For a natural person Customer: preparation, conclusion and performance of a contract (Article 6 (1) (b) of GDPR).

For the Contact Person: preparation, conclusion, performance and maintenance of business continuity as a legitimate interest of the Company (Article 6 (1) (f) of GDPR). The Customer warrants to inform the Contact Person in advance in accordance with Section 4.5 of the GTC. Due to the fact that both the Service and the Employer Administration Interface are available electronically and the conclusion of the contract / visual design takes place electronically, the Contact Person’s e-mail address is essential for the provision of the Service, and the Contact Person’s name and title for proper management of rights.

The processing of data related to the payment and invoicing of service fees is based on Section 169 of Act C of 2000 on Accounting and Sections 47 and 164 of Act XCII of 2003 on the Rules of Taxation (Article 5 (1) (c) of GDPR).

Data may be modified on the Employer Administration Interface, in the profile, under the menu item “Modification of data”, during the sending of the electronic order, or in writing by mail or email addressed to the Company’s contact details set out in Section II. The Customer is entitled to name the Contact Person, and also to revoke the contact status.

Data required to create a contact account and liaison:

essential data: contact name, e-mail address, telephone number, password, workplace data (company name, tax number, address, billing address, e-mail address for e-invoice).

optional data: employer’s bank account number, company registration number, title

Personal data processed for contact who don’t have a contact account: name, e-mail address and position of the recruitment contact person; name, e-mail address and position of the financial contact person; and name, e-mail address, and position of the technical contact person.

Scope of data managed for contract preparation, performance of contract, invoicing: Customer’s name (may be a natural person), tax number, company registration number / registration number, registered office, Contact person’s name, title, and e-mail address, telephone number, billing address, mailing address, e-mail address for billing purposes, bank account number, names and e-mail addresses of the contact persons, name of the advertised position, data related to the position to be filled, advertisement (s) identifier, services used, unpaid debts, data required to collect payment obligation (s), evaluations, opinions.

Regarding the natural person Customer: Preparation of the contract for the Profession.hu Service (including the recall explicitly requested by the Customer and the e-mail warning of the interrupted order), conclusion, performance, employer registration, operation of the Service: posting job advertisements, access to CVs and other processed data (authorised and approved by the User), access to advertising statistics, sending notification letters set up by the data subject, use of additional services related to the search for employees (e.g. candidate referral, Services recruitment, etc.).

Regarding the Contact Person: Processing the data of the Contact Person employed by the employer that has concluded a contract with the Company for the purpose of using the Services, for the purpose of the preparation of the contract (including the recall explicitly requested by the Contact Person and the e-mail warning of the interrupted order), to enter into the contract, to perform the Services, to establish the contact account, managing such account for the purpose of liaising, operation of the Service: posting job advertisements, access to CVs, access to other processed (User authorized, approved) data, access to advertising statistics, sending notification letters set up by the data subject, additional services related to employee search (e.g. candidate recommendation, Services recruitment, etc.), building and maintaining system connections, handling invoice complaints, debt collection.

In order to fulfil its accounting obligations, the Service Provider will process the data relating to the payment and use of the ordered services for 8 years pursuant to Section 169 of Act C of 2000, and for the limitation period specified in Section 164 of Act XCII of 2003 on the Rules of Taxation, and for the period specified in Section 47 (see “Scope of the processed data”).

The Company will delete the personal data of the natural person Customer and the Contact Person 3 years after the last contact with the Customer, except for the data necessary for the fulfilment of the accounting obligations. Personal data of the technical contact person are processed for the duration of the system connection or for a period of 1 year following the last contact.

Termination of the contact person’s access to the Employer Administration Interface can be initiated via the email address ugyfelszolgalat@profession.hu and through the designated seller. We would like to draw the Customer’s attention to the fact that the termination of contact access does not mean the termination of the processing of company data.

Data controllers entitled to access the data, data transfer

Data transmission related to debt collection:

Under Article 10.8 of the GTC, in case of late payment or non-performance of the Customer, the Service Provider shall provide the required data (e.g. debtor’s name, address, e-mail address, claimed amount, and related documentation) for the purpose and for the duration of the management, collection and enforcement of the claim to the companies entrusted with the management of the Service Provider’s receivables (Data Processors: INTRUM JUSTITIA Követeléskezelő Zártkörűen Működő Részvénytársaság, COFACE Hungary Credit Management Services Gazdasági Szolgáltató Korlátolt Felelősségű Társaság, Work Out Service Korlátolt Felelősségű Társaság).

