Privacy Policy

Café Communications Kft. (hereinafter: Data Controller) hereby informs the applicants for the job offers (hereinafter: Applicant) about the practice followed in the course of the processing of personal data, the organizational and technical measures taken to protect personal data, as well as the methods and possibilities of exercising the rights of the data subject.

This Privacy Policy (hereinafter: Privacy Policy) defines the rules of the processing of the data of Applicants applying for the jobs advertised by the Data Controller, as well as the rules of data processing carried out during the selection process related to the published positions.

1. Contact details of the Data Controller
   • address: 1037 Budapest, Seregély utca 3-5.
   • email: info@cafecommunications.hu
2. Processed data
   1. The Applicant has the opportunity to apply for job offers posted by the Data Controller through https://cafecommunications.hu/ website (hereinafter: Website). During the application process, the following data can be provided on the application form:
      • name
      • e-mail address
      • telephone number
      • CV
      • message (optional)
   2. In the course of applying for and evaluating the positions published by the Data Controller, the Data Controller processes the following personal data provided by the Applicant in connection with the application, in the CV submitted by the Applicant or in any other way:
      • identification data and contact details:
        • photo
        • address
        • date of birth
        • citizenship
        • gender
        • telephone number
        • e-mail address
      • studies:
        • type and name of qualification, name of institution, date of completion
        • IT knowledge
        • language skills: language, level, date of exam
        • type of driving license, date of exam
        • other knowledge
      • work experience:
        • name of the employing company
        • job title
        • title of work
        • period of employment
        • job description
3. Purpose and duration of data processing:
   1. The purpose of data processing:
      • maintaining contact with the Applicant regarding the given job offer
      • conducting the selection procedure related to the job offer published by the Data Controller and making a decision on the given position
      • facilitating the establishment and performance of employment
   2. Duration of data processing: data are processed until the end of the selection process or until the Applicant requests the erasure of the data or withdraws the consent to the processing of the personal data.
4. Legal basis of data processing
   • The legal basis of data processing is the voluntary and explicit consent of the Applicant (given by clicking the checkbox to accept this Privacy Policy) pursuant to Article 6 (1) a) of the Regulation of the European Parliament and of the Council (EU) 2016/679 (27 April 2016) on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and repealing Directive 95/46/EC (hereinafter: GDPR).
   • The Applicant has the right to withdraw his voluntary consent at any time.
5. Parties eligible for accessing personal data
   • The personal data processed in relation to the Applicant may only be accessed by those employees of the Data Controller who have the right to proceed or make decisions in connection with the selection procedure related to the given job offer:
     • CEO
     • Head of the Specific Area
     • HR manager
     • HR associate
   • The processing of the data is carried out by the following data processor on behalf of the Data Controller:
     • Websupport Kft. (1119 Budapest, Fehérvári út 97-99.; support@websupport.hu)
       Purpose of data processing: Operation of the Website, hosting service necessary for the operation of the Website.
     • Tóth Márton e.v. (2461 Tárnok, Munkácsy utca 39.; hello@martontoth.net)
       Purpose of data processing: maintenance of the Website, programming of developments related to the Website.
6. Rights of the Applicant in relation to the processing of personal data
   1. Right of access: The Applicants may request information from the Data Controller at any time on whether or not their personal data are being processed by the Data Controller, and where that is the case, shall grant them access to the personal data and shares information on conditions of data processing.
   2. Right to rectification: The Applicant may request the Data Controller to rectify inaccurate personal data or the supplementation of incomplete data, taking into account the purpose of data processing. The Data Controller shall fulfil the rectification requirement without undue delay.
   3. Right to erasure (right to be forgotten): The Applicant may request the Data Controller to erase their personal data without undue delay, the Data Controller shall be obliged to erase the personal data concerning the data subject without undue delay, if any of the following criteria is fulfilled:
      • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      • the Applicant withdraws its consent and here is no other legal ground for the processing;
      • the Applicant objects to the processing of your personal data;
      • the personal data have been unlawfully processed;
      • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
      • the personal data obtained based on consent was collected with the provision of services relating to the information society to children.
   4. Where the Data Controller has made the personal data public (made it available to a third party) and are obliged to erase them pursuant to the above, the Data Controller shall take into account the available technology and the cost of implementation, shall take reasonable steps to inform data controllers who are processing the affected personal data that the Applicant has requested them to erase any links to, or copy or replication of those personal data, as well as to erase any duplicate copies.
   5. Personal data are not required to be erased when data processing is necessary:
      • for exercising the right of freedom of expression and information;
      • for compliance with a legal obligation which requires processing of personal data by Union or
      • Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
      • for reasons of public interest in the area of public health;
      • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the
      • achievement of the objectives of that processing; or
      • for the establishment, exercise or defence of legal claims.
   6. Restriction of processing The Applicant has the right to request the Data Controller to restrict the data processing instead of rectifying or erasing personal data if any of the following criteria applies:
      • the accuracy of the personal data is contested by the Applicant, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;
      • the processing is unlawful and the Applicant opposes the erasure of the personal data and requests the restriction of their use instead;
      • the Data Controller no longer needs the personal data for the purposes of the processing, but the they are required by the Applicant for the establishment, exercise or defence of legal claims;
      • the Applicant objected to data processing; in such cases the restriction shall only apply to the time period necessary to determine whether the legitimate reasons of the Data Controller override those of the data subject.
        
        Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the Applicant’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
   7. Right to data portability: The Applicant shall have the right to receive the personal data provided to the Data Controller in a structured, widely used, machine-readable format, and shall be entitled to transmit these data to another Data Controller, even directly, without hindrance from the Data Controller.
   8. Right to withdraw consent The Applicant may withdraw his/her consent to data processing at any time, in whole or in part, however, the withdrawal of consent shall not affect the lawfulness of the data processing carried out on the basis of the consent prior to the withdrawal.
   9. Right to object: Applicant may object to the processing of his/her personal data if the data processing is
      • necessary for the performance of a task carried out in the public interest or within the framework of the exercise of official authority vested in the Data Controller;
      • necessary for the enforcement of the legitimate interests of the Data Controller or a third party;
      • based on profiling.
        
        In the event of an objection by the Applicant, the Data Controller may no longer process the personal data, unless it proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the Applicant or which are related to the establishment, exercise or defence of legal claims.
   10. If the Applicant wishes to exercise the rights set out above, or if they have any questions or complaints regarding data processing, they may contact the Data Controller by e-mail: info@cafecommunications.hu
   11. Measures taken by the Data Controller in connection with the Applicant’s request
       The Data Controller shall inform the Applicant without undue delay, but no later than within one month from the receipt of the request, of the measures taken in relation to the access, rectification, erasure, restriction, objection or data portability request. This deadline may, however, be extended by two months if warranted by the complexity of the request or the number of requests.
       If the Data Controller fails to act upon the Applicant’s request it shall notify the Applicant, without delay but no later than within one month of receiving the request, of the reasons of such a failure, and shall also inform the Applicant that he/she may place a complaint at a supervisory authority, and may seek judicial legal remedy.
       Upon the request of the Applicant, the information, notifications and the measures taken on the request shall be provided free of charge. If the Applicant’s request is clearly unfounded or excessive, in particular because of its repetitive nature, the Data Controller may, either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or may refuse to take action in relation to the request. The burden of demonstrating the clearly unfounded or excessive nature of the request falls on the Data Controller.
   12. Legal remedies
       The Data Controller shall take all reasonable efforts to process personal data in compliance with the laws and regulations, however, if Applicants feel that this has not been complied with, they can write using the contact details indicated in Section 1.
       If Applicants feel that their right to the protection of personal data has been violated, they can seek legal remedy in compliance with the applicable laws and regulations at the Hungarian National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11.; ugyfelszolgalat@naih.hu; www.naih.hu) or court.
7. Data security
   1. The Data Controller undertakes to ensure the security of data and takes all technical and organisational measures, puts into place the procedural rules that ensure the protection of all collected, stored and processed data, as well as preventing the destruction, unlawful use and unlawful alteration of data. The Data Controller also undertakes to call upon each third party to whom data are transferred or transmitted without the Applicants’ consent to comply with the data security requirements.
   2. The Data Controller shall ensure that no unauthorised persons may access, disclose, transfer, modify or erase the processed data. The processed data may be accessed only by the Data Controller and its employees, as well as the Processor employed by them, and the Data Controller shall not transfer the data to any third party not authorised to have access to them.
   3. The Controller shall take every possible effort to ensure data are not accidentally damaged or destroyed. The Data Controller requires all its employees taking part in data processing activities to assume the above obligations.
8. Other provisions
   1. This Privacy Policy is governed by GDPR and the Hungarian law.