Data management information for job applicants

  1. INTRODUCTION

THE WISER Group Kft., as data controller (hereinafter: "Data controller") this document (hereinafter: "Informational"), would like to provide you with information about the activities carried out in connection with the management of your personal data contained in the application materials and CVs to be submitted for the purpose of application. The information contained in the Information is primarily based on the relevant provisions of the following domestic and EU legislation:

  • the European Parliament and the Council (EU) 2016/679. on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Regulation 95/46/EC, i.e. the European Union's General Data Protection Regulation (GDPR)
  • CXII of 2011 on the right to information self-determination and freedom of information. law (Infotv.)
  • Act V of 2013 on the Civil Code (Ptk.)

Please read this Information Sheet carefully and feel free to contact our colleague with any data protection-related questions using one of the contact details provided below.

2. WHO MANAGES YOUR DATA?

Name: WISER Group Kft.

Address: 1065 Budapest, Révay köz 4.

Tax number: 27928181-2-41

Company registration number: 01-09-357551

Registering court: Company Court of the Capital City Court

Legal representative: Managing Director László Kozák

E-mail: info@wisergroup.hu

Phone number: +36 30 336 08 16

3. OUR DATA MANAGEMENT GUIDELINES

Personal data may only be processed for a clearly defined, lawful purpose, in order to exercise a right and fulfill an obligation. In all stages of data management, the purpose of data management must be met, the collection and management of data must be fair and legal. ("legality, due process and transparency")

Only personal data that is essential for the realization of the purpose of data management and suitable for achieving the purpose can be processed. Personal data can only be processed to the extent and for the time necessary to achieve the purpose. ("purposefulness")

Personal data must be appropriate and relevant for the purposes of data management, and must be limited to what is necessary. ("data saving")

During data management, the accuracy, completeness and, if necessary, the up-to-dateness of the data must be ensured, as well as that the data subject can only be identified for the time necessary for the purpose of the data management. ("accuracy")

Personal data must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management. During data processing, personal data will retain its quality as long as the relationship with the data subject can be restored. The relationship with the data subject can be restored if the data controller has the technical conditions necessary for restoration. ("limited storage capacity")

In the course of data management, appropriate security of personal data must be ensured by applying suitable technical or organizational measures, especially those that create protection against unauthorized or illegal processing, accidental loss, destruction or damage. ("integrity and confidentiality")

The Data Controller is responsible for compliance with the above guidelines and must be able to demonstrate compliance. ("accountability")

4. CONCEPTS

"affected”: natural person identified or identifiable on the basis of any information;

"personal data": any information about the data subject;

"contribution": the voluntary, definite and clear declaration of the data subject's will based on adequate information, by which the data subject indicates through a statement or other behavior that clearly expresses his will that he gives his consent to the processing of his personal data;

"data controller”: the natural or legal person or organization without legal personality who, within the framework defined by law or a mandatory legal act of the European Union, independently or together with others, determines the purpose of the data management, the data management (including the device used) makes and implements relevant decisions, or has them implemented by the data processor;

"data handling": regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction of the data, as well as preventing its further use, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image);

"data transfer": making the data available to specific third parties;

"data processing”: the totality of data processing operations performed by a data processor acting on behalf of or at the request of the data controller;

"data processor": the natural or legal person or organization without legal personality who - within the framework and conditions defined by law or a mandatory legal act of the European Union - processes personal data on behalf of or at the direction of the data controller;

"third person": a natural or legal person, or an organization without legal personality, who is not the same as the data subject, the data manager, the data processor or the persons who carry out operations aimed at processing personal data under the direct control of the data manager or data processor;

"data protection incident": a breach of data security that results in the accidental or unlawful destruction, loss, modification, unauthorized transmission or disclosure of transmitted, stored or otherwise handled personal data, or unauthorized access to them;

"profiling": any processing of personal data - in an automated manner - aimed at evaluating, analyzing or predicting the data subject's personal characteristics, in particular those related to his performance at work, economic situation, health, personal preferences or interests, reliability, behavior, location or movement;

"addressee": the natural or legal person or organization without legal personality to whom the data manager or the data processor makes personal data available.