Authorization of payment transaction, bank card acceptance, fraud monitoring and fraud prevention, chargeback claim and customer complaint assessment, strong customer authentication, 3D Secure service provision.

Logged in contact person’s last name, first name, phone number, e-mail address, gross amount, IP address, date and time of transaction, billing address (country, city, address, postal code), language of purchase, customer ID and order ID, data collected from browser used during online shopping by logged in contact person: the value of the Accept http header, which is the format that appears in the body of the http request; the name and version number of the browser and operating system used, the default language; the IP address of the browser source; whether the browser can run java code; browser language; browser color depth; the height of the browser screen; the width of the browser screen; browser time zone.

Execution of a payment transaction required for the performance of a contract, authorization, monitoring and prevention of fraud and related chargeback claim and strong customer authentication required by payment service providers, provision of 3D Secure service as legitimate interests to prevent bank card fraud (Article 6 (1) GDPR (f)).

It is in the legitimate interest of the Service Provider to prevent fraud related to the payment process and online payment, misuse of the credit card during online credit card payments, attacks on the computer system providing online payment, circumvention of security measures, detection of probable frauds when paying for its products and services and to detect fraud and to assist and facilitate criminal and other legal proceedings in connection with fraud by providing information on the fraud committed. The Service Provider has no legal obligation to report fraud or other claims related to online payment fraud, however, in the event of such a complaint or legal action, the provision of fraud-related data is in the common interest of the Service Provider and the acting authority and society. The prevention and detection of fraud related to online payments helps to strengthen public trust in online payments and the future reduction of fraud, which is not only a legitimate interest of the Service Provider, but also a social public interest. Fraud prevention also directly reduces the amount of fees to be reimbursed by the Service Provider due to fraud, which is also in the service provider’s business interest. The legitimate interest is based on the compliance with the European Banking Authority’s 3DSecure standard and  3D Secure 2.x / 3.x standard of EMVCo bringing together card companies, issuing banks and other payment service providers stipulated based ont he regulations of the European Union.

Data not required to fulfill the accounting obligation will be kept for 5 years from the date of the order (payment transaction) (general civil law limitation period).

The Data Subject acknowledges that by purchasing with a bank card, the following data will be transmitted via Nevogate Payment Services Ltd. as data processor to K&H Pénzforgalmi Szolgáltató Ltd. as independent data controller or via SimplePay Zrt. as data processors to OTP Bank Nyrt. (1051 Budapest, Nádor u. 16.) or Borgun hf. (Ármúli 30, 108 Reykjavik, Iceland) as payment service providers (SimplePay, acting within its own discretion, freely decides during the provision of the SimplePay service when and which of the above financial institutions it uses, i.e., who is the recipient of the data transfer):

the surname, given name, telephone number, email address, IP address of the logged-in contact person; billing (company) name; billing address (country, city, street address, postal code); name, quantity, and value of the ordered service.

K&H Payment Services Kft. or OTP Bank Nyrt. / Borgun hf, acting as independent data controllers by authorisation of the Hungarian National Bank and pursuant to Act CCXXXVII of 2013 (Hpt.), perform payment transaction acceptance for the execution of the payment transaction and related chargeback requests and customer complaints. In connection with this, as independent data controllers, they also carriy out strong customer authentication pursuant to Act LXXXV of 2009 on the provision of payment services.

During the authorization of the payment transaction and the monitoring and prevention of fraud, Borgun hf. acts as an independent data controller, while OTP Bank Nyrt. acts as a sub-processor of the Service Provider. In the course of data transfer, SimplePay Zrt. also acts as a data processor for both OTP Bank Nyrt. and Borgun hf.

The purpose of data transfer: to perform the data communication required for payment transactions between the merchant and the system of payment service providers through the K&H vPOS payment system, to authorize transactions, to monitor and prevent fraud in order to prevent misuse of credit cards, to charge chargeback and complaint handling, strong customer authentication with 3D Secure.

Legal basis for data transfer: execution of a payment transaction required for the performance of the contract as legitimate interest; authorization of payment transaction, fraud monitoring / prevention and strong customer authentication and 3D Secure service required by payment service providers as a legitimate interests in preventing bank card fraud (Article 6 1 (f) of the GDPR).

Sending a direct business acquisition or marketing request with advertising content by e-mail (hereinafter e-DM).

The e-DM may include the Company’s own business offerings; a description of the Company’s Services, events, prize games and news; a warning about a service started but not completed; coupon discount; a report on service provider news; HR professional articles / news / novelties; even third party offers related to the HR profession; questionnaires measuring satisfaction with the Service (in order to ensure and improve the quality of the Service and to handle possible complaints), market research questionnaires.

