Privacy Notice

In order to ensure the legality of its internal data protection processes and data subjects’ rights, NIX Tech Korlátolt Felelősségű Társaság (hereinafter: Controller, Data Controller or „We”) issues the following privacy notice.

Name of data controller:	NIX Tech Korlátolt Felelősségű Társaság
Company registration number:	01-09-401461
Registered seat:	1138 Budapest, Föveny utca 4-6. 5. em.
Electronic address:	[email protected]
Representative:	Málik Benjámin Lajos ügyvezető
Data protection officer (DPO):	Bovard Kft. ([email protected])

The Data Controller processes personal data in compliance with applicable law, in particular the following:

Act CXII of 2011 on informational self-determination and freedom of information (hereinafter: Infotv.);
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: Regulation or GDPR).

The Data Controller keeps personal data confidential and employs technical and organizational measures relating to the storage of processing of said data in order to ensure its safety.

Definitions

The conceptual structure of this information coincides with the interpretative definitions specified

in Article 4 of the Regulation, supplemented at some points by the interpretative provisions of Infotv. Section 3.

When this information sets out provisions on data or data processing, they should be interpreted as personal data and the processing thereof.

*****

II. PURPOSES OF DATA PROCESSING:

II/A. DATA PROCESSING RELATED TO THE OPERATION OF THE WEBSITE AND SOCIAL MEDIA PAGES, AS WELL AS RESPONDING TO INQUIRIES AND QUOTE REQUESTS

1. Use of cookies on the Website

Purpose of data processing

The Data Controller uses so-called cookies on its website operating under the webpage https://nixstech.com/hu/ (hereinafter referred to as: the “Website”) in order to maintain and improve the services of the Website, as well as to enhance the user experience.

What is a cookie?

Cookies are small text files placed on the user’s device by the browser for identification and information-gathering purposes. A cookie consists of a unique numeric string and is primarily used to distinguish between the computers and other devices that access the website. Cookies serve various functions, including collecting information, remembering user preferences, and enabling the website owner to better understand user behavior to improve user experience.

For what purposes does the Website use cookies?

The Data Controller uses cookies for the following purposes:

To ensure the proper and high-quality operation of the Website and to facilitate navigation between pages;
To improve user experience and execute certain functionalities of the Website;
To understand how visitors interact with the Website (e.g., tracking number of visitors, bounce rates);
To gather information on how users use the Website and which sections they visit the most, in order to improve the overall experience;
To display targeted advertisements.

What types of cookies does the website use?

Strictly necessary cookies:

The Data Controller uses strictly necessary cookies to ensure the proper functioning of the Website and its subpages, including for navigation between pages and to remember user login details.

As such, strictly necessary cookies are essential for users to use the features of the Website without disruption, including remembering actions performed on pages during a visit. These cookies are only valid for the duration of the user’s current visit and are automatically deleted upon closing the browser or ending the session. Without these cookies, we cannot guarantee the proper use of the Website.

Functional, analytical, performance and advertising cookies

The Data Controller provides up-to-date and detailed information about non-essential cookies through the Website’s cookie manager. These cookies, which support enhanced user experience, functionality, website analytics, and the display of targeted advertisements, are used only with the user’s consent.

For website analytics, the Data Controller uses Google Analytics cookies. A detailed description of these cookies is available at:

https://support.google.com/analytics/answer/6004245

The Data Controller uses Google Analytics cookies to analyze website traffic and visitor behavior for statistical purposes, ultimately aiming to improve the Website and enhance the user experience.

Analytical cookies collect information about visitors’ use of the Website in an anonymous manner. These cookies are used only with the user’s consent, which may be withdrawn at any time.

What is the legal basis for cookie-related data processing?

The Data Controller uses cookies that are essential for the use of the Website based on its legitimate interest pursuant to Article 6(1)(f) of the GDPR. The legal basis for the use of other cookies (e.g., statistical and marketing cookies) is the user’s consent under Article 6(1)(a) of the GDPR, which can be provided through the cookie manager.

How can you control and disable cookies?

In addition to the Website’s cookie manager, all modern browsers allow users to modify cookie settings. Most browsers automatically accept cookies by default, but settings can usually be changed to prevent automatic acceptance and offer the option to accept or reject cookies individually.

Since the purpose of cookies is to facilitate or enable the use and processes of the Website, disabling or deleting cookies may result in users not being able to fully utilize all functionalities of the Website or the Website not functioning as intended in their browser.

You can find more information about cookie settings in the most popular browsers at the following links:

Google Chrome:
https://support.google.com/accounts/answer/61416

Firefox:
https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

Microsoft Edge:
https://support.microsoft.com/en-us/help/4468242

Internet Explorer:
https://support.microsoft.com/en-us/help/17442

Opera:
https://help.opera.com/en/latest/web-preferences/#cookies

Safari:
https://support.apple.com/en-us/guide/safari/sfri11471/mac

*****

In today’s digital environment, social media platforms have become the most important channels for communication. In addition to its website, the Data Controller aims to share up-to-date information, news, and events related to its operations and activities through its social media pages. These platforms enable more direct communication with interested individuals and allow the information published by the Data Controller to reach a wider audience.

