PRIVACY NOTICE
for job applicants
Munch Europe Szolgáltató Korlátolt Felelősségű Társaság (hereinafter referred to as the "Data Controller") hereby informs the job applicant (hereinafter referred to as the "Data Subject") about the personal data processed by the Data Controller, the principles and practices followed in the processing of personal data, the organisational and technical measures taken to protect personal data, and the ways and options for exercising the rights of the Data Subject. The Data Controller shall treat the personal data recorded confidentially, in accordance with international and national data protection laws and recommendations, and in accordance with the provisions of this Notice.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter reffered to as: „Regulation”) requires that the Controller takes appropriate measures to provide the data subject with all information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in a clear and plain language, and that the Controller facilitates the exercise of the data subject's rights.
The obligation to inform the data subject in advance is also provided for in Act CXII of 2011 on the Right to Informational Self-Determination and on the Freedom of Information. The information below is provided to comply with this legal obligation.
I. NAME OF THE DATA CONTROLLER
The issuer of this notice is the Data Controller:
NAME: Munch Europe Szolgáltató Korlátolt Felelősségű Társaság
OFFICE: 1051 Budapest, Hercegprímás utca 18. 3. floor.
ADDRESS: 28790295-2-41
DIRECTOR: Bence Zwecker Managing Director
E-MAIL: info@munch.hu
(hereinafter referred to as "Data Controller")
II. LEGISLATION IN RELATION TO THE PRESENT PERSONAL DATA PROCESSING
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR or Regulation)
- Act CXII of 2011 on the Right to Informational Self-Determination and on the Freedom of Information (hereinafter referred to as the "Infotv.")
III. LEGAL BASIS FOR DATA PROCESSING
Pursuant to Article 6 (1) of the General Data Protection Regulation, the processing of personal data is lawful only if and to the extent that at least one of the following conditions is met:
(a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
(b) the processing is necessary for the performance of a contract to which the data subject is a party or is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
For the purposes of this privacy notice, the legal basis for the processing of personal data by the Controller is primarily based on Article 6 (1) of the General Data Protection Regulation
- (processing based on consent).
VI. DETAILED DESCRIPTION OF THE PROCESSING
The list of personal data that can be processed: the name, date and place of birth, mother's name, address, photograph, telephone number, e-mail address, data concerning professional history, experience, training, education and qualifications of the natural person.
If, following the application of the data subject, a personal interview of the data subject takes place, the Data Controller shall make a record of it, of which contents shall also be considered personal data.
Purpose of the processing of personal data:
- to identify the data subject,
- the processing of the data subject's job application to the Data Controller,
- the participation of the data subject in the selection procedure,
- to select the data subject with the appropriate skills and professional experience for the position advertised by the Data Controller,
- contacting and maintaining contact with the data subject during the selection process,
- offering the data subject a subsequent job offer if the data subject is not selected by the Data Controller for the advertised position.
Legal basis for processing: by submitting a job application, the data subject consents (Article 6 (1) (a) GDPR) to the processing of his/her personal data ("consent" is deemed to be given when the application is sent).
The recipients or categories of recipients of the personal data: managers entitled to exercise the rights of an employer at the Data Controller, employees performing labour-related tasks, subsidiaries and other affiliated companies of the Data Controller.
Storage duration of personal data: until the evaluation of the application, for a maximum of 2 years. The personal data of unsuccessful applicants must be deleted. The data of those who withdraw their application or candidacy must also be deleted.
The Data Controller promptly deletes documents submitted by the data subject upon the data subject's request. If the data subject requests the deletion of their personal data before the conclusion of the selection process, the data subject will be unable to participate in the selection process in that case.
The Data Controller informs the data subject that the personal data provided by Teamtailor AB (registered office: Östgötagatan 16 SE-116 25 Stockholm, "company registration number": 556936-6668, website: https://www.teamtailor.com/) is processed in accordance with this clause.
V. INFORMATION ABOUT THE RIGHTS OF THE DATA SUBJECT
Rights of the Data Subject regarding the processing of personal data
During data processing, in accordance with the General Data Protection Regulation (GDPR) of the European Union, the Data Subject has the following rights regarding the processing of personal data:
- Right of information,
- Right of access,
- Right to rectification,
- Right to erasure,
- Right to restriction of processing,
- Right to data portability,
- Right to object,
- Right not to be subject to a decision based solely on automated processing (including profiling),
- Right to remedy.
