Privacy Notice

Last updated: 03-Sep-2024
Effective date: 03-Sep-2024

I. Introduction of the controller

In order to ensure the legality of its internal data processing processes and data subjects’ rights, NIX Tech Korlátolt Felelősségű Társaság (hereinafter: Controller, Data Controller, Company) issues the following data protection notice.

Controller’s name:	NIX Tech Korlátolt Felelősségű Társaság
Controller’s registration number:	01-09-401461
Controller’s registered seat:	1138 Budapest, Föveny utca 4-6. 5. em.
Controller’s privacy related e-mail address:	[email protected]
Controller’s representative:	Dr. Málik Benjámin Lajos executive director

The Controller processes personal data in compliance with applicable law, in particular the following:

Act CXII of 2011 on informational self-determination and freedom of information (hereinafter: Infotv.);
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: Regulation or GDPR).

The Data Controller keeps personal data confidential and employs technical and organizational measures relating to the storage of processing of said data in order to ensure its safety.

Definitions

The conceptual structure of this information coincides with the interpretative definitions specified in Article 4 of the Regulation, supplemented at some points by the interpretative provisions of Infotv. Section 3.

When this information sets out provisions on data or data processing, they should be interpreted as personal data and the processing thereof.

II. Purposes of data processing

1. Job applications

Purpose of data processing

In case of job applicants, the purpose of data processing is to select an employee with appropriate qualifications and practical knowledge for the position advertised by the Data Controller, to fill the vacancy, and to conclude an employment contract with the selected person.

The Data Controller’s aim with the recruitment and selection process is to get to know the characteristic, the educational qualifications and previous work experience, in order to find the most suitable person to fill the vacant position.

Personal data processed

Personal data processed by the Data Controller include the personal data you provide when applying for open positions.

These data may include:

your full name, contact details, including email address and telephone number;
if your date of birth, your mother’s maiden name, your mother’s name or the name of another legal representative is in your CV, we also process these data, and we also process them for the preparation of the labour contract;
your country of residence and city of residence, your nationality, your visa details
for preparing the labour contract: your social security number, ID card number, your tax number;
your language skills;
details of your education, diploma, qualifications, specialisation, skills, experience;
information and data on your soft skills;
your public social media profile;
the CV you have submitted;
details of your current and previous work experience, grade, notice period, organisation and references.

If the Data Controller does not need certain data to evaluate your job application, it will delete or destroy them without delay.

When you apply for open positions, the Data Controller may, if you consent, ask you to take / write tests to assess your qualifications, skills and knowledge, in which case you will be informed about the test / survey separately in advance.

Legal basis of the data processing

The legal basis for the processing of your personal data in the case of applications for open positions through the Data Controller’s website is your consent (Article 6(1)(a) GDPR), which you may withdraw at any time, without prejudice to the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

Please note that despite the legal basis of the data processing, the provision of data is voluntary, however, the processing of personal data requested by the Company may be essential for the selection of the right person for the open positions advertised by the Company, and failure to provide data may result in the Data Controller being unable to assess your application.

If you choose not to provide the requested information, your application may be rejected. If your application is approved, you may be asked to provide additional information if required.

If you submit your application by any means other than our website (for example by e-mail or through a job portal like profession.hu or nofluffjobs.com), the legal basis for the processing of your data is Article 6(1)(f) of the Regulation, i.e. the legitimate interest of the Data Controller. The Data Controller has a legitimate interest in being able to receive and assess job applications sent by means of an active action, even in cases where it is not possible to obtain consent at the time of the application. By applying for a job, the data subject expresses his/her clear intention to fill the vacancy and to participate in the selection process. It is an essential part of the selection process is for the employer to evaluate the candidate’s professional and personal skills beforehand to assess whether the candidate is suitable for the job.

If you provide special categories of personal data when applying for a job advertisement, the legal basis for the processing is your voluntary, explicit and informed consent in accordance with Article 9(2)(a) of the GDPR. Please do not provide any data that is not necessary for the assessment of your application.

Source of personal data

The data subject or the job portals.

The Data Controller may collect personal data about applicants directly or indirectly during the recruitment process for open positions.

Direct data collection includes when you apply for a job advertisement on our website, when you send us an application by email, when you apply for a position through a job portal or a social network such as LinkedIn, and when you participate in a job fair.

By way of derogation, the Data Controller may also receive your personal data from third parties: a recruitment agency, a referral program, or any other party authorised to share your data with us.

Recipients of the personal data provided

Personal data may only be processed by the Data Controller’s employees whose job duties include participation in recruitment and related HR processes, or who have the right to make decisions or suggestions in relation to the recruitment process. If the Data Controller uses the assistance of external partners, it will provide detailed information about this during the recruitment procedure.