Currently, the Data Controller operates the following pages and channels:

Facebook page:
https://www.facebook.com/nix.europe
(hereinafter: Facebook Page);

YouTube channel:
https://www.youtube.com/@nix.europe
(hereinafter: Channel);

LinkedIn page:
https://hu.linkedin.com/company/nix-europe
(hereinafter: LinkedIn Page).

(Collectively referred to as the Social Media Pages or Social Media Page.)

Purpose of data processing

The purpose of processing personal data is to operate the Social Media Pages, and through these channels, to inform interested individuals about current news, events, and updates related to the Data Controller’s activities and operations.

Another purpose of operating the Social Media Pages is to allow users to express opinions or reactions regarding the information shared, ask questions, provide feedback, write reviews (in the case of the Facebook Page), or contact the Data Controller via private message.

The Data Controller is entitled to moderate content that violates the terms of use of the Social Media Page or social media platforms in general (i.e., remove such content from the page). If necessary, individuals who regularly and/or severely violate these terms may be banned from the Social Media Page. Therefore, another purpose of data processing is the moderation of such offensive content and the exclusion of individuals engaging in such activity.

The operator of each Social Media Page (see details below) provides the Data Controller with page analytics (or performance analytics, in the case of the Channel) (hereinafter: Page Insights). Page Insights display aggregated data, helping the Data Controller understand how users interact with its Social Media Pages.

The Data Controller reserves the right to organize promotions (e.g., contests) on its Social Media Pages. In such cases, a separate data protection notice will be issued specifically for the data processing involved in those promotional activities.

The Data Controller does not maintain any records outside of the Social Media Pages regarding individuals affected by data processing on the platforms or their activities. Personal data made public by individuals on the Social Media Pages is not processed in any other way or on any other platform by the Data Controller, and in general, such personal data is not used for any purpose other than those specified above.

Processed personal data

The Data Controller processes personal data on the Social Media Pages in the following cases:

When following / subscribing to / joining the Social Media Page, or when unfollowing / unsubscribing / leaving the Page: public data from the user’s profile (profile name, user ID);
In connection with any activity carried out on or related to the Social Media Page: data related to such activities, including writing a post or review, sharing a post, commenting on a post, reacting to a post (e.g., liking a post);
When initiating communication via private message with the Social Media Page: any information voluntarily disclosed by the data subject during the communication;
In the event of a violation of the terms of use of the Social Media Page or social media platforms in general, for the purpose of moderating infringing content or banning the data subject from the Social Media Page: data related to the infringing behavior and public profile data (profile name, user ID).

Personal data processed via Page Insights:

The Page Insights feature may rely on personal data collected by the operator of the Social Media Platform from visitors and users of the Social Media Page and its content. The scope of personal data used for these analytics is determined solely by the platform operator and is only visible to and processed by them. The Data Controller has no influence over the scope or processing of such data and has no control over how the platform operator handles this information.

When using the Page Insights feature, information is presented only in aggregated, statistical form and not on an individual basis. Therefore, the Data Controller does not process personal data in connection with Page Insights.

Legal basis for data processing

The legal basis for the processing is the Data Controller’s legitimate interest pursuant to Article 6(1)(f) of the GDPR, that relates to the operation and moderation of social media sites.

Source of personal data

The data subject and the Social Media Platform.

Access to personal data

Personal data is only accessible by those employees of the Data Controller whose job duties include the management and operation of the Social Media Page.

Except for personal data disclosed via private messages, personal data shared by the data subject on the public interface of the Social Media Page may be accessed by anyone. The Data Controller has no control over who may view data made public on the internet.

Personal data related to the Social Media Page that appears on the data subject’s profile (e.g., posts made on the Facebook Page) may be accessed by others in accordance with the data subject’s own privacy settings. The scope of access (e.g., whether only friends or followers may see the content) is set by the data subject.

Personal data provided via private message is only accessible by the Data Controller.
Transfer of personal data to third countries or international organizations

The Data Controller does not transfer the above personal data to third countries or international organizations. However, due to the global nature of the internet, personal data made public by the data subject (e.g., via comments or reviews) may be accessible to anyone visiting the Social Media Page.

Duration of the processing of personal data

The Data Controller processes personal data for as long as it remains the administrator of the Social Media Page. The Data Controller has no control over how long the platform operator retains or displays such data.

Automated decision-making and profiling

No automated decision-making or profiling takes place during the processing of personal data.