Minimum data required: surname, first name, e-mail address.

The content and frequency of sending the e-DM may be influenced by the Customer’s registered office, size, scope and extent of services used, indicated demand, other data about the Customer, activity in the Contact Interface assigned to the Customer and in e-DM (e.g. opening / not opening e-mail, clicking on email content, conversion events, page visits) and conclusions to be drawn from this data. E-DMs can also be sent based on manual customer selection and automatic evaluation and analysis of the listed data. The addressee of the advertising messages is in all cases the Customer acting within the scope of its economic activity (a potential or contracted partner of the Company).

The scope of the data processed for the satisfaction survey: company name, Contact person’s telephone number, Contact person’s e-mail address, the numerical evaluation generated upon the sharing of the opinion expressed during the responses to the satisfaction questionnaire and the corresponding textual feedback.

The answers provided in the course of market research are also processed anonymously, and neither the answers nor the e-mail addresses are linked to the identity of the respondents, and accordingly the statistical data generation is anonymous. Those who fill in the questionnaire can participate in the related game according to the individually specified and accepted conditions, in which case their e-mail address must be provided.

Legal basis of data processing

The economic interest of the Company in the acquisition of business as a legitimate interest (Article 6 (1) (f) of the GDPR), if the Customer has registered contacts on the Interface. Given that the e-DM is addressed to the Customer as an entity operating within the scope of its economic activity, the privacy of the data subjects is not affected by the data processing (given that corporate contact data are processed) and the data subjects’ right to self-determination is provided for and the processing of personal data is also in the interest of the Customer (through discounts, more efficient use of services, by obtaining useful information in the field of HR), and furthermore the data processing is absolutely necessary and proportionate to optimize business acquisition and the Company’s legitimate interest is justified by GDPR (14).

Consent given as a contact person of an entity operating within the scope of its economic activity and as a professional interested in the HR field (Article 6 (1) (a) of the GDPR).

The economic interest in the acquisition of business as a legitimate interest (Article 6 (1) (f) of the GDPR) if the Data Subject has consented to the availability of his / her name and e-mail address as the employer’s company data in the company database (data source) of Bisnode Magyarország Kft (1093 Budapest, Közraktár u. 30-32 V. em.). Given that the e-DM is addressed to the potential Customer as an entity operating within the scope of its economic activity, the privacy of the data subjects is not affected by the data processing, and the data subjects’ right to self-determination is provided for, and the processing of personal data is also in the interest of the Customer (through discounts), and furthermore the data processing is absolutely necessary and proportionate to optimize business acquisition, and the Company’s legitimate interest is justified under GDPR (14) Preamble.

Duration of data processing 

Until withdrawal of consent, or a protest against sending e-DM.

A maximum of 72 hours from the withdrawal of the consent or the protest is required for the Data Subject to be guaranteed not to receive another e-DM message from which he or she has unsubscribed.

Termination of the contact account constitutes withdrawal of consent.

The fact and date of the unsubscription are recorded in order to be provable in such a way that the previous personal data cannot be recovered from it, but the unsubscription can be proved when specific data is provided.

Regarding the company data from the database of Bisnode Magyarország Kft., a negative list of unsubscribed e-mail addresses is made in order to avoid repeated inquiries, i.e. to ensure protest.

Unless otherwise stated in advance, the Company will process the data of the participants of the market research / satisfaction survey for 3 months.

Possibility of data correction, cancellation and protest

Consent may be revoked at any time without restriction or justification, free of charge, and data processing may be prohibited.

The consent can be revoked, the data processing can be prohibited on the unsubscribe interface available via the e-DM letter, at the customer service email address ugyfelszolgalat@profession.hu , as well as at mailing address of the registered seat of the Company as referred to above in Section II.

Enforcement of information self-determination rights

The Data Subject is entitled to use a setting, by disabling / deleting the cookie stored in the browser on the basis of a consent given in the Interface, where the Company acting as data controller sends direct business acquisition or marketing request with advertising content without monitoring the activity on the Interface / e-DM and the automation is disabled. The Data Subject is also entitled to request human intervention on the part of the Company, to express its opinion, and to protest at any time against the sending of a direct business acquisition or marketing request containing advertising content at any of the contact details of the Company set out in Section II.

Data controllers entitled to access the data (data transfer)

Our company does not transfer data to third parties

Send HR profession related articles/news/news

surname, first name, e-mail address, company name

The content of the professional newsletter is influenced by the thematic page or article from which the person concerned has subscribed.

Duration of data processing

Until consent is withdrawn.

