The purpose of this data management information sheet (hereinafter: "Information") is to define the legal procedure for the use of records/databases maintained by Research Professionals Kft. (hereinafter: "Company") in relation to the hiper.jobs (hereinafter: "Website") website , as well as ensure the enforcement of the rights of those concerned and the transparency of data management.
Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Directive 95/46/EC (hereinafter: GDPR) and on the right to informational self-determination and CXII of 2011 on freedom of information. The law requires prior information for those concerned.
With the following information, we fulfill this legal obligation. The terms in the information sheet shall mean the terms defined in the GDPR and in domestic legislation, in non-regulated matters, the GDPR or, if not contrary to domestic legislation, shall be applied.
During phone calls, written or electronic communication, we refer to this information sheet in addition to information about the company and the purpose of data management.
1. NAME AND CONTACT OF THE DATA PROCESSOR AND ITS REPRESENTATIVE
Data controller: Research Professionals Kft. registered office: 1095
Budapest, Soroksári út 44. II. em. (hereinafter: Company)
Cg.: 01-09-187701, tax number: 24887047-2-41
Website: https://rp-cro.com/
e-mail: contact@rp-cro.com, telephone: 36 1 201 1441
Represented by: Managing Director Dr. Kálmán Törőcsik
e-mail: contact@rp-cro.com, telephone: 36 1 201 1441
2. AVAILABILITY OF THE PRIVACY OFFICER
Contact information of the company's data protection officer:
https://gdprofessionals.hu/kapakslot/,
e-mail: info@gdprofessionals.hu,
Phone: 06-30-3889943
3. DATA PROCESSORS OF THE COMPANY
Data processor who manages personal data on behalf of the company. Personal data will be transferred to the following data processors in order for them to be processed for us in accordance with our instructions and our data protection policy, in accordance with our confidentiality and security measures. We provide the following information about data processors:
Company name: Rackforest Kft.
Address: 1132 Budapest, Victor Hugo utca 18-22.
Activity: https://hiper.jobs/ hosting service
Company name: Contest Kft.
Address: 8000 Székesfehérvár, Móricz Zsigmond utca 17.
Activity: accounting/auditing
Company name: Magyar Posta Zrt.
Address: 1540 Budapest, Dunavirág utca 2-6.
Activity: Postal activity
4. PURPOSE OF DATA MANAGEMENT, MANAGED DATA
The company collects the data contained in this information itself, handles the data for the following purposes, and does not handle data other than the specified purpose - unless specifically indicated:
4.1 Data managed during the use of the hyper.jobs system
Through the hiper.jobs online system, you as a private user (data subject) can register and record relevant data from a job search point of view in order to receive a suitable job offer. You are obliged to provide all provided data accurately to the best of your knowledge.
If you do not provide your own personal data, it is the responsibility of the data provider to obtain your (data subject) consent.
Scope of processed data:
Scope of data to be provided during registration:
- Your name
- Your email adress
- your address
- your occupation
- your highest educational qualification
Data that can be entered in connection with a job search:
- your phone number
- your date of birth
- your gender
- your professional CV
- your knowledge of a foreign language
- data proving your professional qualification
- your driving practice
- your computer skills
- the text introducing you
- your LinkedIn account
- your facebook account
- In terms of skill development and self-development, basic characteristics, work attitude, and leadership skills can be assessed and their results are displayed.
Data generated during system use:
- the job advertisements and positions that you interest in
- duration of system use
- date of system use
- actions performed in the system (deletion, modification)
- search history
- viewed job offers
- the fact of contacting job advertisers
- results of skill tests
Purpose of data management:
Optimum use of the company's recruitment services and the online system for the most effective job placement.
The system creates a profile about you, based on the data provided during registration and filling out the profile. During the creation of the profile, automated data management takes place, in connection with which the system broadcasts job advertisements relevant to you.
The system sends system messages and information about changes and new features of the system to its users at specified intervals.
Legal basis for data management:
Data management is carried out on the basis of Article 6, Paragraph 1, Point b) of the GDPR, as you electronically accept the system's terms of use and data management information on the website, which is considered a written contract between the company and you. The contract enters into force upon acceptance of the terms of use and the information on data management (marking the checkbox).
Basis of data provision: not based on legislation, but on the contract concluded with you.
Time of data processing:
In the absence of confirmation after registration, the data will be stored for 15 days. The user has the right to delete his data at any time. Otherwise, the user profile will be automatically deleted after 10 years have passed since the last user modification.
Transfer of data, recipients:
Data transmission: due to the nature of the service, job advertisers registering on the Website can access the shared data in special cases. Such a special case is when the job seeker initiates contact with the job advertiser and the job advertiser accepts this, or when the job seeker accepts the job advertiser's contact request. Your personal data included in your CV will be forwarded to the advertiser, who may even operate in a third country outside the EU, in the event of your declaration to this effect (marking a checkbox).
