other data. The User may request the direct transfer of personal data related to him or her contained in the Service Provider’s system to another data controller, if this is technically feasible in the Service Provider’s system.
The Service Provider fulfills the request for data portability only on the basis of a request written by e-mail or post. In order to fulfill the request, it is necessary for the Service Provider to make sure that the authorized User wishes to exercise this right. For this, it is essential that the User provides in his/her request those personal data that are suitable for the Service Provider to identify the claimant by comparing the data in its system.
Within the scope of exercising this right, the User may request the portability of the following data: name/birth name, contact details and all data provided by the User in the submitted application / request for quotation and stored by Service Provider.
The exercise of this right does not automatically result in the deletion of data from the Service Provider’s system, therefore these data will continue to be stored in the Provider’s system for the period of data management specified in point 2 of this Policy, unless the User withdraws his/her consent or requests the deletion of his/her data.
5.6. Right to object
The User may object to the processing of his/her personal data if the data management:
- for the purpose of direct marketing (e.g. sending newsletters, marketing materials) – in this case the data controller has no possibility of objection, the right to object also entails the obligation to delete the data;
- necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- necessary for the enforcement of the legitimate interests pursued by the controller or by a third party.
If the User objects, the Service Provider may no longer process the personal data, unless it proves that the processing is justified by compelling legitimate grounds that override the interests, rights and freedoms of the User or that are related to the establishment, exercise or defence of legal claims.
The User may object at any time to the processing of his or her personal data based on legitimate interest on grounds relating to his or her particular situation. In this case, the personal data shall no longer be processed, unless the User proves that the processing is justified by a legitimate interest on his or her side which overrides the interests, rights and freedoms of the User or which are related to the establishment, exercise or defence of legal claims.
5.7. Notification rules related to the exercise of the User’s rights
The Service Provider shall inform the User of the measures taken without undue delay, but in any case within 30 days of receipt of any request pursuant to points 5.1-5.6. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by another 60 days, but in this case the User shall inform the User of the reasons for the delay within 30 days of receipt of the request.
If the User submitted the request electronically, the Service Provider shall also provide the information electronically, unless otherwise requested by the User.
5.8. Enforcement options
The User may exercise his/her rights by sending a request by e-mail or post at one of the following contact details:
Name: | Transpose Ltd. |
Mailing address: | 1065 Budapest, Révay köz 4. |
E-mail address: | info@transpose-hr.hu |
Web page: | www.transpose-hr.hu |
The rights described in points 5.1-5.6 cannot be enforced by telephone.
The User cannot enforce his/her rights if the Service Provider proves that it is not possible for him to identify the User. If the User’s request is clearly unfounded or excessive, especially due to its repetitive character, the Service Provider may charge a reasonable administrative fee for fulfilling the request or refuse to take action. The Service Provider bears the burden of proving the manifestly unfounded or excessive nature of the request.
In the event of the User’s death, any close relative of the User or the beneficiary of the estate – proving their relationship with the User by presenting the death certificate after blanking out the irrelevant data – may request the deletion of User’s data, as well as the transmission of data in accordance with the relevant legislation, in addition to proving its legitimate interest.
The User may lodge a complaint or appeal:
- to the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11.; postal address: 1363 Budapest, Pf.9.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: naih.hu), or
- or Seek judicial redress as follows:
The provisions on judicial remedies are contained in Act CXII of 2011 on Informational Self-Determination and Freedom of Information.
In order to protect his or her data, the data subject may turn to court against the data manager if he or she considers that the data manger has violated the regulations governing the processing of personal data. The person concerned may, at his or her choice, bring the action before the court competent for his or her place of residence or residence. A party to a lawsuit may also be a person who otherwise does not have legal capacity to be a party to litigation. The data protection authority may intervene in the lawsuit in order to ensure the success of the data subject. Any person who, as a result of a breach of the General Data Protection Regulation, is pecuniary or non-pecuniary has suffered damage, is entitled to compensation from the controller or processor for the damage suffered. The data manager or the data processor is exempted from liability if it proves that it is not responsible in any way for the event that caused the damage.
5.9. User’s obligations
By using the services of the Service Provider, the User declares that he/she wishes to be an active participant in the Hungarian/international labour market. If the User’s intentions change and he/she no longer wishes to store his/her data for possible future labour market activities, he/she must clearly indicate this in writing to the Service Provider.
The purpose of the Service Provider’s services is to ensure the User’s presence on the labour market, the success of his/her employment aspirations and the achievement of his/her career goals, therefore its services can only be used by persons over the age of 18.
The User shall be solely responsible for the authenticity and accuracy of the data provided by the User.
The Services are used by the User for his/her own job search. Otherwise, the User shall be responsible for obtaining the consent of the data subject(s) lawfully for the processing of personal data provided about third natural person(s) during the service, prior to the transfer / making available of the data.
- Manage data breaches
A data protection incident (data breach) is any event that involves the unlawful handling or processing of personal data managed, forwarded, stored or processed by the data manager, including, in particular, unauthorized or accidental access, alteration, communication, deletion, loss or destruction, as well as accidental destruction and damage.
In order to control the measures related to the personal data breach, to inform the supervisory authority and to inform the User, the Service Provider shall keep records containing the scope of personal data involved in the incident, the scope and number of data subjects, the date, circumstances, effects of the incident and the measures taken to remedy it. If the Service Provider considers that a given incident poses a high risk to the rights and freedoms of data subjects, it shall inform the User(s) concerned and the supervisory authority of the personal data breach without undue delay, but preferably within 72 hours. The Service Provider retains the data contained in the register for 5 years from the detection of the personal data breach.
- Security
The Service Provider undertakes to ensure the security of the data, and to take the technical measures to ensure that the recorded, stored or processed data are protected, and to do everything possible to prevent their destruction, unauthorized use and unauthorized alteration during the entire process of data management. It also undertakes to call upon all third parties to whom the data may be transmitted or transferred to fulfil their obligations in this regard.
- Modification of the Privacy Policy
The Service Provider reserves the right to unilaterally amend this Privacy Policy while complying with the relevant legislation. However, these modifications may not infringe the rights of the User specified in the Regulation. The current valid Privacy Policy can be found on the Service Provider’s website: www.transpose-hr.hu.
Updated: July 2024