Language: English | Magyar

Information about data management for job applicants

The protection of the personal data of prospective employees is extremely important to us. We have developed this Data Protection Notice to provide information about what personal data we process about you, for what purpose and on what legal basis, as well as what organizational and technical measures we take to protect your personal data, and to inform you about your rights.

1. Data controller details

Data controller: Wozify Engineering Group Kft.
Registered office: 1043 Budapest, Berda József utca 42. 2nd floor, door 11
Company registration number: 01-09-414698
Tax number: 23879102-2-41
Website: www.wozify.com
Data protection officer contact: [email protected]

2. General legal provisions governing data processing

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR)
  • Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv.)
  • Act I of 2012 on the Labour Code (Mt.)

3. Definitions

Personal data: any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Such typical personal data include, in particular: name, address, place and date of birth, mother's maiden name.

Data processing: any operation or set of operations which is performed on personal data or data files, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the Data Controller or the specific criteria for the designation of the Data Controller may also be determined by Union or Member State law.

Data Processor: the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Data Controller.

Recipient: the natural or legal person, public authority, agency or any other body to which the personal data are disclosed, whether a third party or not.

4. Data processing activity

The Data Controller processes the personal data of job applicants as follows:

4.1. Applying for the advertised job vacancy

Purpose of data processingChecking the availability of the necessary conditions for filling the position in relation to the advertised job application
Legal basis for data processingGDPR Article 6(1)(a): consent
Scope of personal data processedPersonal data proving compliance with the educational and qualification requirements specified by the job applicant in his/her CV and its annexes
Data retention periodUntil consent is withdrawn, but at most until the job application is closed and you are notified of the result

4.2. Participation in a database

Purpose of data processingChecking the existence of the conditions required to fill the position in the Data Controller's database for a possible later job offer
Legal basis for data processingGDPR Article 6(1)(a): consent
Scope of personal data processedPersonal data proving compliance with the educational and qualification requirements specified by the job applicant in his/her CV and its annexes
Data retention periodUntil consent is withdrawn, but a maximum of 2 years after receipt of the CV

5. Recording data

Personal data is collected from the Data Subject. The Data Controller may process personal data that is not collected from the Data Subject, and the Data Controller will always inform the Data Subject individually about this.

6. Additional Data Controller, joint data processing

The Data Controller may use an additional Data Controller during data processing, and the Data Controller will always inform the Data Subject individually about this. Joint data processing does not take place during the processing of the personal data of job applicants.

7. Use of a data processor

The Data Controller uses Data Processor(s) during data processing:

If the involvement of other Data Processor(s) becomes necessary during the job application process, the Data Controller will always inform the Data Subject individually.

8. Data transmission

The Data Controller may transfer personal data to another recipient, the Data Controller will always inform the Data Subject individually about this.

Data transfer only takes place in accordance with the provisions of the applicable laws and in a documented manner (for example, based on an official or court request).

9. Access to data

Competent employees of the Data Controller can access personal data to the extent necessary to perform their duties.

10. Data security measures

The Data Controller ensures, through appropriate IT, technical and personal measures, that the personal data it processes is protected, among other things, against unauthorized access or unauthorized alteration.

11. Rights of the Data Subject and their content related to data processing

Data subject rights related to data processingContent of the Data Subject's rights related to data processing
Right to information
/GDPR Articles 13-14/
You have the right to be informed of the fact and purposes of the processing of your personal data at the time of obtaining it. The Controller shall also provide you with such additional information as is necessary to ensure fair and transparent data processing, taking into account the specific circumstances and context of the processing of your personal data. You must also be informed of the fact and consequences of profiling.
Right of access
/GDPR Article 15/
You have the right to request information as to whether your personal data is being processed and, if such processing is taking place, you have the right to know whether the Data Controller:
  • what personal data of yours
  • on what legal basis
  • for what purpose of processing
  • for how long it processes it
  • to whom, when, on the basis of what law, access to which personal data was granted or to whom your personal data was transferred
  • from what source your personal data originates (if you did not provide them to the Data Controller)
  • whether it uses automated decision-making and its logic, including profiling.
Right to rectification
/GDPR Article 16/
You have the right to request that the Data Controller correct your inaccurate personal data or complete incomplete personal data. This means that you can request that the Data Controller modify any of your personal data (for example, you can change your e-mail address or other contact details at any time).
Right to erasure ("right to be forgotten")
/GDPR Article 17/
You have the right to obtain from the Controller the erasure of your personal data where one of the following grounds applies:
  • your personal data are no longer necessary for the purposes for which they were collected or otherwise processed
  • you withdraw your consent on which the processing is based pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) and there is no other legal basis for the processing
  • you object to the processing pursuant to point (1) of Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to point (2) of Article 21(2)
  • your personal data have been processed unlawfully
  • your personal data must be erased for compliance with a legal obligation to which the Controller is subject under Union or Member State law
  • your personal data were collected in connection with the offering of information society services referred to in point (1) of Article 8(1).
Right to restriction
/GDPR Article 18/
You have the right to request that the Data Controller restrict data processing if one of the following reasons applies:
  • You contest the accuracy of your personal data (in this case, the restriction applies for a period of time that allows the Controller to verify the accuracy of the personal data);
  • the processing is unlawful and you oppose the erasure of the data and instead request the restriction of their use;
  • the Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims
You have objected to data processing in accordance with Article 21 (1) (in this case, the restriction applies to the period until it is determined whether the Data Controller's legitimate reasons take precedence over your legitimate reasons).
Right to data portability
/GDPR Article 20/
You have the right to receive your personal data provided by you to a Data Controller in a segmented, widely used, machine-readable format, and you are also entitled to transmit this data to another Data Controller without being hindered by the Data Controller to whom you provided the personal data, if:
  • the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b), and
  • the processing is carried out by automated means.
You have the right to request the direct transmission of your personal data between Data Controllers, where technically feasible.
Right to object
/GDPR Article 21/
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

In this case, the Data Controller may no longer process your personal data, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling, where this is related to direct marketing.
Right to withdraw consent
/GDPR Article 7(3)/
You have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. You must be informed of this before giving your consent. Withdrawing consent must be made as easy as giving it.

12. Data Subject's legal remedies related to data processing and their content

Legal remedyContent of the legal remedy
The right to lodge a complaint with the Supervisory Authority
/GDPR Article 77/
You may file a complaint with the following Authority in case of violation of your right to the protection of your personal data:

National Authority for Data Protection and Freedom of Information
registered office: 1055 Budapest, Falk Miksa utca 9-11.
mail address: 1363 Budapest, Pf. 9.
telephone: +36 (1) 391-1400
email: [email protected]
website: www.naih.hu
Right to an effective judicial remedy against the Controller or Processor (initiation of legal proceedings)
/GDPR Article 79/
You have the right to take legal action against the Data Controller or Data Processor if you experience unlawful processing of your personal data. The court will deal with the matter as a matter of urgency. In this case, you are free to decide whether to file your claim with the court competent for your place of residence or stay. Contact details of the courts: www.birosag.hu/torvenyszekek

13. Updating the Data Management Information

The Data Controller reserves the right to unilaterally modify this Data Management Information. This notice may be amended in particular if it is necessary due to changes in legislation, data protection authority practice, business needs or other circumstances. At the request of the Data Subject, the Data Controller will send him a copy of the current notice in the form agreed with him/her.

March 15, 2025, Budapest