Duration of personal data processing

Your data is processed only until the vacant position is filled permanently (e.g. the end of the probationary period of the selected person), but not more than 6 months from your application.

The Data Controller keeps the data of successful applicants to the Company’s employee records. The processing of employee data is governed by a separate policy.

Automated decision making and profiling

No automated decision making and profiling shall take place during the data processing.

2. Notification about future career opportunities and company news

There may be cases where the Data Controller does not make a job offer to the applicant as a result of the selection process, but still considers the data subject to be a promising candidate. In such a case, the Data Controller may offer to keep the CV (and attachments) of the data subject and to notify if a vacancy occurs at the Data Controller for a position suitable for the data subject.

Purpose of data processing

The creation of a database of CVs of data subjects who have voluntarily joined in order to enable the Data Controller to select candidates for future vacancies from this database.

Personal data processed

Data provided by the data subjects in their CV (and attachments) or application.

Legal basis of the data processing

The legal basis for the processing of personal data is your consent (Article 6(1)(a) GDPR), which you may withdraw at any time, without prejudice to the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

Source of personal data

The data subject.

Recipients of the personal data provided

Duration of personal data processing

Data processing is carried out until the data subject’s consent is withdrawn, but for a maximum period of 2 years from the date of your consent.

You have the right to withdraw your consent to the processing at any time by notifying the Data Controller using any of the contact details set out in this Notice.

Automated decision making and profiling

No automated decision making and profiling shall take place during the data processing.

3. Recording a recruitment telephone call

Purpose of data processing

The Data Controller records telephone interviews with job applicants and educational course applicants for the purposes of supporting the Learning and Recruiting department in the process of working with candidates for courses and vacancies. The fact that the Data Controller records calls with applicants provides the possibility for our relevant employees to listen back at any time to support the recruitment process or the integration of a new employee.

The Data Controller is planning to record all calls, both incoming and outgoing with the applicants. The main reason for this is to control the quality of the services of the Data Controller and be sure that communication of the staff with candidates is going according to the company standards and procedures.

Personal data processed

The voice of the applicant and the employee(s) who spoke to them, and what the parties said during the conversation.

Legal basis of the data processing

The legal basis for the data processing is Article 6(1)(f) of the Regulation, i.e. the legitimate interest of the Controller. The Data Controller’s legitimate interest is to be able to listen back to the phone interviews in order to develop the quality of the recruitment process and to make the onboarding process of the recruited employees as efficient and smooth as possible.

Source of personal data

The data subjects.

Recipients of the personal data provided

Personal data may only be processed by the Data Controller’s employees whose job duties include participation in recruitment and in related HR and educational processes, or who have the right to make decisions or suggestions in relation to the recruitment process. If the Data Controller uses the assistance of external partners in the recruitment process, it will provide detailed information about this during the recruitment procedure.

Duration of personal data processing

The Data Controller will delete the recording no later than 6 months after the end of the interview. If a call is listened back and analysed, and the purpose of the processing has been achieved, the Data Controller will delete it, so it is possible that a recording may have been deleted before the 6 months have expired.

Automated decision making and profiling

No automated decision making and profiling shall take place during the data processing.

4. Recording a recruitment interview

It is of the utmost importance for the Data Controller to select the most qualified candidates for each vacancy, both in terms of human and professional skills, and to provide the best possible onboarding experience for the recruited employees, including by creating working conditions that meet their needs.

During the interview, candidates are asked to answer questions about their expectations and preferences regarding the Data Controller, their working environment, their professional history and their daily work, the analysis of which directly helps the Data Controller to provide them with the most optimal conditions, both from a professional and a working environment point of view, thus contributing to a long-term cooperation.

Therefore, in order to achieve the above objectives and to meet the personal needs and job preferences of applicants as effectively as possible, the Data Controller records the interview of applicants who explicitly consent to this. For successful candidates, subsequent analysis of the recruitment will help to improve the efficiency of the selection, the onboarding processes and the employee satisfaction.

Purpose of data processing

The recording of the recruitment interview provides an opportunity for a more in-depth analysis of the candidate’s skills, and a chance for the Data Controller to plan the onboarding process for the candidate in the best possible way. In case of rejection of the job application, the recording is also kept in order to have it available in case the data subject applies for a job again within six months.

Personal data processed

The video and audio recording of the recruitment interview.

Legal basis of the data processing

The legal basis for the processing of personal data is the voluntary consent of the data subject pursuant to Article 6(1)(a) of the Regulation. The data subject has the right to withdraw the consent at any time without any adverse consequences.

Source of personal data

The data subject.