Facebook

Meta Platforms Ireland Ltd. (Merrion Road, Dublin 4, D04 X2k5, Ireland; hereinafter: Meta Ireland) acts as an independent data controller and collects data from individuals who visit Facebook pages, groups, or events in accordance with its own privacy policy.

Meta Ireland’s general privacy policy is available at: https://hu-hu.facebook.com/privacy/explanation

For data protection matters, Meta Ireland’s Data Protection Officer can be contacted via the following link: https://www.facebook.com/help/contact/540977946302970

Facebook Page

The Facebook Page is a public interface, meaning any personal data shared by users on the Page may be accessed by anyone—even those without a Facebook account. Only registered Facebook users may react to, comment on, write reviews, or follow the Page. Sending messages also requires a Facebook account.

As the administrator of the Facebook Page, the Data Controller reserves the right to moderate (i.e., delete) any comments or reviews if they are deemed to violate Facebook’s or the Page’s terms of use (e.g., violent or sexually explicit content). Repeated or serious violations may result in banning users from the Page.

Joint controllership notice

Regarding the Facebook Page, Meta Ireland provides the Data Controller with Page Insights data. According to the ruling of the Court of Justice of the European Union in case C-210/16, Meta Ireland and the Data Controller act as joint controllers under Article 26 of the GDPR when processing personal data for Page Insights.

Joint controllership is permitted under Article 26 of the GDPR, which applies when two or more controllers jointly determine the purposes and means of processing.

The joint controllers clearly define, in a mutual agreement, their respective responsibilities for compliance with the obligations under the GDPR—particularly regarding the exercise of data subject rights and information duties. This agreement, titled the Page Insights Controller Addendum, is available here:

https://hu-hu.facebook.com/legal/terms/page_controller_addendum

Regardless of the terms of this agreement, data subjects may exercise their rights under the GDPR against and with respect to each data controller.

All controllers involved in the joint processing comply with data protection laws and personal data processing regulations.

Further information about data processing related to Page Insights is available at:
https://www.facebook.com/legal/terms/information_about_page_insights_data

YouTube

Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter: Google Ireland) acts as an independent data controller and collects data from individuals who view YouTube videos based on its own privacy policies.

With regard to the Channel, Google Ireland provides the Data Controller with performance analytics. The Data Controller only receives aggregated data, not personal data. More information is available at: https://support.google.com/youtube/answer/9314414?hl=hu

Google LLC’s privacy policy, which applies to all its subsidiaries, is available at:

https://policies.google.com/privacy?hl=hu

YouTube-specific privacy guidelines are available at:

https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=hu

The Channel is publicly accessible, and both the videos and the comments under them can be viewed by anyone. However, reactions (Like / Dislike), comments, subscriptions, and following the Channel are only possible for users with a Google account.

The Data Controller reserves the right to moderate (i.e., delete) comments that violate YouTube’s or the Channel’s terms of use (e.g., violent or sexually explicit content), and to block users who repeatedly or seriously violate these terms.

A LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland, hereinafter: LinkedIn Ireland) acts as an independent data controller and collects data from individuals who interact with the LinkedIn Page in accordance with its own privacy policy.

LinkedIn Ireland’s privacy policy is available at:

https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com#use

The LinkedIn Page is publicly accessible, and all content and job postings published there can be viewed by anyone. However, only users with a LinkedIn account may like, comment on, share, send private messages, or apply to jobs posted on the Page. Comments and follower lists are only visible to LinkedIn account holders.

The Data Controller reserves the right to moderate (i.e., delete) any comments that violate LinkedIn’s or the Page’s terms of use (e.g., violent or sexually explicit content) and to block users who regularly or seriously breach these terms.

*****

3. Responding to inquiries and requests for quotations

The Data Controller primarily communicates with interested parties, partners, and clients via electronic means, but inquiries may also be submitted by post. Anyone may contact the Data Controller directly via email—whether for a quotation, information request, technical inquiry, or other matters—or by mail, phone, or in person.

Purpose of data processing

The Data Controller processes personal data of the individuals concerned for the following purposes:

to handle incoming requests for quotations and respond to them, including the preparation and delivery of quotations;
to provide information, respond to inquiries, and maintain general communication with interested parties, partners, clients, and other natural persons.

Processed personal data

In connection with inquiries and quotation requests, the Data Controller may process the following personal data:

full name (surname and given name);
email address;
phone number;
mailing address (if the contact is made by post);
data related to the service inquired about or requested;
any other information voluntarily provided by the data subject that they consider relevant, depending on the content and nature of the communication;
technical data related to the consent or time of contact (e.g., timestamp).

Legal basis for data processing

The legal basis for processing is the Data Controller’s legitimate interest under Article 6(1)(f) of the GDPR— specifically, the interest in processing the necessary personal data to respond to an inquiry or quotation request addressed to it.

Source of personal data

The data subject.