Data management other than the purpose:
Statistical data processing may take place in order to determine the number of interested parties.
Your identification:
Based on the e-mail address provided during registration, or profile name and date of birth.
Profile creation:
Automated decision-making based on the personal data provided in connection with the job search and generated during the use of the system will only take place in the event of a job offer relevant to you being conveyed as part of profiling. The system recommends job offers to the user based on the provided professional experience, education, language skills, and soft skills.
Description of profiling and automated decision-making:
During profile creation, users can see their personal profile completion in percentage value on the home page of their user account. The higher the percentage of the completion, the more accurate therefore the system can automatically offer relevant job offers.
During automated decision-making, the algorithms of the Hiper.jobs platform analyze the collected profile information and compare it with the expected criterias in the job advertisements. These informations are the applicant's education, professional experience, language skills and IT skills, as well as the relevant skills tests.
The algorithms display the matches in percentage value, grouped according to two important aspects: professional compliance and chance of success. Professional compliance shows how well the user's education and professional experience meet the requirements of the given position. The success rate shows the user's chances of succeeding in the given position based on their personal skills.
The platform automatically recommends jobs to the user with at least 50% professional compliance, and only users who meet at least 50% of the criteria are automatically displayed in the list of positions.
Hiper.jobs still provides users with the opportunity to apply manually, even if a suitable position does not appear in the list of recommended jobs. In this case, the platform makes suggestions to increase professional suitability and chances of success.
Risk of data management:
The company assesses the processing of the recorded data as medium risk, in the framework of which it acts in accordance with the data protection and data security rules, and has carried out an impact assessment of the system, since in connection with the data processing, profiling takes place based on the data you provide.
4.2 Newsletter
Scope of processed data:
In order to send the newsletter, you need to enter your name and e-mail address.
Purpose of data management:
Sending a newsletter to the person concerned (changes and opportunities affecting the system) from the company.
Legal basis for data management:
The data is processed on the basis of point a) of Article 6 (1) of the GDPR, as you give your voluntary consent clearly expressed on the website (checking the checkbox). You can withdraw your consent at any time after registration, in the "settings" menu of your account, or by clicking on the "unsubscribe" text at the bottom of the newsletter.
Basis of data provision: it is not based on legislation or contract, but on your consent, providing it is not mandatory, otherwise you will not be informed about the options that may be available to you.
Time of data processing:
Until unsubscription, or in the absence of this, for 10 years after the last user modification.
Transfer of data, recipients:
Through a data processor.
Data management other than the purpose:
There isn't.
Your identification:
Based on email address.
Risk of data management:
The company assesses the handling of newsletter subscriber data as low risk, and takes care of the proper handling and security of the data in the data protection regulations and by selecting the data processor.
4.3 Cookie-related data management
The company's website https://hiper.jobs uses cookies. When downloading certain parts of the company's website, small data files, so-called cookies are placed on the visitor's computer. We provide information on the cookie used (purpose, cooking time, transmission) in a separate information sheet.
Scope of processed data:
By visiting the websites, a log file containing the IP address of the person concerned and certain data of his computer is created.
Purpose of data management:
We store and evaluate data about your recent visits to our website and for analytical purposes how you navigated between different parts of our website in order to understand how people use our website and thereby make it more convenient for you to use.
Legal basis for data management:
The legal basis for data management is your consent based on point a) of Article 6 (1) of the GDPR, which is given by clicking the "I accept" button in the pop-up window containing information on the use of cookies.
Basis of data provision: not based on legislation or contract, its provision is not mandatory, without it the website will not function properly and its use will be limited.
Time of data processing:
According to a separate information sheet.
Transfer of data, recipients:
According to a separate information sheet.
Data management other than the purpose:
There isn't.
Risk of data management:
The company assesses the handling of cookie data as low risk, ensures the proper handling of the data in the data protection regulations and the appropriate selection of the data processor, and also applies a separate information sheet (pop-up window) for those concerned about its security.
4.4 Data management of the Facebook page
Scope of processed data:
The range of processed data: data provided in messages, data processed by Facebook cookies
Purpose of data management:
The purpose of the data management is to provide broader information about other current events affecting the company
Legal basis for data management:
The legal basis for data management is your consent based on point a) of Article 6 (1) of the GDPR, which you give by liking the page.
Basis of data provision: it is not based on legislation or contract, but on consent, providing it is not mandatory, otherwise you will not be informed about our news.
