Contact
Have a question? Contact us at one of our contact details!
- info@hrpark.hu
- +36 1 884 4010
-
1134 Budapest
Váci út 45, Building B, 8th floor
Our services
2025 | All rights reserved! | www.hrpark.hu
1) The identity and activities of the controller
The controller of the HR Park Szolgáltató Korlátolt Felelősségű Társaság (registered office: 1134 Budapest, Váci út 45.; company registration number: 01-09-302136; represented by Sándor Bágyi, Managing Director; e-mail address: info@hrpark.hu; phone: +36 1 884 4010; hereinafter referred to as: "Data Controller"). In any case, the personal data of the data subjects are processed by the Data Controller.
The Data Controller is a business company registered in Hungary, which is engaged in the business of hiring and mediation of labour. The Data Controller operates the website available at www.hrpark.hu (hereinafter: "Website"), where it is possible to register workers (jobseekers) and employers (job providers).
If the Data Controller enters into a legal relationship with the data subject as a temporary employment agency, the Data Controller is considered a temporary employment agency within the meaning of Act I of 2012 on the Labour Code (hereinafter: "Mt."). Where the Data Controller facilitates the contact between the employer registering with (or acting on behalf of) the Data Controller and the data subject, the Data Controller is an intermediary.
The Data Controller has registered its data processing in the data protection register kept by the National Authority for Data Protection and Freedom of Information. Registration number: NAIH-137245/2018
2.) Scope of the Privacy Notice, applicable law
The scope of this Privacy Policy covers the activities and data management of the Data Controller, including the data management of the Website. It does not cover the processing of third parties, such as the data of the borrower or the employer to whom the Data Controller refers the data subject.
This Notice only covers the processing of data of natural persons.
3) Principles of data management, the applicable legislation
The Data Controller shall act in good faith and fairness, in cooperation with the data subjects in the processing. The Controller shall process only the data specified by law or provided by the data subjects for the purposes set out below.
The Data Controller processes personal data in accordance with applicable law. The legislation governing the processing of personal data includes in particular:
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: "Infotv.");
- Mt.
The relevant legislation is available at http://net.jogtar.hu/ at.
4.) Purpose of data processing
The Data Controller processes personal data for the performance of its activities. In the case of temporary agency work, the Data Controller acts as a lender, whereby it lends persons who have entered into a legal relationship with it for the purpose of temporary agency work to the borrower. In the case of temporary agency work, the purpose of the processing is primarily to establish an employment relationship between the data subject and the Data Controller for the purpose of temporary agency work. Where the Data Controller acts as an intermediary on behalf of another employer, the primary purpose of the processing is to establish the relationship between the data subject and the employer and to facilitate the establishment of an employment relationship between the data subject and the employer.
Based on the above, the processing covered by this Notice may be for the following purposes:
5.) Recording the data
The Data Controller collects the data primarily from the data subject. The data may be collected via the Website or by means of a form provided by the Data Controller. The Data Controller shall collect data from other sources only if the data subject has given his or her informed consent in view of the data source and the circumstances of the data transfer.
By registering, the data subject expressly consents to the Data Controller having access to the data which the data subject has disclosed and which are lawfully accessible to any person. This includes, in particular, social networking sites (e.g. Facebook) on which the data subject has made his or her data public.
In the case of the Website, data can be added after registration. During registration, the data subject provides his/her full name, e-mail address and uploads his/her CV. During registration, the data subject provides his/her user name and password, which is necessary to use the Website.
6.) Legal basis for processing
6.1. Consent of the data subject
The legal basis for processing is primarily the consent of the data subject. The data subject gives his or her consent by contacting the Data Controller, providing his or her data and initiating the use of the Data Controller's services. The data subject gives his or her consent by providing his or her data and accepting the information on the processing.
If the data subject enters into a contract with the Data Controller, he or she gives his or her consent to the processing of all personal data specified in the contract, the processing of which is necessary for the performance of the contract, in accordance with Article 6(4) of the Data Protection Act.