Access to personal data

The data is not shared with third parties. It is only accessible to those employees of the Data Controller whose responsibilities include responding to inquiries.

Transfer of personal data to third countries or international organizations

The Data Controller does not transfer personal data to third countries or international organizations.

Duration of the processing of personal data

General communication (e.g., inquiries): data is retained for 30 days after the final resolution of the matter.
Email quotation requests: data may be retained for an additional 10 days following the response, for the purpose of sending similar offers. A copy of the quotations is retained for 5 years.

If the communication results in a contractual relationship, the processing of personal data will be governed by the Data Controller’s data protection policy for contracts.

Automated decision-making and profiling

No automated decision-making or profiling takes place.

Consequences of not providing personal data

Since processing is based on legitimate interest, there are no direct consequences of not providing the personal data.

*****

II/B. DATA PROCESSING RELATED TO CONTRACT PERFORMANCE AND THE MANAGEMENT OF CONTACT PERSON DATA

1. Data processing related to contract performance and contact persons

In the course of its activities, the Data Controller enters into contracts with clients, customers, suppliers, contractual partners, and other legal entities, who may be either natural persons or legal entities.

Where the Data Controller concludes a contract with a natural person or a sole proprietor, it processes personal data necessary for identification and communication, as well as other data required for contract performance.

In cases where the Data Controller contracts with a legal entity, it is necessary to process the personal data of the partner’s contact person to facilitate ongoing communication and maintain the business relationship.

The Data Controller’s contractual partner is responsible for ensuring that any employee designated as a contact person is appropriately informed of the contents of this privacy notice.

Purpose of data processing

The purpose of data processing is to conclude and perform contracts between the Data Controller and the contracting party, including communication related to the contract, and thereby establish and maintain a business relationship.

Processed personal data

Given that sole traders are considered natural persons, in the case of contracts concluded with them and natural persons, the source of personal data is the data subject, and therefore the Data Controller shall provide definitive information on the exact scope of the personal data processed at the time of concluding the contract.

In general, the following data may be processed when contracting with a natural person or sole proprietor:

Name (for identification)
Birth name (for identification)
Mother’s name (for identification)
Place and date of birth (for identification)
Address (for contact)
Registered office (for sole proprietors)
Phone number (for contact)
Email address (for contact)
Website (if applicable)
Bank account number and bank name (for wire transfers)
Tax identification number (if the contract involves payment), tax number for sole proprietors
Business registration number (for sole proprietors)
Any other data strictly necessary for contract performance

When contracting with legal entities, the following personal data of the representative and contact person may be processed:

Name
Address
Phone number
Email address

Legal basis for data processing

Natural persons: Article 6(1)(b) of the GDPR – performance of a contract.

Contact persons not party to the contract: Article 6(1)(f) of the GDPR — legitimate interest of the Data Controller.

The Data Controller’s legitimate interest lies in maintaining communication with the organization represented by the data subject in order to establish and effectively perform the contract, which requires regular contact and continuous communication. The data will not be processed for other purposes without a lawful basis.

Source of personal data

If the Data Controller contracts with a natural person or sole proprietor, the data source is the data subject.

If the contract is with a legal entity, the data source of the contact person’s data is the contractual partner.

Access to personal data

Personal data is only accessed by employees of the Data Controller whose job responsibilities include contract management.

Additionally, data may be disclosed to authorities or courts if required by law.

Data processor:

For tax and accounting purposes, the Data Controller uses the services of:

SZULTZER Adótanácsadó és Könyvvizsgáló Kft.

(Registered office: 1116 Budapest, Szabadharcosok útja 4.)

This data processor handles the personal data solely for the purposes defined by the Data Controller and in accordance with its instructions. The processor has no independent decision-making authority regarding data processing. It is contractually bound by confidentiality obligations and guarantees the protection of personal data it may access during the course of its work.

Data transfer to third countries or international organizations

The Data Controller does not transfer personal data to third countries or international organizations.

Duration of the processing of personal data

Personal data is retained until the general limitation period (5 years) defined in the Civil Code has expired after the contract is fulfilled.

If no contract is ultimately concluded between the parties, the Data Controller shall retain the data for one year from the date of the last contact.

Data necessary to comply with tax and accounting obligations is retained for 8 years after the termination of the contract.

Contact person data will no longer be processed for communication purposes if the Data Controller is informed that the contact person has changed.

Automated decision-making and profiling

No automated decision-making or profiling takes place.

Consequences of not providing personal data

Providing the personal data is mandatory for the conclusion and performance of the contract.

*****

2. Issuance and retention of invoices

Purpose of data processing

The purpose of data processing by the Data Controller is the issuance and retention of invoices in accordance with:

Section 159 (1) and Section 169 of Act CXXVII of 2007 on Value Added Tax (VAT Act), and
Section 169 (2) of Act C of 2000 on Accounting.

