KtkSoft Informatics and Consulting Ltd. (Company registration number 13-09-174596, registered office: 2120 Dunakeszi, Pejachevich A. str. 2.4.a.), as the Service Provider, hereby informs the Users about the processing of their personal data in the course of the recruitment services provided by the Service Provider in accordance with Regulation 2016/679 of the European Parliament and of the Council on General Data Protection Regulation (hereinafter referred to as “GDPR”).
· Service provider:
Name: KTKsoft Informatikai és Tanácsadó Kft.
Headquarters: 2120 Dunakeszi, Pejachevich A. str. 2. 4.a.
Company registration number.: 13-09-174596
Represented by: Miklós Túri manager
Phone number: +36 30 231 2692
email address: email@example.com
who provides the recruitment service.
· Workforce recuitement:
All the services of the Service Provider to help its Partners, as job providers, to find suitable candidates for the purpose of establishing an employment relationship, and to establish such a relationship.
Within this framework, the Service Provider performs in particular, but not limited to the following activities:
— search for suitable candidates for a given position, either from their own database, through job advertisements or by using the services of third parties;
— assessment and verification of the suitability of candidates;
— pre-screening and selection of candidates;
– introduction of the Candidate to the Partner.
· Job advertisement:
An advertisement for the search of candidates for an open position displayed by the Service Provider on any interface.
· Open position:
A position known by the Service Provider, indicated by its Partners with precise parameters, waiting to be filled at a given partner.
A natural person applying for a job advertisement, an open position, or presented to the Service Provider by a third party, or contacted by the Service Provider from social media, from the database of another workforce recruiter.
· Personal data:
For the purposes of the GDPR, any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
· Data management:
According to the GDPR, any operation or operations performed on personal data or data files in an automated or non-automated manner, such as the collection and recording,
organisation, structuring, storage, transformation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
· Data Controller:
A natural or legal person, or an organisation without legal personality, who or which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions concerning the processing (including the means used), or has them implemented by a data processor (112th Act of 2011 on Data Protection).
The controller shall determine the purposes and methods of personal data processing.
With regard to data processing carried out in the course of its workforce recruitment activities, the Service Provider shall be considered a data controller.
In addition, all contractual partners of the Service Provider to whom the Service Provider transmits candidate personal data in the context of the recruitment service are also considered as data controllers with regard to the candidate personal data in the recruitment service.). Service Partners are independent data controllers, their data management activities are carried out as specified in their own data management prospectus.
2. Type, source of data processed by the Service Provider, purpose, legal basis and duration of data processing
2.1. Type of data to be processed, purpose of data processing
Type of data to be processed Purpose of data processing
a) Name Recruitment service, profiling, identification, contact
b) Address Labour recruitment service, profiling, identification, contact
c) Place of birth, time Labour recruitment service, profiling, identification
d) Telephone number Labour recruitment service, profiling, contact
e) E-mail address Workforce recruitment service, profiling, contact
f) Non-workforce recruitment services, profiling
g) Nationality Workforce recruitment service, profiling
h) Photo Workforce recruitment service, profiling, identification
i) Current and previous jobs, positions, projects Workforce recruitment service, profiling
j) Data on education and other training courses Labour recruitment services, profiling
k) Type of the driving licence Labour recruitment service, profiling
l) Data on publications, presentations Labour recruitment service, profiling
m) References Workforce recruitment service, profiling
n) Data, information about the Candidate displayed on social media platforms Workforce recruitment service, profiling
o) Personal contact, interview, personality and behavioural characteristics experienced during previous cooperation Workforce recruitment service, profiling
p) Test suitable for assessing professional suitability, result of a probationary task Workforce recruitment service, profiling
2.2. Source of data
The source of the data processed by the Service Provider in the case of points 2.1 a) – m) is the relevant Candidate, third party or other recruitment agency database.
The source of the data processed by the Service Provider in the case of points 2.1 n) -p) are social media platforms or the Service Provider’s own research.
The communication of data is voluntary in all cases, and in the case of each open position, the Service Provider may indicate the data that is necessary for the candidate status. If, in connection with an open position, the Candidate does not provide all the data necessary for identification and assessment of suitability, the Service Provider cannot guarantee the contact with the Candidate or the transfer of the Candidate to its Partners. In case of incomplete submission of data, if the scope of the required data has been previously determined by the Service Provider and is available to the Candidate, the Service Provider is not obliged to contact the Candidate for notification or completion of the data.
2.3. Legal basis for data processing
The legal basis for the data processing carried out by the Service Provider is in all cases Article 6 (1) (a) GDPR, i.e. the consent of the Data Subject to the processing of his/her personal data.
2.4. Duration of data management and data storage
If the Candidate only consents to data processing related to a given open position, the Service Provider shall process the data for a period of 1 year from the date of data recording. If the recruitment process for a given open position lasts more than 1 year from the date of data recording, the Service Provider will invite the respective Candidate to make a declaration in order to further data processing. If the Candidate does not declare within 15 days or does not consent to further data processing, the Service Provider will delete the Candidate’s data even if the recruitment for the given open position for which the Candidate originally applied is still in progress.