Time of data processing:
Data deletion deadline: in the company's unilateral opinion, if the message contains content that creates an obligation for the company based on legislation, or if it considers that it may be necessary in the future to enforce or protect its rights or those of third parties, it deletes the data after 5 years, otherwise within 30 days after receiving the message; cookies are used and deleted as described in Facebook's current information (https://www.facebook.com/policies/cookies/), the Data Processor does not have access to this data
Transfer of data, recipients:
Data processor is Facebook Ireland Limited (regarding Facebook cookies)
Data management other than the purpose:
There isn't.
Your identification:
Based on the data you share in the Facebook system.
Risk of data management:
The company assesses the management of Facebook cookie data as low-risk, in the data protection regulations and with the appropriate selection of the data processor, it takes care of the proper management of the data, and also applies a separate information sheet for the data subjects regarding its security.
5. WHAT DATA SECURITY MEASURES DO WE USE TO PROTECT YOUR DATA?
The Company only stores data electronically at the headquarters of Rackforest Kft., as a data processor.
The place of storage of data stored by the Company's data processors is located at the headquarters of the data processors.
The company selects and operates the IT tools and software used in the provision of the service to manage personal data in such a way that the managed data:
- accessible to authorized persons (availability);
- its authenticity and authentication are adequate (authenticity of data management);
- its immutability is ensured (integrity);
- protected against unauthorized access (confidentiality).
Data protection covers in particular:
- unauthorized access;
- for change;
- for transmission;
- to delete;
- to be made public;
- for accidental damage;
- for accidental destruction;
- Also to inaccessibility resulting from a change in the technology used.
In order to protect electronically managed data, the Company uses a solution that provides an appropriate level of security according to the current state of the art. During the examination of compliance, special emphasis is placed on the degree of risk arising during data processing at the Company. IT protection ensures that the stored data cannot be directly assigned or connected to the data subjects (unless permitted by law). The company ensures the protection of the security of data management with organizational, organizational and IT measures that provide a level of protection corresponding to the risks arising in connection with data management. Among several possible data management solutions, the Company chooses the one that ensures a higher level of protection of personal data, unless it would represent a disproportionate difficulty for the Company. The Company also applies these requirements to data processors.
The company ensures during data management
- confidentiality, so that only those who are authorized to do so can access it;
- integrity, so that information and processing are accurate and complete;
- the availability, so that the authorized user can really access the desired information if necessary, and that the related tools are available.
The IT system and network of the company and its data processors are protected against fraud, espionage, sabotage, as well as vandalism, fire and flood, as well as computer viruses and break-ins. The operator ensures security with server-level and application-level protection procedures. The software used by the company has a data protection impact assessment certificate.
Messages sent to the company via the Internet - in any form - are highly exposed to network threats that lead to the modification of information, unauthorized access, or other illegal activities. At the same time, the company does everything that can reasonably be done and is expected of it according to the state of the art at the time. To this end, the applied systems are monitored in order to record security deviations, to obtain evidence of a security incident, and to examine the effectiveness of precautions.
The company logs systems in order to record any security discrepancies and provide evidence in the event of a security breach. System monitoring also makes it possible to check the effectiveness of the precautions used.
The Company undertakes to call on all third parties to whom the data may be forwarded or transferred to comply with the above commitments. However, in the case of legal data transmission by the Company, the Company does not assume responsibility for damages caused by the recipient.
All employees of the Company are obliged, based on their employment or other legal relationship, to comply with the above principles regarding data management and data security.
6. WHAT RIGHTS DO YOU HAVE DURING THE HANDLING OF YOUR PERSONAL DATA?
After the description of the individual rights, we also display the rights that can be exercised in connection with the individual data management in a table.
Access: The data subject has the right to inquire with the company and receive an answer as to whether his personal data is being processed, and if so, he is entitled to receive information about the following:
- the purposes of data management;
- categories of personal data concerned;
- the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations;
- where appropriate, the planned period of storage of personal data or, if this is not possible, the criteria for determining this period;
- the data subject's right to request from the company the correction, deletion or restriction of processing of personal data concerning him and to object to the processing of such personal data;
- the right to submit a complaint to a supervisory authority;
- if the data were not collected from the data subject, all available information about their source;
- the fact of automated decision-making referred to in paragraphs (1) and (4) of Article 22 of the GDPR, including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and what it means for the data subject has expected consequences.
If the data subject requests a copy of his personal data, the company will provide it free of charge.
For additional copies requested by the data subject, the company may charge a fee in accordance with the reimbursement rules for requests for information in the public interest. The company will provide information on the possible level of reimbursement upon contact.
If the data subject submitted the request electronically, the company will provide the information in an electronic format, unless requested in a different format.
The right to request a copy must not adversely affect the rights and freedoms of others, so for example the personal data of others cannot be requested.
As a general rule, the right to access can be exercised after logging into the online system or after the appropriate identification of the data subject.