6.2. Legal provision
If an employment relationship is established between the data subject and the Data Controller, the data processing is governed by the Labour Code and other legislation on employment and public charges (legislation on employment protection, taxation, social security). If an employment relationship is established between the Data Controller and the data subject, the Data Controller as the employer shall inform the data subject of the processing of the data at the same time as the employment contract is concluded.
7.) Scope of the data processed
The Data Controller shall process only the data provided by the data subjects and data generated in the course of the performance of the legal relationship between the Data Controller and the data subject. The data processed are the following:
Full name, e-mail address, telephone number, address: The purpose of data processing is to identify the data subject and to contact the data subject.
Password: The purpose of managing the password provided by the data subject on the Website is to ensure the use of the Website.
Information on education, skills and competences provided in the CV uploaded by the data subject: You can upload your CV on the Website. The purpose of data processing is to assess the skills and suitability of the data subject and to facilitate the establishment of an employment relationship.
Other data contained in documents uploaded by the data subject: The person concerned has the possibility to upload additional documents (e.g. a letter of motivation, copies of documents proving qualifications) to the Website. In all cases, the uploading of these documents is voluntary. If the data subject uploads documents, the Data Controller will process the data contained therein. The purpose of the processing is to assess the qualifications and aptitude of the data subject and to facilitate the establishment of an employment relationship.
Job search data: The Data Controller keeps a record of the jobs for which the data subject has applied and the employers to whom the data may have been disclosed.
Data on aptitude tests: If it is relevant to the job in question, the Data Controller may assess the suitability of the data subject specifically in relation to the skills and abilities relevant to the job. Before the aptitude test, the Data Controller shall inform the data subject of the purpose and procedure of the aptitude test. In any case, the result of the assessment shall be made known to the data subject and may be used only with the data subject's consent.
8.) Consequences of refusal or withdrawal of the data subject's consent
Withdrawing consent to the processing of certain data and documents does not automatically exclude the data subject from the job search process. If the knowledge of certain data is necessary to fill a job (e.g. qualifications, aptitude test) and the data subject does not consent to the processing of this data or withdraws his/her consent given earlier, the data subject cannot be placed in the job in question and no employment relationship is established with the Data Controller or any other employer for the job in question. If the refusal or withdrawal of consent precludes the establishment of an employment relationship, the Data Controller shall inform the data subject thereof. The information shall include the reasons why the data are relevant for the job in question.
9) Description of the data management process, access to data by the employer
The Controller collects personal data as set out in point 5 above. The data processing is based primarily on the data provided by the data subject (identification data, CV), either during registration or later, when accessing the Website. When registering, the data subject provides information on his/her education, skills, qualifications and the job sought. Providing the data on the registration form is mandatory unless explicitly indicated otherwise.
The data subject provides the data independently, the Data Controller does not give any mandatory guidelines or content requirements. The data subject expressly consents to the processing of the data he or she provides.
The data subject's data are accessible to employers seeking to recruit employees when the data subject applies for a job advertisement published by that employer. By registering, providing his/her data and applying for a specific job advertisement, the data subject explicitly consents to the access of his/her data by employers. Where the data subject applies for a specific job, by applying for a specific job, the data subject consents to the Controller transferring the data to the employer. The data subject will be informed of the identity of the employer.
If the data subject's registration is for the purpose of entering into a temporary employment relationship with the Data Controller, the data will be processed by the Data Controller as an employer. Where an employment relationship is established between the Data Controller and the data subject, the Data Controller as employer shall inform the data subject of the processing of the data at the time of the conclusion of the employment contract.
If the employment relationship is not established on the basis of the data provided by the data subject, the Data Controller shall inform the data subject accordingly. If, on the basis of the data provided by the data subject, there is a possibility that an employment relationship may be established in the future, the Data Controller shall retain the data, while informing the data subject. If it is clear from the data provided that the employment relationship cannot be established in the future, the Data Controller shall delete the data.
