PRIVACY NOTICE
Sysdata PSE Ltd. processes the data of applicants (referred to as the “Data Subject”) for job advertisements published on its website and job applications published by Sysdata PSE Ltd. (referred to as the “Data Controller”) or by a third party acting on its behalf.
In connection with the processing of the data, the Data Controller hereby informs the Data Subjects about the personal data it processes, the principles and practices followed in the processing of personal data, as well as the ways and means of exercising the rights of the Data Subjects.
When submitting an application, the Data Subject, by accepting the Privacy Notice, voluntarily and expressly consents to the processing of the data as set out below.
1. Purpose of data processing
The Data Controller records and processes the Data Subject’s personal data in order to meet the Data Subject’s labour needs and to steer the recruitment and selection process, to conduct the application or application process for the advertised position and any related competency tests, to communicate with the Data Subjects and to facilitate decision-making and for any successful application, to facilitate the conclusion of a contract for the employment of the Data Subject. The Data Controller also reserves the right to process the Data Subject’s data, where the application submitted by the Data Subject is unsuccessful for the position in question, for the aforementioned reasons and purposes, for the processing duration in relation to open positions for which the Data Subject has not expressly applied. The Data Controller shall process and store the data provided by the Data Subjects for the sole purpose of achieving the aims set out above.
The Data Controller shall not use the personal data provided for purposes other than those set out above. If the Data Controller intends to use the data provided for purposes other than those for which they were originally collected, the Data Controller shall inform the Data Subject in advance and obtain his/her explicit consent or give him/her the opportunity to prohibit such use.
Disclosure of personal data to third parties or public authorities shall be possible, unless otherwise required by law, with the prior explicit consent of the Data Subject.
2. Legal basis for processing
The processing is based on the Data Subjects’ voluntary and explicit informed consent. In view of the above, the processing by the Data Controller is based on the voluntary consent of the Data Subject in accordance with Article 5(1)(a) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as “Info.tv.”) and the General Data Protection Regulation 2016/679 of the European Parliament and of the Council of the European Union, also known as the “GDPR”.
The Data Controller does not, as a general rule, verify the accuracy of the personal data provided to it during the recruitment-selection process, and the Data Subject providing it is solely responsible for its accuracy. By providing an e-mail address, the Data Subject also accepts responsibility for the exclusive use of the e-mail address provided. In this regard, the Data Controller excludes its liability for any case where it communicates with the Data Subject via the e-mail address provided by the Data Subject, but for any reason the information communicated by the Data Controller via the e-mail address provided by the Data Subject becomes accessible to a third unauthorised person other than the Data Subject.
3. Name of Data Controller
Name: Sysdata PSE Kft.
Registered office:
1143 Budapest, Gizella út 51-57.
Tax number: 10881952-2-42
Company registration number: 01-09-267759
Registering court:
Budapest General Court, Commercial Court
E-mail: contact@sysdata-pse.com
Phone: + 36 1 780 5000
4. Scope of personal data processed
The scope of the data provided by the Data Subject includes the personal data that the Data Subject provides by sending his/her CV and cover letter or by uploading them to the system of the Data Controller named in point 3.
These data may optionally include the following:
-
-
-
-
- surname and first name
- date of birth
- e-mail address
- telephone number
- postal code, city, street and house number
- native languagenationality
-
-
-
-
-
- Data relating to work experience:
-
If you are a career starter
Employer company name
Title of position
Field of employment
Industry of employment
Department
Place of employment: country and city
Start and end of employment
Field of activity, description of the post held
Level of position held.
-
-
- Data related to studies:
-
Name of training institution
Name of training course
Name of the course of study at the educational establishment
Type of training
Description of the training
Language of training
Place of training: by country and city
Level of qualification
Year of start – Year of completion or
Studies still in progress.
-
-
- Data on other studies:
-
Name of training
Name of organisation
Language of training
Place of training: by country and city
Date of issue of diploma
Certificate number
Description of training
-
-
- Language proficiency data:
-
Language of language examination
Level of language examination
Language of actual language proficiency
Language proficiency level
-
-
- Professional skills
-
Title of professional knowledge
-
-
- Driving licences for motor vehicles
-
type of licence
-
-
- Net salary required
-
Net salary requirement range
The interested party agrees that, if his/her CV has been brought to the attention of the person responsible for the recruitment and selection process of Sysdata PSE Ltd, he/she may be contacted at the contact details (e-mail address, telephone number) provided.
5. Duration of processing
The processing of the personal data provided by the Data Subject, as defined in point 4 of this document, starts with the submission of the application materials and continues until their deletion. Unless otherwise specified by law, the processing of the data delineated in point 4 of this document shall continue until the purpose of the process has been fulfilled.
The deletion of the data provided in the application may be requested at any time. In this case, the deadline for deletion of the data is 30 days after receipt of the request.
The above provisions shall not affect the processing of data on the basis of additional consent given in any other way.