Recipients of the personal data provided

Personal data may only be processed by the Data Controller’s employees whose job duties include participation in recruitment and related HR processes, or who have the right to make decisions or suggestions in relation to the recruitment process. If the Data Controller uses the assistance of external partners in the recruitment process, it will provide detailed information about this during the recruitment procedure.

Duration of personal data processing

The Data Controller will delete the recording 6 months after the end of the interview.

Automated decision making and profiling

No automated decision making and profiling shall take place during the data processing.

Provision of personal data

Consent is completely voluntary and job applicants are free to choose how their data is handled.

5. Aptitude testing

Aptitude testing on the NIX Tech website aims to assess various aspects related to your cognitive abilities, personality traits, emotional well-being, and other relevant employment factors. These tests are conducted to gain insights into your strengths, weaknesses, and suitability for specific organizational roles. The results obtained from the tests will be used solely for professional purposes, such as recruitment and organizational decision-making.

In the aptitude testing process, soft skill tests assess your interpersonal, communication, problem-solving, leadership, and teamwork abilities. These tests provide insights into your emotional intelligence, adaptability, and decision-making skills. They help us understand how well you can collaborate with others, navigate complex situations, and demonstrate the qualities necessary for success in a professional environment.

Cognitive tests measure your cognitive abilities, including reasoning, memory, attention, and problem-solving skills. These tests provide valuable information about your mental agility, logical thinking, and analytical capabilities. They help us assess your aptitude for learning, processing information, and making sound judgments. The results obtained from cognitive tests assist us in understanding your cognitive strengths and areas for development, which are crucial factors in determining your suitability for specific roles within the organization.

Purpose of data processing

Personal data will be processed solely for the purpose of making the recruitment process as efficient as possible and to select the most suitable candidate for the job by analyzing the applicants answers to the test.

Personal data processed

The personal data processed for aptitude testing is your test responses.

This information will be collected directly from you through the website’s secure forms and interfaces. We will ensure that only relevant and necessary data is collected, and any unnecessary data will be discarded.

Legal basis of the data processing

The legal basis for the processing of personal data is the data subject’s consent (Article 6(1)(a) of the GDPR), which can be withdrawn any time. The withdrawal of consent does not affect the lawfulness of the processing previously carried out.

Please note that the provision of data is voluntary, not based on a legal or contractual obligation, and is not a prerequisite for the conclusion of a contract. However, the processing of your answers in the test can help us to select the right person for the open positions advertised by the Company.

Source of personal data

The data subject.

Recipients of the personal data provided

Only authorized staff involved in the recruitment process will have access to your data.

Your personal data obtained through aptitude testing will not be shared with third parties except as required by law or with your explicit consent. In some cases, aggregated or de-identified data may be used for research, statistical analysis, or training purposes, ensuring that individual identification remains impossible.

Duration of personal data processing

The personal data collected during aptitude testing will be processed and stored securely using industry-standard practices to prevent unauthorized access, loss, or disclosure. We will retain your personal data for 6 months.

You have 72 hours to fully complete the aptitude testing, after which the account will be unavailable and the answers you have given will be stored. If you wish to stop the aptitude testing and delete all your answers and personal data, please let us know at the address [email protected].

Automated decision making and profiling

No automated decision making and profiling shall take place during the data processing.

Provision of personal data

Consent is completely voluntary and job applicants are free to choose how their data is handled.

6. Training applicants

Purpose of data processing

In the case of training applications, the purpose of data processing is to contact applicants for educational programmes, training courses and workshops organised by the Company, provided that the applicants meet the course requirements, and to provide them with information on the details of the programme.

Legal basis of the data processing

The legal basis for the processing of your personal data when applying for a training is your consent (Article 6 (1) a) of the GDPR), which you may withdraw at any time, without prejudice to the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal, and the taking of steps at your request prior to the conclusion of the contract in accordance with Article 6(1)(b) of the GDPR.

Personal data processed

The scope of personal data processed by the Data Controller includes the personal data that you have provided when applying for training courses.

These data may include:

your full name, address and contact details, including email address and telephone number;
your date of birth, mother’s maiden name or the name of another legal representative;
your officially accepted identity card data and your tax number;
your language skills;
details of your education, diploma, qualifications, specialisation, skills, experience.

Source of personal data

The data subject.

Recipients of the personal data provided

Only authorized staff involved in the recruitment process will have access to your data.

Your personal data will not be shared with third parties except as required by law or with your explicit consent.

Duration of personal data processing

In case of an unsuccessful application your data will be deleted in no more than 6 months.

In case of a successful application the Data Controller shall retain the data of applicants for training programmes until the training programme is completed. After the training programme is completed the duration of data processing is in accordance with Act LXXVII of 2013 on Adult Education. The data controller has a separate privacy notice for data processings regarding Act LXXVII of 2013 on Adult Education.

Automated decision making and profiling

No automated decision making and profiling shall take place during the data processing.