Correction: The data subject has the right to request that the company correct inaccurate personal data relating to him without undue delay, and may also request the completion of incomplete personal data - among other things, by means of a supplementary statement. The change of identification data must be verified.
The company requests that the data change be reported immediately, within 8 days at the latest.
As a general rule, the right to rectification can be exercised after logging into the online system or after proper identification of the data subject.
Deletion: The data subject has the right to have the company delete the personal data concerning him without undue delay at his request, and the company is obliged to delete the personal data concerning the data subject without undue delay if the reasons listed in Article 17 (1) of the GDPR one of them exists.
The right to delete personal data does not apply to the data contained in the information sheet in terms of data processing necessary for the execution of the task performed in the context of the fulfillment of a legal obligation based on Article 17, paragraph 3, point b) of the GDPR.
As a general rule, the right to deletion can be exercised after logging into the online system or after proper identification of the data subject.
Withdrawal of consent: Withdrawal of consent does not affect the legality of data processing based on consent, prior to withdrawal.
Limitation of data management: If data management is subject to restrictions, such personal data, with the exception of storage, will only be processed with the consent of the data subject, or for the presentation, enforcement or defense of legal claims, or for the protection of the rights of another natural or legal person, or in the important public interest of the Union or a member state can be handled.
In the following cases, the data subject is entitled to have the company restrict data processing upon request:
- the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the company to verify the accuracy of the personal data;
- the data processing is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use;
- the company no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims.
As a general rule, the right to restrict data processing can be exercised after logging into the online system or after proper identification of the data subject.
Objection to data processing: In case of exercising the right to object, the company may no longer process personal data, unless it proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or which are legal requirements are related to its presentation, validation or protection.
As a general rule, the right to protest can be exercised after logging into the online system or after proper identification of the person concerned.
Rights related to automated decision-making: You have the right not to be subject to the scope of a decision based solely on automated data management, including profiling, which would have legal effects on you or similarly significantly affect you, unless:
a) necessary to conclude or fulfill the contract between you and the company;
b) it is made possible by EU or member state law applicable to the company, which also establishes appropriate measures for the protection of your rights and freedom, as well as your legitimate interests;
c) it is based on your express consent.
In the cases referred to in points a) and c), the company shall take appropriate measures to protect its rights, freedom and legitimate interests, including its right to request human intervention on the part of the company, to express its position and to submit objections to the decision.
7. RIGHTS THAT CAN BE ENFORCED IN RELATION TO DATA PROCESSING
Name of affected right | In the case of which data management can it be practiced? |
---|---|
Access - information |
|
Access - copy |
|
Rectification |
|
Deletion |
|
Limitation of data management |
|
Objection to data processing |
|
Right to data portability |
|
Rights related to automated decision-making |
|
The data subject's rights can be exercised by sending a request that enables your proper identification either electronically, in person or by post to the address indicated in point 1 of the company as data controller. In order to exercise the rights of the data subject under the age of 16, the procedure and permission of his legal representative is required.
The inquiry received during contact with the company and its content (in particular the sender's name, address, date, attachments) are stored by the company for 5 years and then deleted.
The administrative deadline for requests is 25 days, in the case of the right to protest, 15 days. The company will inform the person concerned about the result of the evaluation of the application. If, during the exercise of the rights, doubts arise as to whether the request really originates from the data subject, the company may request additional information for its own legal data management and the protection of the data subject.
The company, at whose request the data management was restricted, will inform you in advance of the lifting of the restriction of data management.
In the case of data correction, deletion, or limitation of data management, the company will inform everyone to whom the data subject's data was forwarded, as long as this does not prove to be impossible or does not require a disproportionate effort, the fact and reason of which will be informed to the data subject in its response to the request.
If the company receives an official request from the authorized authorities, it will obligatorily provide the data that is absolutely necessary to achieve the goal indicated by the requesting authority.
The right to appeal to a supervisory authority and court:
If you have any questions about your data managed by the company, or if you believe that you have been harmed during data management, please notify the company or its data protection officer first.
If the inquiry is unsuccessful, you are subject to Article 77 of the GDPR and Infotv. Pursuant to § 52, you can file a report with the National Data Protection and Freedom of Information Authority, and Infotv. According to § 23, as well as Article 79 of the GDPR and Book III of Act V of 2013 on the Civil Code. based on part of it, you can even apply to the competent court for your place of residence.
The National Data Protection and Freedom of Information Authority:
Headquarters: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 (1) 391-1400
Electronic mail address: ugyfelszolgalat@naih.hu
Website: www.naih.hu
If you suffer pecuniary or non-pecuniary damage as a result of the violation of data protection legislation, you are entitled to demand compensation from the Company and/or the data processor. If the Company and data processor(s) are also involved in committing the violation, they are jointly and severally liable for the resulting damage.
Dated: Budapest, 1st Dec 2023