If the Candidate also consents to the storage of data in the Service Provider’s permanent database, the Service Provider shall process the data for a period of 3 years from the date of data recording. The Service Provider requests the specific consent of the Candidate for this.
3. Data processing in the case of an anonymous Partner
In the event that the Partner of the Service Provider does not wish to reveal his identity in the first phase of the candidate search, so it will not be indicated in the job advertisement, in the transmission of the open position by the Service Provider, the Service Provider shall act as follows:
The Service Provider, or the third party providing services to him, performs a pre-screening of the Candidate and, in case of compliance, contacts the Candidate. If the Candidate appears to be suitable in all respects for the open position, the Service Provider deems it fit to transmit his data to the Partner and will disclose to the Candidate the identity of his Partner before the transfer. The Candidate must declare whether or not he consents to the transfer of his data to the Service Partner. If the Candidate expressly objects to the transmission of his data to the Service Partner, the Service Provider will not transfer the Candidate’s materials. If the candidate does not make a statement within 5 days after the call for a declaration, the Service Provider considers that he has not objected to the transmission of his data and transmits them to the Partner offering the given open position.
In order to protect the trade secrets of the Service Provider’s Partners, the Candidates are obliged to keep the identity and name of the Service Provider’s Partner who does not wish to disclose his/her identity strictly confidential and shall not be entitled to communicate or disclose it to anyone, directly or indirectly, without the prior consent of the Service Provider’s Partner.
4. Giving and withdrawing consent
Candidates give their voluntary consent to the processing of their personal data for the above purposes by actively applying directly to a job advertisement or for an open position offered by the Service Provider directly to the Service Provider or to a third party.
Candidates may withdraw their consent to data processing at any time by sending an e-mail to firstname.lastname@example.org, with the following mandatory data: name, date of birth and e-mail address, in order to enable the Service Provider to identify which Candidate’s data should be deleted.
In case of withdrawal of consent, the Service Provider shall delete the data of the Candidate processed by all Service Providers, including the data provided by the Candidate, the data retrieved by the Service Provider and the data obtained from other sources. The obligation to delete covers both electronic and paper data, and also applies to the records and conclusions drawn by the Service Provider regarding the Candidate.
5. The Data Controller
The Service Provider is the controller of the data indicated in this data management policy.
6. Data Processors
Name, address Activity Scope of data
MOLEHAND Ltd. ( 1162 Budapest, Viola str. 4. Tax number: 13611916-2-42) On behalf of the Data Controller IT Operational tasks The personal data listed in point 2.
Péter Molnár self-employed. ( 1162 Budapest, Viola str. 4. Tax number: 67097012-1-12) Performance of administrator duties on behalf of the Data Controller The personal data listed in point 2.
7. Candidate’s rights in relation to data processing
Withdrawal of consent
With regard to data processing based on consent, consent may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of data processing based on consent prior to withdrawal.
The consent may be withdrawn by a unilateral written declaration of the Candidate concerned to this effect, indicating in a list the data in respect of which he withdraws his consent. The withdrawal of the consent is valid if the Candidate delivers it in a private document with full probative force, by post or electronically, in a non-editable document format to the Service Provider.
In cases where processing is not, or not exclusively, based on consent, the withdrawal of consent is not a sufficient ground for the cessation of processing.
· Request for information
If further information regarding the processing of the Candidate’s data is required, you may indicate it to the Service Provider in writing. The Candidate has the right to receive feedback from the controller as to whether the processing of his/her personal data is in progress and, if such processing is ongoing, he/she has the right to obtain access to the personal data and the information relating thereto as defined by the GDPR
·Correction, rectification of personal data
The Candidate may request that the Service Provider corrects the misstated personal data. In the event that the data to be corrected are regularly provided, the Service Provider shall inform the recipient of the data of the correction, if necessary.
Candidates are requested to notify the Service Provider within 15 days of the change in the data processed.
· Right to protest
The Candidates may object to the processing of their personal data as defined in the legislation.
· Right to restriction of data processing
In cases provided for by law, the Candidate may request that the Service Provider limit the processing of his/her data.
· Right to the disclosure/transfer of data processing
The Candidate may request that the Service Provider provide the personal data provided by the Candidate and processed by the Service Provider in a structured, commonly used, machine-readable format and/or transfer them to another data controller designated by the Candidate. The request for data portability may be fulfilled by the Service Provider only in the event that it can be safely resolved from the point of view of data protection and its technical conditions are available.
The Candidate may exercise the above rights in a statement sent to the Service Provider, in writing or electronically, in a non-editable document format.
In the case of the above requests, the Service Provider shall inform the Candidate within 1 month of the measures taken by him.
· Right to complain
If the Candidate has been affected by a breach of law in connection with the Service Provider’s data processing, he or she has the right to lodge a complaint with the competent supervisory authority:
National Data Protection and Freedom of Information Authority
Postal address: 1530 Budapest, P. O. Box.: 5.
Furthermore, in the case of protection of personal data, the Candidate may initiate legal proceedings before the competent General Court.
of which it shall inform the data subject in an appropriate manner.
"*" indicates required fields