Processed personal data

The data specified in Section 169 of the VAT Act, including at a minimum:

Name
Billing address

Legal basis for data processing

The legal basis for processing personal data for the issuance of invoices is Article 6(1)(c) of the GDPR, i.e. compliance with a legal obligation applicable to the Data Controller.

Source of personal data

The data subject.

Access to personal data

Personal data is accessed only by employees of the Data Controller whose job duties include invoice processing.

Data Processor:

For fulfilling tax and accounting obligations, the Data Controller uses the services of:

SZULTZER Adótanácsadó és Könyvvizsgáló Kft.

(Registered office: 1116 Budapest, Szabadharcosok útja 4.)

Transfer of personal data to third countries or international organisations

The Data Controller does not transfer the data subject’s personal data to any third country or international organization.

Duration of the processing of personal data

Invoices are retained for at least 8 years from the date of issuance, in accordance with Section 169 of the Accounting Act (Act C of 2000).

Automated decision-making and profiling

No automated decision-making or profiling is carried out during the data processing.

Consequenes of not processing personal data

Providing personal data is mandatory by law. Failure to provide the data would make it impossible for the Data Controller to fulfill its legal obligation to issue an invoice.

*****

II/C. DATA PROCESSING RELATED TO RECRUITMENT AND JOB ADVERTISEMENTS

1. Job applications

Purpose of data processing

In case of job applicants, the purpose of data processing is to select an employee with appropriate qualifications and practical knowledge for the position advertised by the Data Controller, to fill the vacancy, and to conclude an employment contract with the selected person.

The Data Controller’s aim with the recruitment and selection process is to get to know the characteristic, the educational qualifications and previous work experience, in order to find the most suitable person to fill the vacant position.

Processed personal data

Personal data processed by the Data Controller include the personal data you provide when applying for open positions.

These data may include:

your full name, contact details, including email address and telephone number;
if your date of birth, your mother’s maiden name, your mother’s name or the name of another legal representative is in your CV, we also process these data, and we also process them for the preparation of the labour contract;
your country of residence and city of residence, your nationality, your visa details;
for preparing the labour contract: your social security number, ID card number, your tax number;
your language skills;
details of your education, diploma, qualifications, specialisation, skills, experience;
information and data on your soft skills;
your public social media profile;
the CV you have submitted;
details of your current and previous work experience, grade, notice period, organisation and references.

If the Data Controller does not need certain data to evaluate your job application, it will delete or destroy them without delay.

When you apply for open positions, the Data Controller may, if you consent, ask you to take / write tests to assess your qualifications, skills and knowledge, in which case you will be informed about the test / survey separately in advance.

In addition, in the case of third-country nationals, the Data Controller processes the copy of the residence permit entitling the person concerned to work, and thus the personal data contained therein, pursuant to Article 145 (1) and (2) of Act XC of 2023.

Legal basis of the data processing

The legal basis for the processing of your personal data in the case of applications for open positions through the Data Controller’s website is your consent (Article 6(1)(a) GDPR), which you may withdraw at any time, without prejudice to the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

Please note that despite the legal basis of the data processing, the provision of data is voluntary, however, the processing of personal data requested by the Company may be essential for the selection of the right person for the open positions advertised by the Company, and failure to provide data may result in the Data Controller being unable to assess your application.

If you choose not to provide the requested information, your application may be rejected. If your application is approved, you may be asked to provide additional information if required.

If you submit your application by any means other than our website (for example by e-mail or through a job portal like profession.hu or nofluffjobs.com), the legal basis for the processing of your data is Article 6(1)(f) of the Regulation, i.e. the legitimate interest of the Data Controller. The Data Controller has a legitimate interest in being able to receive and assess job applications sent by means of an active action, even in cases where it is not possible to obtain consent at the time of the application. By applying for a job, the data subject expresses his/her clear intention to fill the vacancy and to participate in the selection process. It is an essential part of the selection process is for the employer to evaluate the candidate’s professional and personal skills beforehand to assess whether the candidate is suitable for the job.

If you provide special categories of personal data when applying for a job advertisement, the legal basis for the processing is your voluntary, explicit and informed consent in accordance with Article 9(2)(a) of the GDPR. Please do not provide any data that is not necessary for the assessment of your application.

The Data Controller is required to process a copy of the third-country national’s residence permit and the data contained therein pursuant to Section 145 (1) and (2) of Act XC of 2023. Therefore, the legal basis for this data processing is Article 6 (1) (c) of the GDPR, as the data processing is necessary for compliance with a legal obligation to which the controller is subject.

Source of personal data

The data subject or the job portals.

The Data Controller may collect personal data about applicants directly or indirectly during the recruitment process for open positions.

Direct data collection includes when you apply for a job advertisement on our website, when you send us an application by email, when you apply for a position through a job portal or a social network such as LinkedIn, and when you participate in a job fair.