5. HOW DO WE HANDLE YOUR PERSONAL DATA?

 

MANAGED DATA

DATA SOURCE

PURPOSE OF DATA MANAGEMENT

LEGAL BASIS OF DATA MANAGEMENT

personal data indicated in the application material

concerned applicant

community sites

Selecting a new employee

Creation of a contract

Keeping in touch

Stakeholder consent

(GDPR Article 6 (1) point a)

PERIOD OF DATA MANAGEMENT

No later than the end of the given application procedure 90 (ninety) days.

The Data Controller manages the applicants' personal data for the purpose of filling the advertised positions effectively and as soon as possible, searching for and selecting the right employee, and making effective contact. By voluntarily submitting your application, you give your consent to the processing of your personal data for selection purposes. By submitting your application and application materials at the same time, you also consent to the Data Controller handling your personal data for recruitment, job offer, contact and identification purposes, storing it for a specified period of time, and sending messages and notifications to the contact details provided for this purpose. The personal data provided by you during the application for the position in the recruitment process, as well as other personal data we collect about you, will be processed during the recruitment process and deleted within 90 (ninety) days after the end of the recruitment process.

During the selection process, the Data Controller only wishes to manage data closely related to the position to be filled, therefore please do not include special personal data (e.g. data on health status, information on political opinion, religious beliefs) in your application! We would like to inform you that during the selection process, the applicant may learn about his/her activities and information on certain social networking sites (e.g. LinkedIn) that are public to anyone, and which are relevant to the job application or the desired job position.

During the selection procedure, the Data Controller may - depending on the nature of the position to be filled - apply different job suitability tests, the purpose of which is to examine the suitability of the applicant for the competencies required for the given position, and to find the person best suited to the given organizational unit based on the applicant's personality traits. The legal basis for data management for these tests is also your prior, express and voluntary consent. If a test is to be completed/conducted in connection with an advertised position, we will provide information on the related, other relevant data management conditions prior to your consent, via a separate information sheet.

The Data Controller manages personal data on paper and electronically, on a computer. Only employees of the Data Controller dealing with personnel/recruitment matters can directly access the personal data provided by the applicants. The personal data of the applicant can be seen by the employees who participate in the given selection process and have a defined goal in terms of the job within the organization of the Data Controller.

Taking into account the fact that the professional competence of applicants is constantly changing, the Data Controller will delete the unsuccessful applications within 90 (ninety) days after the selection procedure is completed in such a way that they cannot be restored in the future. When establishing the deletion deadline, the Data Controller took into account the maximum duration of the probationary period used in labor law, in order to be able to contact previously submitted applicants again in the event of unsuccessful cooperation. If you withdraw your application during the selection procedure, the Data Controller will destroy your personal data as described above. After a successful application, we will provide our incoming colleagues with the Data Controller's data management information for employees, written on a separate sheet.

6. ADDRESSES, DATA PROCESSING

In addition to the contracted data processors, only those employees of the Data Controller who are absolutely necessary or mandatory for the performance of their duties, or who have decision-making authority in the selection, are entitled to access the personal data. The contracted data processor carries out the data management according to the instructions of the Data Controller, cannot make substantive decisions regarding data management, may process the personal data that comes to his knowledge only in accordance with the provisions of the Data Controller, may not carry out data processing for his own purposes, and is also obliged to store and preserve the personal data in accordance with the provisions of the Data Controller and keep it secret. The data processor may not use additional data processors without the prior written authorization of the Data Controller on a case-by-case or general basis. We use different companies to process your data. The following contracted data processors carry out and may carry out the processing of your data:

DATA PROCESSOR

ACTIVITY

MANAGED DATA

Microsoft 365 (Outlook)

(data management information: https://www.microsoft.com/hu-hu/trust-center/privacy/data-management)

mail system service

personal data indicated in the application material

7. SECURITY MEASURES WITH AUTOMATED DECISION MAKING

In accordance with point f) of Article 13, paragraph (2) of the GDPR, we hereby inform you that no automated decision-making takes place within the Data Controller's data management activities.

