Information about data management for job applicants
The protection of the personal data of prospective employees is extremely important to us. We have developed this Data Protection Notice to provide information about what personal data we process about you, for what purpose and on what legal basis, as well as what organizational and technical measures we take to protect your personal data, and to inform you about your rights.
1. Data controller details
Data controller: Wozify Engineering Group Kft.
Registered office: 1043 Budapest, Berda József utca 42. 2nd floor, door 11
Company registration number: 01-09-414698
Tax number: 23879102-2-41
Website: www.wozify.com
Data protection officer contact: [email protected]
2. General legal provisions governing data processing
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR)
- Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv.)
- Act I of 2012 on the Labour Code (Mt.)
3. Definitions
Personal data: any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Such typical personal data include, in particular: name, address, place and date of birth, mother's maiden name.
Data processing: any operation or set of operations which is performed on personal data or data files, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the Data Controller or the specific criteria for the designation of the Data Controller may also be determined by Union or Member State law.
Data Processor: the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Data Controller.
Recipient: the natural or legal person, public authority, agency or any other body to which the personal data are disclosed, whether a third party or not.
4. Data processing activity
The Data Controller processes the personal data of job applicants as follows:
4.1. Applying for the advertised job vacancy
| Purpose of data processing | Checking the availability of the necessary conditions for filling the position in relation to the advertised job application |
| Legal basis for data processing | GDPR Article 6(1)(a): consent |
| Scope of personal data processed | Personal data proving compliance with the educational and qualification requirements specified by the job applicant in his/her CV and its annexes |
| Data retention period | Until consent is withdrawn, but at most until the job application is closed and you are notified of the result |
4.2. Participation in a database
| Purpose of data processing | Checking the existence of the conditions required to fill the position in the Data Controller's database for a possible later job offer |
| Legal basis for data processing | GDPR Article 6(1)(a): consent |
| Scope of personal data processed | Personal data proving compliance with the educational and qualification requirements specified by the job applicant in his/her CV and its annexes |
| Data retention period | Until consent is withdrawn, but a maximum of 2 years after receipt of the CV |
5. Recording data
Personal data is collected from the Data Subject. The Data Controller may process personal data that is not collected from the Data Subject, and the Data Controller will always inform the Data Subject individually about this.
6. Additional Data Controller, joint data processing
The Data Controller may use an additional Data Controller during data processing, and the Data Controller will always inform the Data Subject individually about this. Joint data processing does not take place during the processing of the personal data of job applicants.
7. Use of a data processor
The Data Controller uses Data Processor(s) during data processing:
- recruiting and headhunting company(ies):
- Human Recruitment Management Ltd. (registered office: 1172 Budapest, Ignác utca 38. 1., company registration number: 01-09-416319)
- ProcessHunt Ltd. (registered office: 2030 030 Érd, Vereckei utca 61., company registration number: 13-09-223281)
Data management information: https://processhunt.hu/adatkezelesi-tajekoztato/ - service provider of profession.hu: profession.hu Ltd. (registered office: 1123 Budapest, Nagyenyed utca 8-14. level 4., company registration number: 01-09-199015)
Data management information: https://www.profession.hu/gdpr/#adatfeldolgozok
- email system provider(s):
- Google Ireland Ltd. (registered office: Gordon House, Barrow Street, Dublin 4, Ireland)
Data management information: https://policies.google.com/technologies/product-privacy?hl=hu - Microsoft Magyarország Ltd. (registered office: 1031 Budapest, Graphisoft Park 3., company registration number: 01-09-262313)
Data management information: https://www.microsoft.com/hu-hu/privacy/privacystatement - Tárhely.Eu Szolgáltató Ltd. (registered office: 1097 Budapest, Könyves Kálmán körút 12-14., company registration number: 01-09-909968)
Data management information: https://tarhely.eu/dokumentumok/adatvedelmi_szabalyzat.pdf
- Google Ireland Ltd. (registered office: Gordon House, Barrow Street, Dublin 4, Ireland)
- hosting service provider:
- UpCloud Oy. (registered office: Aleksanterinkatu 15b 7th floor, 00100 Helsinki, Finland)
Data management information: https://upcloud.com/privacy-policy
- UpCloud Oy. (registered office: Aleksanterinkatu 15b 7th floor, 00100 Helsinki, Finland)
- cloud-based software provider:
- Notion Labs Inc. (registered office: 2300 Harrison St, San Francisco, CA 94110, United States of America)
Data management information: https://www.notion.so/notion/Terms-and-Privacy-28ffdd083dc3473e9c2da6ec011b58ac
- Notion Labs Inc. (registered office: 2300 Harrison St, San Francisco, CA 94110, United States of America)
- file sharing platform provider(s):
- Google Ireland Ltd. (registered office: Gordon House, Barrow Street, Dublin 4, Ireland)
Data management information: https://policies.google.com/technologies/product-privacy?hl=hu - Dropbox International Unlimited Company (registered office: Hatch Street Upper, One Park Place, Floor 6, Dublin 2, Ireland)
Data management information: https://www.dropbox.com/terms - Formagrid Inc. (799 Market St., 8th Floor, San Francisco, CA 94103, United States of America)
Data management information: https://www.airtable.com/company/privacy
- Google Ireland Ltd. (registered office: Gordon House, Barrow Street, Dublin 4, Ireland)
- online meeting platform provider:
- Zoom Lionheart Squared Ltd. (registered office: 2 Pembroke House, Upper Pembroke Street 28-32., Dublin DO2 EK84, Ireland)
Data management information: https://www.zoom.com/en/trust/privacy/privacy-statement/?ampDeviceId=c203b9e8-b1be-4c46-bac5-c3748b114dfb&SessionId=1741555929284
- Zoom Lionheart Squared Ltd. (registered office: 2 Pembroke House, Upper Pembroke Street 28-32., Dublin DO2 EK84, Ireland)
If the involvement of other Data Processor(s) becomes necessary during the job application process, the Data Controller will always inform the Data Subject individually.