By way of derogation, the Data Controller may also receive your personal data from third parties: a recruitment agency, a referral program, or any other party authorised to share your data with us.

Access to personal data

Personal data may only be processed by the Data Controller’s employees whose job duties include participation in recruitment and related HR processes, or who have the right to make decisions or suggestions in relation to the recruitment process. If the Data Controller uses the assistance of external partners, it will provide detailed information about this during the recruitment procedure.

Duration of the processing of personal data

Your data is processed only until the vacant position is filled permanently (e.g. the end of the probationary period of the selected person), but not more than 6 months from your application.

The Data Controller keeps the data of successful applicants in the Company’s employee records. The processing of employee data is governed by a separate policy.

In the case of third-country nationals, the Data Controller is required to retain the copy of the residence permit entitling the individual to work and the personal data contained therein for the duration of the employment. Therefore, our Company will delete them after the termination of the employment relationship.

Automated decision-making and profiling

No automated decision-making and profiling shall take place during the data processing.

*****

2. Notification about future career opportunities and company news

There may be cases where the Data Controller does not make a job offer to the applicant as a result of the selection process, but still considers the data subject to be a promising candidate. In such a case, the Data Controller may offer to keep the CV (and attachments) of the data subject and to notify if a vacancy occurs at the Data Controller for a position suitable for the data subject.

Purpose of data processing

The creation of a database of CVs of data subjects who have voluntarily joined in order to enable the Data Controller to select candidates for future vacancies from this database.

Processed personal data

Data provided by the data subjects in their CV (and attachments) or application.

Legal basis of the data processing

The legal basis for the processing of personal data is your consent (Article 6(1)(a) GDPR), which you may withdraw at any time, without prejudice to the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

Source of personal data

The data subject.

Access to personal data

Duration of the processing of personal data

Data processing is carried out until the data subject’s consent is withdrawn, but for a maximum period of 2 years from the date of your consent.

You have the right to withdraw your consent to the processing at any time by notifying the Data Controller using any of the contact details set out in this Notice.

Automated decision-making and profiling

No automated decision-making and profiling shall take place during the data processing.

*****

3. Recording a recruitment telephone call

Purpose of data processing

The Data Controller records telephone interviews with job applicants and educational course applicants for the purposes of supporting the Learning and Recruiting department in the process of working with candidates for courses and vacancies. The fact that the Data Controller records calls with applicants provides the possibility for our relevant employees to listen back at any time to support the recruitment process or the integration of a new employee.

The Data Controller is planning to record all calls, both incoming and outgoing with the applicants. The main reason for this is to control the quality of the services of the Data Controller and be sure that communication of the staff with candidates is going according to the company standards and procedures.

Processed personal data

The voice of the applicant and the employee(s) who spoke to them, and what the parties said during the conversation.

Legal basis of the data processing

The legal basis for the data processing is Article 6(1)(f) of the Regulation, i.e. the legitimate interest of the Controller. The Data Controller’s legitimate interest is to be able to listen back to the phone interviews in order to develop the quality of the recruitment process and to make the onboarding process of the recruited employees as efficient and smooth as possible.

Source of personal data

The data subjects.

Access to personal data

Personal data may only be processed by the Data Controller’s employees whose job duties include participation in recruitment and in related HR and educational processes, who have the right to make decisions or suggestions in relation to the recruitment process, and those involved in the design, optimization and quality control of related business processes. If the Data Controller uses the assistance of external partners in the recruitment process, it will provide detailed information about this during the recruitment procedure.

Duration of the processing of personal data

The Data Controller will delete the recording no later than 6 months after the end of the interview. If a call is listened back and analysed, and the purpose of the processing has been achieved, the Data Controller will delete it, so it is possible that a recording may have been deleted before the 6 months have expired.

Automated decision-making and profiling

No automated decision-making and profiling shall take place during the data processing.

*****

4. Recording a recruitment interview

It is of the utmost importance for the Data Controller to select the most qualified candidates for each vacancy, both in terms of human and professional skills, and to provide the best possible onboarding experience for the recruited employees, including by creating working conditions that meet their needs.

During the interview, candidates are asked to answer questions about their expectations and preferences regarding the Data Controller, their working environment, their professional history and their daily work, the analysis of which directly helps the Data Controller to provide them with the most optimal conditions, both from a professional and a working environment point of view, thus contributing to a long-term cooperation.

Therefore, in order to achieve the above objectives and to meet the personal needs and job preferences of applicants as effectively as possible, the Data Controller records the interview of applicants who explicitly consent to this. For successful candidates, subsequent analysis of the recruitment will help to improve the efficiency of the selection, the onboarding processes and the employee satisfaction.

Purpose of data processing

The recording of the recruitment interview provides an opportunity for a more in-depth analysis of the candidate’s skills, and a chance for the Data Controller to plan the onboarding process for the candidate in the best possible way. In case of rejection of the job application, the recording is also kept in order to have it available in case the data subject applies for a job again within six months.