A maximum of 72 hours from the date of withdrawal of consent or objection is required to guarantee that the Data Subject will not receive any further professional newsletter from which he/she has unsubscribed.

Termination of the contact account shall constitute withdrawal of consent.

The fact and date of the unsubscription will be recorded in such a way that, for reasons of evidence, it will not be possible to retrieve the previous personal data, but it will be possible to prove the unsubscription when specific data are provided.

Legal basis of data processing

Consent of the Data Subject (Article 6 (1) (a) of the GDPR).

Deletion and objection options

Consent may be withdrawn at any time, without restriction and without giving any reason, free of charge, and data processing may be prohibited.

Consent may be withdrawn and processing may be prohibited via the unsubscribe interface available from the e-DM mail, at the customer service email address ugyfelszolgalat@profession.hu and at the Company’s postal address at its registered office as set out in point II.

Data controllers entitled to access the data, data transfer

Our company does not transfer data to third parties.

• • By e-mail: name, e-mail address, company name, request content
• • By written request: name, address, content of the request, copy of the reply
• • In case of telephone administration: name, voice recording, start time and duration of the call, telephone number, unique call ID
• • For chat conversation: name, company name, request content, response, chat log data (chat start and end time, duration, latency, chat content, IP address, location, network, browser type, version and language, operating system, screen resolution, statistics)

Administration of the Company’s services available on the Interface, providing general information, and provision customer service in order to verification of the legal operation (checking the adequacy of the right to use the service).

In case of complaint handling: the purpose of data processing is to document the Data Subject’s identity, the exact time of the complaint and the content of the complaint, and to document the information provided for the Company about the complaint, in order to handle complaints received by the Company orally, by telephone, in writing and by e-mail and chat.

The Company will process the data on the starting time and duration of the call, as well as the telephone number (data used for call identification) in order to identify the calls and distinguish them from other calls.

The chat log data is processed in order to distinguish it from other chat conversations, as well as to control the operation of the chat service, to make it more efficient and to improve it.

Duration of data processing

• in the case of an e-mail or written inquiry for 36 months,
• in case of chat or customer service call for 24 months,
• except for pending requests and cases where the data processing is terminated 6 months after the case has been settled
• in case of phone calls to direct sales lines for 3 months.

Legal basis of data processing

The legal basis for data management related to customer service administration is the legitimate interest of the data controller (GDPR Article 6 (1) point f) to prove the administration afterwards, to be able to assert its rights, and at the same time to provide more accurate information, which results in greater customer satisfaction and provides an opportunity for information to provide, and to handle objections and requests. The Company provides several forms of administration, so the data subject has the right to decide, he can choose which form he wishes to communicate and how much data to share during administration.

During telephone customer service or recall of a salesperson, the voice recording is carried out based on the consent of the data subject (GDPR Article 6 (1) a) ). If the Data Subject does not consent to the voice recording, he/she may express his/her refusal of consent by not choosing from the individual menu items, disconnecting the call, and in the case of a telephone call back, indicating that he/she does not consent to the recording. In this case, our Company can be reached on the website www.profession.hu or at our other contact details provided on the interface https://ugyfelszolgalat.profession.hu/en/customer-service-for-employers/ and also published below, e.g. at the e-mail address ugyfelszolgalat@profession.hu, in the form of a postal letter (1123 Budapest, Nagyenyed utca 8-14. IV. emelet).

Data controllers entitled to access the data, data transfer

Our company does not transfer data to third parties.

Enforcement of information self-determination rights

The Data Subject may object to the processing of personal data in course of written/chat/e-mail correspondence with the customer service. In this case, the Company will examine whether the processing of personal data is justified by compelling legitimate grounds that override the interests, rights and freedoms of the data subject, or that are related to the establishment, exercise or protection of legal claims, and will decide on the maintenance/termination of the processing depending on this.

The Data Subject may request the deletion of the voice recording at any time. In this case, our Company will delete the recorded conversation, audio recording and, if justified by the content of the conversation, record the essence of the conversation in a written record (only summary). The recording of the record (legal basis for data processing: GDPR Article 6 (1) f)) is carried out in order to prove the content of the conversation. If the content of the conversation does not justify the drawing up of the record, the conversation will be deleted without drawing up a record.