10.) Technical data and cookie management
The Data Controller's system automatically records the IP address of the user's computer, the starting time of the visit and, in some cases, depending on the computer's settings, the type of browser and operating system. The data thus recorded cannot be linked to other personal data. The data are processed for statistical purposes only.
Cookies allow the Website to recognise previous visitors. Cookies help the Data Controller, as the operator of the Website, to optimise the Website, to tailor the services of the Website to the users' habits. Cookies can also be used to
- remember the settings so that the user does not have to re-enter them when they go to a new page,
- remember previously entered data, so you don't have to re-enter it,
- analyse the use of the website in order to make improvements using this information to ensure that it works as well as possible for the user, that the user can easily find the information they are looking for, and
- monitor the effectiveness of our advertising.
If the Data Controller displays various content on the Website using external web services, this may result in the storage of some cookies that are not under the control of the Data Controller, and therefore it has no control over the data collected by these websites or external domains. Information about these cookies is provided in the policies for the relevant service.
The Data Controller uses cookies to serve advertisements to data subjects through Google and Facebook. The processing is carried out without human intervention.
The user can set their web browser to accept all cookies, reject all cookies or notify the user when a cookie is received. The setting options are usually found in the "Options" or "Preferences" menu of the browser.
The English language www.aboutcookies.org detailed information on the website will also help you with settings in different browsers
The Data Controller shall only transfer personal data to third parties if the data subject has given his or her unambiguous consent, knowing the scope of the data transferred and the recipient of the data transfer, or if the transfer is authorised by law.
In all cases, the Data Controller shall document the transfers and keep records of the transfers.
12.) Data processing
The Data Controller is entitled to use a data processor for the performance of its activities. Processors do not take decisions on their own, they are only entitled to act in accordance with the contract concluded with the Data Controller and the instructions received. The Controller shall monitor the work of the processors. Processors shall only be entitled to engage an additional processor with the consent of the Controller.
The Data Controller shall indicate the identity of the data processors in this Notice.
13) Data security, access to data
The Data Controller shall ensure the security of the data, take the technical and organisational measures and establish the procedural rules necessary to enforce the applicable laws, data protection and confidentiality rules. The Data Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or damage and against inaccessibility resulting from changes in the technology used.
The Data Controller shall keep records of the data processed by it in accordance with the applicable laws, ensuring that the data may only be accessed by employees and other persons acting in the interests of the Data Controller (data processors) who need to know the data in order to perform their job or task. The data may only be accessed within the employee's organisation if they are logged. The employees of the Data Controller shall only carry out individual searches and operations on the data at the request of the data subject or if necessary for the provision of the service.
The Data Controller shall take into account the state of the art when defining and applying measures for data security. The Data Controller shall choose among several possible data processing solutions the one which ensures a higher level of protection of personal data, unless this would involve a disproportionate effort.
The Data Controller shall ensure, in particular, in the context of its IT security responsibilities:
- Measures to protect against unauthorised access, including protection of software and hardware devices and physical protection (access protection, network protection);
- Measures to ensure that data files can be recovered, including regular backups and separate secure management of copies (mirroring, backup);
- Protecting data against viruses (virus protection);
- The physical protection of data files and the media on which they are stored, including protection against fire, water, lightning and other natural hazards, and the recoverability of damage caused by such events (archiving, fire protection).
Employees and other persons acting on behalf of the Data Controller shall keep secure the data media containing personal data which they use or have in their possession, regardless of the means of recording the data, and shall protect them against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or damage.
The Data Controller shall operate the electronic register by means of an IT program that meets the requirements of data security. The software shall ensure that access to the data is limited to the persons who need it for the performance of their tasks, and only for the purposes for which it is intended and under controlled conditions.