Processed personal data

The video and audio recording of the recruitment interview.

Legal basis of the data processing

The legal basis for the processing of personal data is the voluntary consent of the data subject pursuant to Article 6(1)(a) of the Regulation. The data subject has the right to withdraw the consent at any time without any adverse consequences.

Source of personal data

The data subject.

Access to personal data

Personal data may only be processed by the Data Controller’s employees whose job duties include participation in recruitment and related HR processes, or who have the right to make decisions or suggestions in relation to the recruitment process. If the Data Controller uses the assistance of external partners in the recruitment process, it will provide detailed information about this during the recruitment procedure.

Duration of the processing of personal data

The Data Controller will delete the recording 6 months after the end of the interview.

Automated decision-making and profiling

No automated decision-making and profiling shall take place during the data processing.

Consequences of not providing personal data

Consent is completely voluntary and job applicants are free to choose how their data is handled.

*****

5. Aptitude testing

Aptitude testing on the NIX Tech website aims to assess various aspects related to your cognitive abilities, personality traits, emotional well-being, and other relevant employment factors. These tests are conducted to gain insights into your strengths, weaknesses, and suitability for specific organizational roles. The results obtained from the tests will be used solely for professional purposes, such as recruitment and organizational decision-making.

In the aptitude testing process, soft skill tests assess your interpersonal, communication, problem-solving, leadership, and teamwork abilities. These tests provide insights into your emotional intelligence, adaptability, and decision-making skills. They help us understand how well you can collaborate with others, navigate complex situations, and demonstrate the qualities necessary for success in a professional environment.

Cognitive tests measure your cognitive abilities, including reasoning, memory, attention, and problem-solving skills. These tests provide valuable information about your mental agility, logical thinking, and analytical capabilities. They help us assess your aptitude for learning, processing information, and making sound judgments. The results obtained from cognitive tests assist us in understanding your cognitive strengths and areas for development, which are crucial factors in determining your suitability for specific roles within the organization.

Purpose of data processing

Personal data will be processed solely for the purpose of making the recruitment process as efficient as possible and to select the most suitable candidate for the job by analyzing the applicants answers to the test.

Processed personal data

The personal data processed for aptitude testing is your test responses.

This information will be collected directly from you through the website’s secure forms and interfaces. We will ensure that only relevant and necessary data is collected, and any unnecessary data will be discarded.

Legal basis of the data processing

The legal basis for the processing of personal data is the data subject’s consent (Article 6(1)(a) of the GDPR), which can be withdrawn any time. The withdrawal of consent does not affect the lawfulness of the processing previously carried out.

Please note that the provision of data is voluntary, not based on a legal or contractual obligation, and is not a prerequisite for the conclusion of a contract. However, the processing of your answers in the test can help us to select the right person for the open positions advertised by the Company.

Source of personal data

The data subject.

Access to personal data

Only authorized staff involved in the recruitment process will have access to your data.

Your personal data obtained through aptitude testing will not be shared with third parties except as required by law or with your explicit consent. In some cases, aggregated or de-identified data may be used for research, statistical analysis, or training purposes, ensuring that individual identification remains impossible.

Duration of the processing of personal data

The personal data collected during aptitude testing will be processed and stored securely using industry-standard practices to prevent unauthorized access, loss, or disclosure. We will retain your personal data for 6 months.

You have 72 hours to fully complete the aptitude testing, after which the account will be unavailable and the answers you have given will be stored. If you wish to stop the aptitude testing and delete all your answers and personal data, please let us know at the address [email protected].

Automated decision-making and profiling

No automated decision-making and profiling shall take place during the data processing.

Consequences of not providing personal data

Consent is completely voluntary and job applicants are free to choose how their data is handled.

*****

6. Training applicants

Purpose of data processing

In the case of training applications, the purpose of data processing is to contact applicants for educational programmes, training courses and workshops organised by the Company, provided that the applicants meet the course requirements, and to provide them with information on the details of the programme.

Legal basis of the data processing

The legal basis for the processing of your personal data when applying for a training is your consent (Article 6 (1) a) of the GDPR), which you may withdraw at any time, without prejudice to the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal, and the taking of steps at your request prior to the conclusion of the contract in accordance with Article 6(1)(b) of the GDPR.

Processed personal data

The scope of personal data processed by the Data Controller includes the personal data that you have provided when applying for training courses.

These data may include:

your full name, address and contact details, including email address and telephone number;
your date of birth, mother’s maiden name or the name of another legal representative;
your language skills;
details of your education, diploma, qualifications, specialisation, skills, experience.

Source of personal data

The data subject.

Access to personal data

Only authorized staff involved in the training process will have access to your data.

Your personal data will not be shared with third parties except as required by law or with your explicit consent.

