Privacy info

PRIVACY STATEMENT

FOR JOB APPLICANTS

 

  1. Scope

In this privacy policy (hereinafter referred to as: “Privacy Policy”), KPMG Hungária Könyvvizsgáló, Adó- és Közgazdasági Tanácsadó Korlátolt Felelősségű Társaság (company registration number: 01-09-063183; registered office: 1134 Budapest, Váci út 31; hereinafter referred to as: “Company”) sets forth the personal and possibly sensitive data of individual job applicants (hereinafter referred to as: “Job Applicant”) in relation to job applications sent to the Company, if the Job Applicant applies for jobs advertised by the Company.

This Privacy Policy shall cover all private individuals who submit an application for a job advertised by the Company in any manner, and in so doing makes their personal data available to the Company for processing and collection purposes.

2. APPLICABLE LEGISLATION, RELEVANT INTERNAL POLICIES OF THE COMPANY

In the context of processing employee data, the Company takes relevant Hungarian and European Union legislation into account, particularly,

  • Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as: GDPR),[1]
  • Act CXII of 2011 on the Right of Informational Self-Determination and the Freedom of Information (Info Act),
  • other sectoral regulations referred to in this Privacy Policy.

3. INTERPRETIVE PROVISIONS

  • Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Sensitive data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic and biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;

Data subject: any identified or identifiable natural person;

Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future;

Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

4. PRINCIPLES OF PROCESSING

Personal data shall be:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (“purpose limitation”);
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”);

The controller shall be responsible for, and be able to demonstrate compliance with, the principles in this section (“accountability”).

5. Detailed information on processing operations

5.1. SCOPE OF PROCESSED DATA

  1. The processed personal data shall include that provided freely by the Job Applicant, and personal data in CVs and in other attached documents provided directly to the Companyor via recruitment agencies, in particular, but not limited to: CV information, ID number, name, email address, telephone number, position applied for, permanent address, date of birth, gender, date of last application, date of registration, status (active/passive), salary expectation and other demands, area, level and description of qualifications, spoken languages and level thereof, fields of work experience, level of position, number of years, ideal area of work, level of position, location, date of application, feedback from company.
  2. The Company shall receive and process personal data from the recruitment firm assuming that the recruiter obtained such from the Job Applicant based on explicit and freely given consent after being properly informed. The recruitment firm is obliged to obtain the afore-mentioned consent from the Job Applicant in the manner described above. The consent must include the fact that the Company may obtain the data from the recruitment firm.

5.2. LEGAL BASIS FOR PROCESSING

In terms of Personal data, the legal basis for the processing pursuant to Article 6 (1) a) of the GDPR shall be the consent of the Job Applicant given freely, in advance and based on complete information.The Company does not normally process sensitive personal data, but it cannot rule out the possibility that Job Applicants may share Sensitive data about themselves during the application process.

With due consideration of the above, if the Job Applicant also provides sensitive personal data, the legal basis for the processing of Sensitive data shall be the explicit consent of the Job Applicant in accordance with Article 9 (2) a) of the GDPR.

Job Applicants may withdraw their consent to processing at any time, however, this shall not affect the legality of the processing prior to the withdrawal of consent carried out on the basis of the consent.

5.3. PURPOSE OF PROCESSING

The Company shall process the personal data in CVs and other attached documents received directly or via recruitment firms for the purposes of informing data subjects about possible job opportunities that are most suited to their qualifications and interests, making appointments with data subjects and conducting the selection process.

A further purpose of the processing is to evaluate the application of the Job Applicant, or if the Job Applicant provides separate consent, then to examine future opportunities to employ the Job Applicant.

5.4. ACCESS RIGHTS FOR PROCESSING

Those participating in evaluating the job applications, in particular, the HR Director, Recruiter, HR Generalist, Recruitment trainees, and the head of the department that is advertising the position are entitled – in line with employment law rules that apply to them – to familiarise themselves with the data of the Job Applicant in connection with the processing set forth in this Privacy Policy.

5.5. RETENTION OF PROCESSED PERSONAL DATA

Personal data is essentially processed based on consent for the duration of the application process. If the Job Applicant is selected, the data given in connection with the application shall be rendered anonymous within 90 days of the first working day.

The personal data of unsuccessful Job Applicants shall be rendered anonymous within 30 days of notification thereof.