6. Who can access the data, data transfers, data processing
The data provided by the Data Subjects are not made public and may only be accessed by those involved in the recruitment and selection process of the Data Controller (employees of the HR department, heads of internal departments, members of management, team managers) and employees of the company providing technical support for the Data Controller’s IT system (the latter, however, only in the course of their activities, to the extent necessary).
The members of the groups described above shall have access to the data only in connection with the performance of their duties, to the extent necessary and justified for that purpose.
Such data shall not be disclosed or transferred to third party(ies) by the Data Controller or by the relevant employees of the company providing technical support for its IT system.
By uploading his/her data, the Data Subject consents to his/her data being made available to the members of the group described above.
In addition to the above, the transfer of personal data concerning the Data Subject may only take place in cases that are mandatory by law or on the basis of the Data Subject’s consent.
7. Rights and means of redress
Interests concerned:
Right to information (scope of data, identity of the controller, purpose, legal basis, duration of processing, data protection officer, rights of redress)
-
-
- Right of access to personal data
- Right to rectification
- Right to erasure (‘right to be forgotten’)
- Right to restriction of processing
- Right to object
-
These rights may be exercised by contacting the Data Controller by electronic mail:
Functioning mailbox address: contact@sysdata-pse.com
7.1. Right to prior information
The data subject shall have the right to be informed at any time and in an intelligible form of the facts and information related to his/her personal data processing, in particular before the processing starts. Upon request, information shall be sent without delay, but within 30 days at the latest, to the contact details provided.
7.2. Right of access
The data subject shall have the right to obtain from the controller a concise, intelligible answer as to whether or not his or her personal data are currently being processed and, if so, the right to access the personal data and related information as defined in the EU Regulation. Information on your request must be sent to the contact details provided without delay and within 30 days at the latest.
7.3. Right to rectification
The data subject shall have the right to obtain from the Data Controller, upon his/her request, the rectification of inaccurate personal data without undue delay. The Data Subject shall have the right to request the amendment or completion of inaccurate or incomplete personal data. Such a request shall be acted upon immediately, but within 30 days at the latest, and information shall be sent to the contact details provided.
7.4. Right to erasure/”right to be forgotten”
The Data Subject shall have the right to obtain, upon his/her request, the erasure of personal data by the Data Controller without undue delay, and the Data Controller shall be obliged to erase personal data regarding the Data Subject without undue delay in certain cases. Upon request, this shall be done without undue delay and within a maximum of 30 days and information shall be sent to the contact details provided.
The Data Subject shall have this right in particular in relation to the personal data processed on the basis of his or her consent. In the case of data processed pursuant to a legal obligation, this right is expressly limited.
7.5. Right to restriction of processing
The Data Subject has the right to obtain from the Data Controller, at his or her request, the restriction of processing if certain specified conditions are met. This is mainly intended to record a specific processing situation, which may be a precursor to a legal dispute or the specific dispute itself. Upon request, this must be done promptly and within a maximum of 30 days and information must be sent to the contact details provided.
7.6. Obligation to notify the rectification or erasure of personal data or the restriction of processing
The Controller shall inform all recipients to whom the personal data have been disclosed of any rectification, erasure or restriction of processing. Exception: compliance with this obligation cannot be expected if it proves impossible or involves a disproportionate effort.
7.7. Right to data portability
The data subject has the right to receive personal data relating to him or her which he or she has provided to a Data Controller in a structured, commonly used, machine-readable format and the right to transmit such data to another Data Controller.
7.8. Right to object
The data subject has the right to object at any time to the processing of his or her personal data where
-
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
- processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.
The objection shall be examined and a decision shall be taken on the merits within the shortest possible time from the date of the request, but not later than 15 days, and the decision shall be communicated to the contact details provided.
7.9. Informing the data subject of the personal data breach
If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall, without undue delay, inform the Data Subject of the personal data breach.
7.10. Right to lodge a complaint with a supervisory authority (right to apply to a supervisory authority)
The data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes on the EU Data Protection Regulation.
7.11. Right to an effective judicial remedy against the supervisory authority
All natural and legal persons have the right to an effective judicial remedy against a legally binding decision of a supervisory authority which is addressed to them.
This right shall apply even if the supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments concerning the complaint lodged or of the outcome of the complaint.
7.12. Right to an effective judicial remedy against the controller or processor
Every data subject has the right to an effective judicial remedy if he or she considers that his or her rights have been infringed on as a result of the processing of his or her personal data not in accordance with the EU Regulation.
8. Use of e-mail addresses
The processing of e-mail addresses is primarily for the purpose of identifying the Data Subject and contacting him or her, and e-mails are sent primarily for this purpose.
9. Data security
The Data Controller undertakes to ensure the security of the data, to take technical measures to ensure that the data collected, stored and processed are protected and to take all necessary steps to prevent their destruction, unauthorised use and unauthorised alteration.
10. Other provisions
The Data Controller reserves the right to unilaterally amend this Privacy Notice by notifying the Data Subjects. Following the amendment’s entry into force, the Data Subject shall accept the amended Privacy Notice by accepting the amended Privacy Notice during any further applications and contacts with the Data Controller.