8. Data transmission
The Data Controller may transfer personal data to another recipient, the Data Controller will always inform the Data Subject individually about this.
Data transfer only takes place in accordance with the provisions of the applicable laws and in a documented manner (for example, based on an official or court request).
9. Access to data
Competent employees of the Data Controller can access personal data to the extent necessary to perform their duties.
10. Data security measures
The Data Controller ensures, through appropriate IT, technical and personal measures, that the personal data it processes is protected, among other things, against unauthorized access or unauthorized alteration.
11. Rights of the Data Subject and their content related to data processing
| Data subject rights related to data processing | Content of the Data Subject's rights related to data processing |
| Right to information /GDPR Articles 13-14/ | You have the right to be informed of the fact and purposes of the processing of your personal data at the time of obtaining it. The Controller shall also provide you with such additional information as is necessary to ensure fair and transparent data processing, taking into account the specific circumstances and context of the processing of your personal data. You must also be informed of the fact and consequences of profiling. |
| Right of access /GDPR Article 15/ | You have the right to request information as to whether your personal data is being processed and, if such processing is taking place, you have the right to know whether the Data Controller:
|
| Right to rectification /GDPR Article 16/ | You have the right to request that the Data Controller correct your inaccurate personal data or complete incomplete personal data. This means that you can request that the Data Controller modify any of your personal data (for example, you can change your e-mail address or other contact details at any time). |
| Right to erasure ("right to be forgotten") /GDPR Article 17/ | You have the right to obtain from the Controller the erasure of your personal data where one of the following grounds applies:
|
| Right to restriction /GDPR Article 18/ | You have the right to request that the Data Controller restrict data processing if one of the following reasons applies:
|
| Right to data portability /GDPR Article 20/ | You have the right to receive your personal data provided by you to a Data Controller in a segmented, widely used, machine-readable format, and you are also entitled to transmit this data to another Data Controller without being hindered by the Data Controller to whom you provided the personal data, if:
|
| Right to object /GDPR Article 21/ | You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on point (e) or (f) of Article 6(1), including profiling based on those provisions. In this case, the Data Controller may no longer process your personal data, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling, where this is related to direct marketing. |
| Right to withdraw consent /GDPR Article 7(3)/ | You have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. You must be informed of this before giving your consent. Withdrawing consent must be made as easy as giving it. |
12. Data Subject's legal remedies related to data processing and their content
| Legal remedy | Content of the legal remedy |
| The right to lodge a complaint with the Supervisory Authority /GDPR Article 77/ | You may file a complaint with the following Authority in case of violation of your right to the protection of your personal data: National Authority for Data Protection and Freedom of Information registered office: 1055 Budapest, Falk Miksa utca 9-11. mail address: 1363 Budapest, Pf. 9. telephone: +36 (1) 391-1400 email: [email protected] website: www.naih.hu |
| Right to an effective judicial remedy against the Controller or Processor (initiation of legal proceedings) /GDPR Article 79/ | You have the right to take legal action against the Data Controller or Data Processor if you experience unlawful processing of your personal data. The court will deal with the matter as a matter of urgency. In this case, you are free to decide whether to file your claim with the court competent for your place of residence or stay. Contact details of the courts: www.birosag.hu/torvenyszekek |
13. Updating the Data Management Information
The Data Controller reserves the right to unilaterally modify this Data Management Information. This notice may be amended in particular if it is necessary due to changes in legislation, data protection authority practice, business needs or other circumstances. At the request of the Data Subject, the Data Controller will send him a copy of the current notice in the form agreed with him/her.
March 15, 2025, Budapest