If a Job Applicant was unsuccessful, but provided explicit consent for the Company to retain his or her personal data for the purposes of being notified of similar positions becoming vacant in the future, the Company may retain such data based on this consent for a period of 2 years from the application. This consent shall enable the Company to contact the Job Applicant later on if a job becomes available that they may be suitable for. If the Job Applicant does not give consent to the data retention, the Company shall render his or her data anonymous within 30 days of notification thereof. In case you the Applicant does not agree to anonymise his/herdata, we are going to delete all of his/her personal data immediately, or later in 30 days upon his/her request. 

Anonymisation: a technical procedure that permanently ensures no link can be restored between the data subject and the data. Anonymous data is information that does not enable a certain Job Applicant to be personally identified. This data is not connected to other personal data, i.e. the Job Applicant cannot be identified based on this data.

If the person is subsequently employed then contractual provisions regarding the given employment along with legislative provisions shall apply to the processing of data and documents.

6. PROCESSORS, TRANSFERS

The Company shall engage the services of a processor for the technical operations related to its processing.

Contact details of Processor:

Name:

hrfelho.hu Kft.

Registered office

1119 Budapest, Bártfai u. 15-17

Company registration number

01-09-322675

Tax number

26296465-2-43

The privacy policy of the Processor can be found at this link http://hrfelho.hu/adatvedelem.html, where Job Applicants can learn about the role of the Processor in the Controller’s recruitment processes in connection with registering in the system.

The Company shall not transfer the Job Applicant’s data, unless a court, the public prosecutor, an investigation authority, an authority dealing with infringements or public administration, the National Authority for Data Protection and Freedom of Information (NAIH) or other bodies based on authorisation set forth in legislation contact the Company for information, the disclosure or transfer of data, or for the provision of documents.

7. RIGHTS OF DATA SUBJECTS

Job Applicants can access and update their data, or erase such from the system, via the user panel. In addition to this, Job Applicants may withdraw their consent and permanently delete their user profile.

7.1. Access/information rights of data subjects

The Job Applicant shall have the right to obtain information from the Controller as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • Purpose of processing;
  • Categories of the Job Applicant’s personal data;
  • The planned period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
  • The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations. Where personal data are transferred to a third country or to an international organisation, the Job Applicant shall have the right to be informed of the appropriate safeguards pursuant to the GDPR relating to the transfer;
  • Where the data are not collected from the Job Applicant, any available information as to their source;
  • The Job Applicant’s right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning him or her or to object to such processing;
  • The right to lodge a complaint with a supervisory authority;
  • The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Job Applicant. 

The Company must provide the Job Applicant with a copy of the personal data subject to the processing. For any further copies requested by the Job Applicant, the Controller may charge a reasonable fee based on administrative costs. Where the Job Applicant makes the request by electronic means, and unless otherwise requested by the Job Applicant, the information shall be provided in a commonly used electronic form.

7.2. Right of rectification

The Job Applicant shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. With due consideration of the purpose of the processing, the Job Applicant may request missing personal data be provided.

7.3. Right to restriction

At the request of the Job Applicant the Controller shall restrict processing if any of the conditions below are met:

  • The Controller no longer needs the personal data for the purposes of the processing, but the Job Applicant needs them to establish, exercise or defend legal claims;
  • The processing is unlawful, the Job Applicant opposes the erasure of the data, but instead requests the restriction of their use;
  • The Job Applicant contests the accuracy of the personal data. In this case the restriction shall apply for as long as the Controller can oversee this;
  • The Job Applicant objects to the processing. In this case the restriction shall last until it is verified whether the legitimate grounds of the Controller override those of the Job Applicant.

If the processing is restricted, such personal data may only be processed, with the exception of storage, for the following reasons and based on the following legal bases:

  • with the consent of the Job Applicant;
  • for an important public interest of the Union or some Member State, or
  • to establish, exercise or defend legal claims, or defend the rights of other natural or legal persons.

If the restriction of the processing is lifted, the Company must inform the Job Applicant in advance where the processing was restricted on their behalf.

7.4. Right to object

For personal reasons, a Job Applicant may object at any time against the processing of his or her personal data based on legitimate interests, including profiling. In this case the personal data may no longer be processed unless the Controller demonstrates compelling legitimate grounds on its side for the processing which override the interests, rights and freedoms of the Job Applicant, or which relate to the establishment, exercise or defence of legal claims.