14.) Duration of data processing
The Controller shall delete personal data if.
If it is found that the data is being processed unlawfully, the Data Controller will delete it without delay.
The data subject may request the erasure of data processed on the basis of his or her voluntary consent. In this case, the Data Controller shall delete the data. Deletion may be refused only if the processing of the data is authorised by law. In any case, the Data Controller shall provide information on the refusal of the request for erasure and on the law authorising the processing.
The Data Controller shall delete the data when the purpose of the processing is no longer valid or the period of time specified by law has expired. The time periods associated with each processing operation are set out in the descriptions of the processing operations (see above).
If a court or the National Authority for Data Protection and Freedom of Information issues a final order for the deletion of the data, the Data Controller will carry out the deletion.
Instead of deletion, the Data Controller shall, after informing the data subject, block the personal data if the data subject so requests or if, on the basis of the information available to him or her, it is likely that deletion would harm the data subject's legitimate interests. Personal data blocked in this way may be processed only for as long as the processing purpose which precluded the deletion of the personal data persists. The Controller shall mark the personal data which it processes where the data subject contests the accuracy or correctness of the personal data, but the inaccuracy or incorrectness of the contested personal data cannot be clearly established.
In the case of processing required by law, the erasure of data shall be governed by the law.
In the event of deletion, the Data Controller shall render the data unidentifiable. Where required by law, the Controller shall destroy the storage medium containing the personal data.
15.) Rights of data subjects and their enforcement
The Data Controller shall inform the data subject about the processing of the data at the time of contacting the data subject. The data subject shall also have the right to request information on the processing at any time.
At the request of the data subject, the Data Controller shall provide information on the data of the data subject processed by the Data Controller or by a data processor appointed by the Data Controller or on its behalf, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the data processor and its activities related to the processing, the circumstances of the personal data breach, its effects and the measures taken to remedy the data breach, and, in the case of the transfer of personal data of the data subject, the legal basis and the recipient of the transfer. The controller shall provide the information in writing in an intelligible form and at the request of the data subject within the shortest possible time from the date of the request, but not later than 25 days. The information shall be provided free of charge if the person requesting the information has not yet submitted a request for information in the current year for the same set of data. In other cases, a fee may be charged. The fee already paid shall be refunded if the data have been unlawfully processed or if the request for information has led to a correction.
The data subject may request that the Controller rectify the personal data that was incorrectly provided. In the event that the data to be corrected are regularly provided, the Controller shall, where necessary, inform the recipient of the data of the rectification and shall draw the attention of the data subject to the need to initiate the rectification with another controller.
The data subject may request the erasure of his or her personal data, except for processing required by law. The Controller shall inform the data subject of the erasure.
The data subject may object to the processing of his or her personal data in accordance with the provisions of the Infotv.
The data subject may submit a request for information, rectification or erasure in writing, by letter addressed to the registered office or place of business of the Data Controller or by e-mail sent to the Data Controller.
If the controller does not comply with the data subject's request for rectification, blocking or erasure, it shall provide the reasons for refusing the request for rectification, blocking or erasure in writing within 25 days of receipt of the request. In the event of refusal of a request for rectification, erasure or blocking, the controller shall inform the data subject of the possibility of judicial remedy and of recourse to the National Authority for Data Protection and Freedom of Information.
The data subject may make the above statements in relation to the exercise of his or her rights at the contact details of the controller set out in point 1.
The data subject may lodge a complaint directly with the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.huIn the event of a breach of the rights of the data subject, he or she is entitled to take legal action pursuant to Article 22 (1) of the Data Protection Act. The court of law shall have jurisdiction to rule on the action. The action may also be brought before the court of the place of residence or domicile of the data subject, at the data subject's choice. The Data Controller shall, upon request, inform the data subject in detail of the possibilities and means of legal remedy.
Have a question? Contact us at one of our contact details!
2025 | All rights reserved! | www.hrpark.hu