Provision of personal data

The processing of personal data collected by the Company may be essential for the selection of the right person for the training courses advertised by the Company, so failure to provide data may result in the Data Controller being unable to assess your application for the training course. If you choose not to provide the requested information, your application may be rejected. If your application is approved, you may be asked to provide additional information.

III. The rights of the data subject

Right to be informed

The data subject has the right to be informed with regard to the data processing, which right is observed by the Data controller by providing this privacy notice.

Data processing based on consent

In case the legal basis of any data processing is the consent of the data subject, they have to right to withdraw their consent to the data processing at any time. However, it is important to note that withdrawing the consent involves only the data whose processing has no other legal basis. In case there are no other legal bases, we delete the personal data finally and irrevocably after the consent is revoked. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right of access by the data subject

The data subjects shall have the right to obtain from the Data controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the planned period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the data subject is informed about their right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected directly from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectification

The data subjects shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a request is made to rectify (modify) personal data then the data subject needs to prove the authenticity of the data to be modified. Additionally, the data subject must verify that the person requesting rectification is authorised to do so. This is the only way for the data controller to verify the authenticity of the new data before modifying it.

Please report any changes in your personal data to the Data controller as soon as possible, facilitating the legality of data processing and the enforcement of your rights.

Right to erasure (‘right to be forgotten’)

The data subjects shall have the right to obtain from the Data controller the erasure of personal data concerning them without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing of personal data for direct marketing purposes;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services.

Right to restriction of processing

The data subject shall have the right to obtain from the Data controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to object

If the legal basis for processing personal data is the legitimate interest of the Data controller (point (f) of Article 6(1) of the GDPR), or the processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller (point (e) of Article 6(1) of the GDPR), the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on the relevant provisions.

Balancing test of legitimate interest

If the basis of processing personal data is in the legal interest of the data controller or third person as described in Article 6. Paragraph (1) Point f) of GDPR law, then according to (47) Preamble Article, and Article 5, Paragraph (2), the Data controller carries out a ’Balancing test of legitimate interest’ which can be obtained at [email protected] email address.

Right to data portability

The data subjects shall have the right to receive the personal data concerning them, which he or she has provided to the Data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

the processing is based on consent of the data subject or on a contract according to Article 6 Paragraph (1) Point b) of the GDPR; and
the processing is carried out by automated means.

PROCEDURES FOR ENFORCING THE RIGHTS OF DATA SUBJECTS

The above rights can be exercised by data subject by sending an electronic mail to this e-mail address: [email protected], or regular mail to the seat of the Data controller or in person at the seat of the Data controller. The data subject shall be informed about the measure taken in response to the request within 1 month. If we are unable to fulfil the request, we inform the data subject about the reasons of the rejection and the administrative and judicial redress rights of the data subject.

The rights of the deceased data subject may be enforced within five (5) years by an authorized person who possesses administrative provisions, or a statement towards the Data controller included in a public document or full probative private document. If multiple such statements exist at the same Data controller, then the statement made the latest will prevail. If the data subject has made no such legal statement, then a close relative – as defined in Act V of 2013 on the Civil Code – is still able to enforce certain rights of the deceased within five (5) years of death. These rights are defined in Article 16 (right to rectification) and Article 21 (right to object), as well as – if the data processing was unlawful during the life of the data subject, or the purpose of data processing has ceased with the death of the data subject – Articles 17 (right to erasure) and 18 (right to restriction of processing) of the GDPR. The close relative who exercises their right first will be entitled to enforce rights of the data subject as set forth in this Paragraph.

IV. The right to lodge a complaint and to an effective judicial remedy

In order to exercise their right to judicial remedy, the data subjects may seek legal action against the Data controller if the data subject considers that the Data controller or a data processor acting on behalf of or under the instructions of the Data controller is processing the personal data in breach of the provisions of laws on the processing of personal data or of binding legal acts of the European Union The court shall deal with the case as a matter of priority. The tribunal has jurisdiction to hear the case. The action may also be brought before the courts for the place of residence or domicile of the data subject or the place where the Controller has its registered office, at the choice of the data subject. https://birosag.hu/birosag-kereso

Every data subject shall have the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH), alleging that the processing of personal data by the Data Controller has resulted in a violation of rights or an imminent threat thereof, or that the Data Controller is restricting the exercise of rights related to the processing of personal data or is refusing to exercise such rights. The claim can be filed at the Hungarian supervisory authority at one of the below addresses:

National Authority for Data Protection and Freedom of Information (NAIH)

Mailing address: 1363 Budapest, Pf. 9.

Address: 1055 Budapest, Falk Miksa utca 9-11.

E-mail address: [email protected]

URL: https://naih.hu