Where data is processed for direct marketing purposes, the Job Applicant shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the Job Applicant objects to processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.

This right to object as referred to above should be explicitly brought to the attention of the Job Applicant no later than at the first contact, and presented clearly and separately from any other information.

The Job Applicant shall not be entitled to object if the processing is based on consent, to ensure compliance with a legal obligation, the performance of a contract, or is to defend vital interests.

7.5. Right to erasure

At the request of the Job Applicant the Company shall, without undue delay, erase personal data concerning him or her. 

In addition to this, the Controller shall erase the Job Applicant’s personal data without undue delay, if:

  • The personal data have been unlawfully processed;
  • The Job Applicant withdrew his or her consent, provided there is no other legal basis;
  • The personal data are no longer needed in relation to the purposes for which they were collected or otherwise processed;
  • The erasure is required for compliance with a legal obligation in Union or Member State law;
  • The Job Applicant objects to the processing, and the Controller has no overriding legitimate reason for the processing. If the Job Applicant objects to the processing of his or her data as collected for direct marketing purposes, the data must be erased;
  • The personal data was collected in relation to information society services offered directly to children, without the consent of the holder of parental responsibility.

If the Controller published the personal data and is obliged to erase it in accordance with the above, taking account of available technology and the cost of implementation the Controller shall take all reasonable steps, including technical measures, to inform controllers which are processing the personal data that the Job Applicant has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Data may not be erasedif the processing:

  • is necessary for compliance with a legal obligation which requires processing by Union or Member State law;
  • is necessary to establish, exercise or defend legal claims (e.g. the data is required for use in court proceedings or as evidence).
  • is necessary for exercising the right of freedom of expression and information;
  • is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and the erasure would render impossible or seriously impair the processing.

7.6. Right to data portability

The Job Applicant shall have the right

  • to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format, and
  • to transfer those data to another controller without hindrance from the Controller to which the personal data have been provided, where:
  • the processing is based on consent or a contract, and
  • the processing is carried out by automated means.
  • to havethe personal data transferred directly from one controller to another, where technically feasible.

7.7. Rights to automated processing

The Job Applicant shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The Job Applicant shall have this right on a universal basis, so exercising it does not depend on whether it is requested or not.

Thus automated processing may only be applied if

  • it is based on the explicit consent of the Job Applicant;
  • it is necessary for entering into, or performing, a contract between the Job Applicant and the Controller;
  • this is possible based on Union or Member State law applicable for the Controller.

In the first two cases, the controller shall implement suitable measures to safeguard the Job Applicant’s rights and freedoms and legitimate interests, including at least the Job Applicant’s right

  • to express his or her point of view,
  • to contest the decision, and
  • to obtain human intervention on the part of the controller.

In the cases outlined above the decisions may not be based on special categories of personal data, apart from explicit consent and significant public interest, and only if appropriate steps have been taken to protect the rights, freedoms and legitimate interests of the Job Applicant.

In connection with exercising his or her rights listed in Section 7 the Data subject may contact the Company at 1134 Budapest, Váci út 31, or by email at dataprivacykpmghu@kpmg.hu.

7.8. Right to legal remedy

All Job Applicants shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the processing of personal data relating to him or her infringes regulations. Contact information for legal remedies and complaints:

Name: National Authority for Data Protection and Freedom of Information Address: H-1125 Budapest Szilágyi Erzsébet fasor 22/c Telephone: +36 1 391 1400 Fax: +36 1 391 1410, Email: ugyfelszolgalat@naih.hu, Website: www.naih.hu

In addition to the above, Job Applicants may also turn to the courts.



[1]The official text of the GDPR can be found here: https://eur-lex.europa.eu/legal-content/HU/TXT/?uri=celex%3A32016R0679

Why should you choose us?


You can improve yourself on an average of 64 hours of professional and individual training each year.


Part-time working hours and working partly from home to help you attain a healthy work-life balance.


We organise annual health screenings for our colleagues, and health insurance is part of your benefits. We also support our colleagues’ sports activities, including team sports and running races.


More than 80% of our colleagues is proud to work at KPMG.


You can dedicate three working days per year to volunteering, including centrally organised professional pro bono jobs as well as individual initiatives supported by the company.


You can test yourself in KPMG offices abroad with your secondment lasting from a few months to a few years.


When you get started you'll receive an iPhone and a laptop, and you can also use the associated employee package for private purposes up to the set limit.