Wiser Group Kft. ensures the security of the data commensurate with the risk, and also takes the technical and organizational measures and develops the procedural rules that are necessary to enforce the GDPR, Infotv., and other data and privacy protection rules. Wiser Group Kft. protects the data with measures commensurate with the risk, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as inaccessibility resulting from changes in the technology used. As part of this, Wiser Group Kft. has created an up-to-date data management policy system, which is properly communicated and enforced. The Wiser Group Kft. provides continuous data protection training to the persons processing data on its behalf upon their entry and also afterwards, as well as organizes various security awareness programs in order to develop the highest possible level of data protection awareness. Wiser Group Kft. obtains a confidentiality statement from the persons who have a legal relationship with it and manage personal data on its behalf, as necessary. In order to maintain the regularity of data management, Wiser Group Kft. conducts regular (self-)inspection and continuous maintenance activities, which includes at least an annual complex review of data management processes.

In the case of data management in an electronic system, personal data is stored in a password-protected and/or encrypted database that is changed regularly. Access to such electronic data files is made possible by Wiser Group Kft. using a unique name and password, which also makes it possible to check which personal data was entered into the given electronic systems, when and by whom. These accesses are also reviewed by Wiser Group Kft. at least annually. Wiser Group Kft. protects data managed on electronic devices with firewalls, Antivirus programs, encryption mechanisms, content filtering and other technical and process solutions within the framework of protection commensurate with the risk, applies backups to avoid data loss and damage, and ensures that the installed systems on its reparability in the event of a breakdown.

Paper-based documents that contain personal data are stored by Wiser Group Kft. in a well-locked room equipped with fire and property protection, to which physical access is also limited. Manually managed documents containing personal data are stored in a file cabinet in order to comply with the retention obligation of the data controller, which room is also a well-locked, fire and property protected area.

Wiser Group Kft. conducts an impact assessment prior to the introduction of new data management, and continuously monitors possible data protection incidents. If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, Wiser Group Kft. will fulfill its obligation to inform/notify as required by law without undue delay.

8. RIGHTS AND REMEDIES

You can exercise your rights listed in the points below by submitting a request to the Data Controller. The contact details of the Data Controller are contained in point 2 of the Information. The Data Controller evaluates the request for the enforcement of the rights - given the circumstances of the data management - in the shortest time from its submission, but no later than 25 (twenty-five) days and notifies the data subject of its decision in writing or, if the data subject submitted the request electronically, electronically.

8.1.      INFORMATION ABOUT THE HANDLING OF YOUR PERSONAL DATA

At the request of the data subject, the Data Controller provides information about the data subject's data managed by it or processed by the data processor commissioned by it or at its disposal, its source, the purpose, legal basis, duration of the data processing, the name and address of the data processor and its activities related to data processing, the circumstances of the data protection incident , its effects and the measures taken to prevent them, and - in the case of forwarding the data subject's personal data - the legal basis and recipient of the data transfer.

8.2.      ACCESS TO PERSONAL INFORMATION

The data subject has the right to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and the following information:

  1. the purposes of data management;
  2. categories of personal data concerned;
  3. the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations;
  4. where appropriate, the planned period of storage of personal data or, if this is not possible, the criteria for determining this period;
  5. the right of the data subject to request from the Data Controller the correction, deletion or restriction of processing of personal data concerning him and to object to the processing of such personal data;
  6. the right to submit a complaint to a supervisory authority;
  7. if the data were not collected from the data subject, all available information about their source;
  8. the fact of automated decision-making, including profiling, as well as, at least in these cases, understandable information about the logic used and the significance of such data management and the expected consequences for the data subject.

If personal data is transferred to a third country or to an international organization, the data subject is entitled to receive information about the appropriate guarantees regarding the transfer.

The Data Controller provides a copy of the personal data that is the subject of data management to the data subject. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information must be provided in a widely used electronic format, unless the data subject requests otherwise.

The right to request a copy must not adversely affect the rights and freedoms of others.

8.3.      RIGHT TO CORRECTION

The data subject is entitled to have the Data Controller correct inaccurate personal data concerning him without undue delay upon request. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

8.4.      RIGHT TO DELETE (RIGHT TO BE FORGOTTEN)

The data subject has the right to request that the Data Controller delete the personal data concerning him without undue delay, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:

  1. the personal data are no longer needed for the purpose for which they were collected or otherwise processed;
  2. the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;
  3. the data subject objects to data processing and there is no overriding legal reason for data processing;
  4. personal data has been processed unlawfully;
  5. the personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller;
  6. the collection of personal data took place in connection with the offering of services related to the information society.

