Please be informed that Consortix Informatikai Tanácsadó Korlátolt Felelősségű Társaság as an employer and as a Data Controller (henceforth referred to as the "Data Controller"), when publishing new job advertisements for which it is expecting applications from natural persons, requests CVs from the applicants and conducts job interviews on the basis of these CVs in order to select the right candidate. The CVs will necessarily contain personal data of the job applicants as data subjects (henceforth referred to as "Data Subjects"), which will be processed by Consortix Ltd. The Data Controller shall provide the information contained in this notice in relation to the processing of personal data of the Data Subjects who apply for and submit CVs for job advertisements, in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (henceforth referred to as "GDPR").
Data Controller
Name: Consortix Informatikai Tanácsadó Korlátolt Felelősségű Társaság (henceforth as “Data Controller”)
Registered Office: 1036 Budapest, Lajos utca 74-76.
Representative
Name: Tamás Sváb
E-mail: info@consortix.com
Telephone: +3612312288
The appointment of a Data Protection Officer is not mandatory for the Data Controller under the GDPR. The Data Protection Officer has not been appointed by the Data Controller, but can be contacted on the following contact details for data protection issues:
Name: András Simonyi
Contact: dataprivacy@consortix.com
Data subjects: natural persons applying for job vacancies:
signature, nationality, mother tongue, mother’s name, photograph with face, details of previous jobs/positions, personal details of reference person for previous jobs/positions, e-mail address, interests/job, education(s), category of driving license, year of obtaining driving license, address, postal/notification address, language skills, qualifications, place of birth, date of birth, name at birth, place of residence, telephone number, name worn, salary claim
Determining the suitability of the applicant for employment and selecting suitable candidates for the advertised position
The Data Controller processes these data on the basis of Article 6(1)(a) of the GDPR (your consent), which the data subject gives by sending his or her CV to the Data Controller.
Persons entitled to access the data: the personal data provided above may be accessed by the employees responsible for recruiting candidates within the Data Controller''s organization, by employees working in the area covered by the vacancy notice who are involved in determining the suitability of the candidate, and by the prospective employer.
Transfers of data: The Data Controller will not transfer the CVs of the data subjects to any third party within the EU, to a third country or to an international organization.
Data processors: the Data Controller uses the following data processors to achieve the purpose of the processing:
Microsoft Corporation
Dept. 551, Volume Licensing
6100 Neil Road, Suite 210
Reno, Nevada 89511-1137
USA
Provision and operation of the Office 365 cloud and hosting service
Place and means of processing: the personal data provided by the data subject are stored electronically on servers provided by the processor.
Data retention period: personal data of the data subject will be processed by the Controller until the withdrawal of the data subject''s consent, but not longer than the following period:
Please be informed that the Data Controller will take all technical and organizational measures and establish the procedural rules necessary to enforce the GDPR rules on confidentiality and security of processing.
The Data Controller shall take appropriate measures to protect the data it processes against unauthorized access, alteration, disclosure, transmission, disclosure, erasure or destruction and against accidental destruction or accidental damage.
The Data Controller shall, in the course of its processing, retain:
The Data Controller shall adequately protect its information technology systems and networks against computer fraud, espionage, fire and flooding, viruses and computer intrusions. The Operator shall ensure security through server-level and application-level protection procedures.
Please be informed that you may request, at any time and without restriction, in relation to your personal data:
The Data Controller shall take appropriate measures to provide data subjects with all the information referred to in Articles 13 and 14 of the GDPR and each of the notifications referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
The right to information can be exercised in writing by using the contact details indicated in point 3 of this notice. The data subject may also be provided with information orally at his or her request, after verification of his or her identity.
The data subject shall have the right to obtain from the controller information as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to obtain access to the personal data and to the details of the processing as provided for in the GDPR.
The Data Controller shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, the controller may charge a reasonable fee in line with the administrative costs. At the request of the data subject, the controller shall provide the information in electronic form.
The controller shall provide the information within a maximum of one month of the request.
The data subject may request the correction of inaccurate personal data relating to him or her processed by the Controller and the completion of incomplete data.
The data subject shall have the right to obtain, upon his or her request, the erasure of personal data relating to him or her by the Controller without undue delay where:
The erasure of the data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defense of legal claims.
At the request of the data subject, the Controller shall restrict processing if one of the following conditions is met:
Where processing is subject to restriction, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State. The Controller shall inform the data subject in advance of the lifting of the restriction on processing.
The data subject shall have the right to obtain the personal data relating to him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit those data to another controller, where
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.
In the event of an objection to the processing of personal data for direct marketing purposes, the data shall not be processed for those purposes.
The data subject shall have the right to object to decisions based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
The above right shall not apply where the processing
Please be informed that the Controller does not use automated decision-making or process personal data for profiling purposes in relation to the processing purposes set out in this notice.
The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal.
The controller shall, without undue delay and in any event within one month of receipt of the request, inform the data subject of the action taken on the request made by the data subject in relation to the above. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months.
If the controller fails to act on the data subject's request, it shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.
The Controller shall provide the requested information and notification free of charge. Where the data subject''s request is manifestly unfounded or excessive, in particular because of its repetitive nature, the controller may, taking into account the administrative costs of providing the information or information requested or of taking the action requested, charge a reasonable fee or refuse to act on the request.
Any person who has suffered damage, whether pecuniary or non-pecuniary, as a result of a breach of the Regulation shall be entitled to compensation from the controller or processor for the damage suffered. A processor shall be liable for damage caused by processing only if it has failed to comply with the obligations expressly imposed on processors by law or if it has disregarded or acted contrary to lawful instructions from the controller.
Where more than one controller or more than one processor, or both controller and processor, are involved in the same processing and are liable for the damage caused by the processing, each controller or processor shall be jointly and severally liable for the total damage.
The controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.
If you have a complaint or problem regarding the processing of your personal data, please contact us at the contact details set out in the section of this notice entitled "Names and contact details of the Data Protection Officer" in order to resolve the complaint amicably. If this is not successful, you may also contact the competent data protection authority or the competent court in your place of residence or domicile if you believe that there has been a breach of your personal data.
You can submit your complaint to the Supervisory Authority using the contact details below:
Authority name: National Authority for Data Protection and Freedom of Information (website: http://www.naih.hu)
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.,
Postal address: 1530 Budapest, PO Box 5.
Please be informed that the data provided to the Data Controller on the basis of this information notice will not be used for purposes other than those indicated in this information notice.