Right of information: The Data Controller takes appropriate measures to provide data subjects with all the information regarding the processing of personal data as mentioned in Articles 13 and 14 of the GDPR, and every piece of information according to Articles 15–22 and 34, in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.
Right of access: Data subjects can request information about their processed personal data, including the source of the data, the purpose of processing, the categories of personal data concerning the data subject, the legal basis, the duration of processing, the name and address of the data processor and its activities related to data processing, the right to rectification, erasure, or restriction of processing, and the right to object. Additionally, data subjects have the right to file a complaint with the supervisory authority, information about the circumstances, effects, and measures taken in case of a data breach, and, in the case of data transfer, the legal basis and recipient.
The Data Controller provides information within one month from the submission of the request.
Right to rectification: Data subjects can request the correction of their personal data if it does not correspond to reality or is inaccurate, and they can request the completion of incomplete data.
Right to erasure: Data subjects can withdraw their consent to data processing at any time and request the deletion of their personal data.
The data subject is entitled to withdraw their consent to data processing and request the Data Controller to promptly delete their personal data if one of the following reasons applies:
- Personal data is no longer necessary for the purpose for which it was collected or otherwise processed;
- The data subject withdraws the consent on which the processing is based, and there is no other legal basis for the processing;
- The data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
- Personal data has been unlawfully processed;
- Personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- Personal data has been collected in relation to the offer of information society services.
Deletion of data cannot be initiated if data processing is necessary: for exercising the right to freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes, or for archiving purposes, scientific or historical research purposes, or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.
Right to restriction of processing (blocking): Upon the data subject's request, the Data Controller restricts the processing of data if one of the following conditions is met:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
- the data subject has objected to the processing; in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the data controller override those of the data subject.
If the processing is subject to restriction, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The data controller fulfills requests for information, rectification, erasure (withdrawal of consent for data processing), restriction within one month from the receipt of the request, or if this is not possible, informs the data subject about the obstacles, specifying the factual and legal reasons for refusal, along with information about the possibilities for legal remedies.
Right to data portability: The data subject is entitled to receive their personal data provided to the Data Controller in a structured, commonly used, machine-readable format and has the right to transmit this data to another data controller.
VI. ENFORCEMENT
In the event of a complaint against the processing of data, the following enforcement and remedies are available:
You may contact the Data Protection Officer of the Data Controller at the following contact details:
- Dr. Ferenc József Tanács
- Address: 6726 Szeged, Bérkert utca 64/B.
- E-mail: dpo@drtanacs.hu
We recommend that you first address your complaint to the Data Protection Officer or the Data Controller so that the Data Protection Officer or Data Controller can investigate and address the complaint appropriately.
The Data Controller suggests that the data subject, in order to deal with cases more quickly and efficiently, should contact the Data Protection Officer or the Data Controller directly before submitting a complaint to the authority, and exercise the following rights.
In general, anyone can apply to the relevant data controller:
- access to their personal data,
- rectification of their personal data,
- erasure of their personal data,
- restriction of the processing of personal data,
- the portability of personal data,
- object to the processing of your personal data.
The Data Subject can file a complaint with the supervisory authority overseeing the Data Controller. The contact information for the supervisory authority is as follows:
• National Authority for Data Protection and Freedom of Information
• Office: 1055 Budapest, Falk Miksa utca 9-11
• Mailing address: 1363 Budapest, Pf.: 9.
• Phone number: +36 (1) 391-1400
• Central email address: ugyfelszolgalat@naih.hu
The Data Subject can also turn to the court if they believe that the Data Controller is processing personal data in violation of the provisions specified in the legislation or mandatory legal acts of the European Union concerning the processing of personal data. The adjudication of the case falls within the competence of the court. The lawsuit can be filed before the competent court based on the Data Subject's choice, either at the court having jurisdiction over their place of residence or stay.
VII. MISCELLANEOUS
Personal data will not be transferred to international organisations or third countries.
Automated decision-making and profiling do not take place in the processing of personal data detailed in this Privacy Notice.
Dated: Budapest, November 23, 2023.
Munch Europe Kft.