If the Data Controller has disclosed the personal data and is obliged to delete it according to the above, it will take reasonable steps, including technical measures, taking into account the available technology and the costs of implementation, in order to inform the Data Controllers handling the data that the data subject has requested from them deleting the links to the personal data in question or the copy or duplicate of this personal data.

Data deletion cannot be initiated if data management is necessary: for the purpose of exercising the right to freedom of expression and information; for the purpose of fulfilling the obligation under EU or member state law applicable to the Data Controller requiring the processing of personal data, or for the execution of a task carried out in the public interest or in the context of the exercise of public authority vested in the Data Controller; affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, on the basis of public interest; or to submit, assert or defend legal claims.

8.5.      RIGHT TO LIMIT DATA PROCESSING

The data subject has the right to request that the Data Controller restricts data processing if one of the following conditions is met:

  1. the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the Data Controller to check the accuracy of the personal data;
  2. the data processing is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use;
  3. the Data Controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; obsession
  4. the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the Data Controller's legitimate reasons take precedence over the data subject's legitimate reasons.

If data processing is subject to restrictions based on the above, such personal data, with the exception of storage, will only be processed with the consent of the data subject, or for the presentation, enforcement or defense of legal claims, or for the protection of the rights of another natural or legal person, or in the important public interest of the Union or a member state can be handled.

The Data Controller informs the data subject at whose request the data processing was restricted in advance of the lifting of the data processing restriction.

The Data Controller informs all recipients of the correction, deletion or limitation of data management to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the Data Controller informs about these recipients.

8.6.      RIGHT TO DATA PORTABILITY

The data subject has the right to receive the personal data concerning him/her provided to a Data Controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another Data Controller without being hindered by the Data Controller whose provided the personal data if:

  1. data management is based on the consent of the data subject or a contract; and
  2. data management is automated.

When exercising the right to data portability as described above, the data subject is entitled to - if this is technically possible - request the direct transmission of personal data between Data Controllers. The exercise of this right may not violate the right to erasure. The aforementioned right does not apply in the event that the data processing is in the public interest or is necessary for the execution of a task performed in the context of the exercise of the public authority delegated to the Data Controller. The right mentioned in the paragraph may not adversely affect the rights and freedoms of others.

8.7.      RIGHT OF WITHDRAWAL

The data subject is entitled to withdraw his consent to the processing of his personal data at any time, the exercise of which right does not affect the legality of the data processing carried out on the basis of the consent prior to the withdrawal.

8.8.      SUBMITTING A COMPLAINT TO A SUPERVISORY AUTHORITY

The concerned National Data Protection and Freedom of Information Authority (hereinafter: "Authorities") may initiate an investigation in order to investigate the legality of the Data Controller's action if the Data Controller restricts the enforcement of the data subject's rights or rejects his request for the enforcement of these rights, and the data subject may request the conduct of the Authority's data protection official procedure if, in his judgment, the Data Controller, or the the data processor commissioned by him or acting on the basis of his instructions violates the regulations regarding the handling of personal data, defined in law or in a binding legal act of the European Union.

Name: National Data Protection and Freedom of Information Authority

Headquarters: 1055 Budapest, Falk Miksa utca 9-11

Mailing address: 1363 Budapest, Pf.: 9.

Phone: 06 1 391 1400

Fax: 06 1 391 1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

8.9.      RIGHT TO COURT

The data subject may go to court against the Data Controller or – in connection with the data processing operations within the scope of the data processor’s activity – the data processor, if, in his opinion, the Data Controller or the data processor entrusted by him or acting on the basis of his instructions has used his personal data in accordance with the law or the European It is treated in violation of the regulations defined in the mandatory legal act of the Union.

The Data Controller or the data processor is obliged to prove that the data management complies with the regulations for the management of personal data defined in legislation or in a mandatory legal act of the European Union.

The lawsuit may be initiated by the person concerned - at his or her choice - before the court competent for his or her place of residence. A person who otherwise does not have legal capacity can be a party to the lawsuit. The Authority may intervene in the lawsuit in order to win the case for the person concerned.

9. FINAL PROVISIONS              

The Data Controller regularly reviews the content of the Notice and reserves the right to modify it at any time at its discretion and according to the content of the relevant legislation. Amendments to the Notice shall enter into force at the same time as publication.

en_GBEN