The Data Subject may request a written copy of the voice recording, chat conversation, e-mails written to the customer service, by e-mail or by post, which the Company shall provide to the Data Subject in electronic form, protected by a password in the case of voice recording, or by electronic mail in other cases. The Data Subject may not use the copy for any other purpose, accordingly they may not disclose it or pass it on to third parties, in particular, but not exclusively, to other job portals. Our Company only consents to the use of the conversation in accordance with this section, i.e. to provide the Data Subjects with information about their processed data.

name, position, employer name, voice recording, telephone number, data used to identify the call (call date and start time, call direction: outgoing, call outcome: answered, call duration and conversation time, affected waiting lines, waiting time, opening hours status, unique call identifier)

The telephone conversation initiated by the sales associate is recorded within the Company’s organization for educational purposes (individual and group-level sales skills development) and quality improvement purposes, with prior notification. The recorded audio recording may also serve to handle controversial situations by listening back to what was said. The Company processes the data used to identify the call for the purpose of identifying the calls and distinguishing them from other calls.

Duration of data processing

3 months

Legal basis of data processing

The legal basis for data processing related to voice recording for sales purpose is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR), which is to promote itself among its business clients (employers) and to approach them with specific sales offers. This is closely related to the need to communicate effectively, efficiently, and in compliance with employer requirements during phone inquiries. It is also in the fundamental interest of the called business partners to perform their work more quickly and efficiently by receiving well-communicated, retrievable offers through prepared sales staff. This results in greater customer satisfaction and provides an opportunity to handle objections and requests, while ensuring the option to object.

Data controllers entitled to access the data, data transfer

Our company does not transfer data to other data controllers.

Possibility of cancellation and objection

During the phone conversation, the sales representative informs the Data Subject about the data processing and ensures the possibility of objection. In case of objection, the call is terminated, and the sales representative calls back from a non-recorded line.

The Data Subject may request a copy of the audio recording in writing, via email, or postal mail. In the case of an audio recording, the Company provides the copy electronically in a password-protected format. The Data Subject may not use the copy for any other purpose; specifically, they may not publish it or transfer it to third parties, particularly but not exclusively to other job portals. Our Company only consents to the use of the conversation for the purpose outlined in this section, namely to provide the Data Subject with information about their processed data.

Evaluation of the employer, assistance to job seekers in finding the right workplace.

• The content of the user’s reviews may include the name of a senior management position at the Customer.
• The user’s review may refer to the Customer who is a natural person (e.g. sole trader, individual lawyer, patent attorney, primary producer), so it may contain the name, location, evaluation of the Customer, and the conclusions that can be drawn from the evaluation for the person concerned.
• During the employer’s response to the user review, the job title specified by the respondent appears.

Legal basis of data processing

The legitimate interest of the Company (GDPR Article 6 (1) point f) is to operate a job portal that provides job seekers with useful information about the employers who advertise.

The purpose of the evaluation is not to evaluate the natural persons involved, but employers. The framework for this, the possibility of the employer’s counter-response and the employer’s/stakeholder’s complaint (protest) are laid down in the Company’s regulations. Based on publicly available company information, the identity of senior managers is mostly public knowledge. Data management is necessary, the range of data handled is proportional to the provision of the service.

Entitled to access data

Our company publishes the reviews (including, where applicable, personal data) and counter-responses publicly, accessible to anyone, on the Surface, if the Customer’s company page is available.

Duration of data processing

The user reviews containing personal data is available until it is deleted – by the User or our Company – or until the evaluating User’s profession.hu registration is deleted, or until it is deleted based on the service provider’s investigation following an objection by the data subject. The review will be deleted even if the User submitting the review deletes from his professional profile the position in connection with which he submitted the review or the evaluated employer himself.
The employer’s response is available until the user or service provider deletes the user review or until it is deleted by the Customer.

Possibility of cancellation and protest

Objections to data management can be registered at the e-mail address ugyfelszolgalat@profession.hu.
On the other hand, the review available on the company page of the given employer is marked with “!” you can report it by pressing the button – you can indicate that you object to data management.
The Customer can delete his response to the user opinion by logging into the employer interface in the Company Profile menu.

The Service Provider continuously logs the following data for statistical and debugging purposes, as well as to prevent abuse, to verify the performance and operation of the Service, and to delete these data after 180 days: date of visit, IP address, address of the page viewed.

As part of tracking the operation of the Interface, the logged error event (so-called standard yii log, date, time, name / description of the error event, IP address with data content) is stored for 180 days from the date of the error event.

The logging is done in the legitimate interest of the Company (Article 6 (1) (f) of the GDPR) so that the latter is able to ensure the IT security of the Interfaces, and their resistance to offensive, illegal or malicious acts and activities against the website / application (e.g. unauthorized access). Logging is absolutely necessary and proportionate to achieve the goals detailed above.

System messages 

It is not possible to sign off of the system notifications relating to the registration, its termination, and the operation of the Service.

Costumer service e-mail address: vip@invitech.hu

operating the chat service