Duration of the processing of personal data

In case of an unsuccessful application your data will be deleted in no more than 6 months.

In case of a successful application the Data Controller shall retain the data of applicants for training programmes until the training programme is completed. After the training programme is completed the duration of data processing is in accordance with Act LXXVII of 2013 on Adult Education. The data controller has a separate privacy notice for data processings regarding Act LXXVII of 2013 on Adult Education.

Automated decision-making and profiling

No automated decision-making and profiling shall take place during the data processing.

Consequences of not providing personal data

The processing of personal data collected by the Company may be essential for the selection of the right person for the training courses advertised by the Company, so failure to provide data may result in the Data Controller being unable to assess your application for the training course. If you choose not to provide the requested information, your application may be rejected. If your application is approved, you may be asked to provide additional information.

*****

III. THE RIGHTS OF THE DATA SUBJECT

Right to be informed

The data subject has the right to be informed with regard to the data processing, which right is observed by the Data Controller by providing this privacy notice.

Right of access by the data subject

The data subjects shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the planned period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the data subject is informed about their right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected directly from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The controller shall, upon request, provide the data subject with a copy of the personal data processed.

Right to rectification

The data subjects shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a request is made to rectify (modify) personal data then the data subject needs to prove the authenticity of the data to be modified. Additionally, the data subject must verify that the person requesting rectification is authorised to do so. This is the only way for the data controller to verify the authenticity of the new data before modifying it.

Please report any changes in your personal data to the Data controller as soon as possible, facilitating the legality of data processing and the enforcement of your rights.

Right to erasure (‘right to be forgotten’)

The data subjects shall have the right to obtain from the Data controller the erasure of personal data concerning them without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing of personal data for direct marketing purposes;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services.

Right to restriction of processing

The data subject shall have the right to obtain from the Data controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to object

If the processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller (point (e) of Article 6(1) of the GDPR), the data subjects shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, including profiling based on the relevant provisions.

Right to data portability

The data subjects shall have the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

the processing is based on consent of the data subject or on a contract according to Article 6 Paragraph (1) Point b) of the GDPR; and
the processing is carried out by automated means.

PROCEDURES FOR ENFORCING THE RIGHTS OF DATA SUBJECTS

The above rights can be exercised by data subject by sending an electronic mail to this e-mail address: [email protected], or regular mail to the seat of the Data Controller or in person at the seat of the Data Controller. The data subject shall be informed about the measure taken in response to the request within 1 month. If we are unable to fulfil the request, we inform the data subject in 1 month about the reasons of the rejection and the administrative and judicial redress rights of the data subject.

The rights of the deceased data subject may be enforced within five (5) years by an authorized person who possesses administrative provisions, or a statement towards the Data Controller included in a public document or full probative private document. If multiple such statements exist at the same Data Controller, then the statement made the latest will prevail. If the data subject has made no such legal statement, then a close relative – as defined in Act V of 2013 on the Civil Code – is still able to enforce certain rights of the deceased within five (5) years of death. These rights are defined in Article 16 (right to rectification) and Article 21 (right to object), as well as – if the data processing was unlawful during the life of the data subject, or the purpose of data processing has ceased with the death of the data subject – Articles 17 (right to erasure) and 18 (right to restriction of processing) of the GDPR. The close relative who exercises their right first will be entitled to enforce rights of the data subject as set forth in this Paragraph.

*****

IV. THE RIGHT TO LODGE A COMPLAINT AND TO AN EFFECTIVE JUDICIAL REMEDY

In order to enforce their right to judicial remedy, the data subjects may take legal action against the Controller if they consider that the Data Controller or a data processor acting on behalf of or under the instructions of the Data Controller is processing their personal data in breach of the provisions of laws on the processing of personal data or of binding legal acts of the European Union. According to Article 79 (2) of the GDPR proceedings against the data controller shall be brought before the courts of the Member State where the data controller has an establishment, i.e., before the Budapest-Capital Regional Court (Hungary). The court shall deal with the case as a matter of priority. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has habitual residence. Court application: https://birosag.hu/birosag-kereso.

Without prejudice to judicial remedy, according to Article 77 (1) of the GDPR every data subject shall have the right to lodge a complaint with the supervisory authority, in particular in the Member State of data subject’s habitual residence, place of work or place of the alleged infringement (i.e. in Hungary), alleging that the processing of personal data by the Data Controller has resulted in a violation of rights or an imminent threat thereof, or that the Data Controller is restricting the exercise of rights related to the processing of personal data or is refusing to exercise such rights.

The claim can be filed at the Hungarian supervisory authority at one of the below addresses:

National Authority for Data Protection and Freedom of Information (NAIH)

Mailing address: Po.box.: 9, 1363 Budapest

Address: 1055 Budapest, Falk Miksa utca 9-11.

E-mail: [email protected]

URL: http://naih.hu