FOR JOB APPLICANTS
2. APPLICABLE LEGISLATION, RELEVANT INTERNAL POLICIES OF THE COMPANY
In the context of processing employee data, the Company takes relevant Hungarian and European Union legislation into account, particularly,
3. INTERPRETIVE PROVISIONS
Sensitive data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic and biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;
Data subject: any identified or identifiable natural person;
Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future;
Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
4. PRINCIPLES OF PROCESSING
Personal data shall be:
The controller shall be responsible for, and be able to demonstrate compliance with, the principles in this section (“accountability”).
5. Detailed information on processing operations
5.1. SCOPE OF PROCESSED DATA
5.2. LEGAL BASIS FOR PROCESSING
In terms of Personal data, the legal basis for the processing pursuant to Article 6 (1) a) of the GDPR shall be the consent of the Job Applicant given freely, in advance and based on complete information.The Company does not normally process sensitive personal data, but it cannot rule out the possibility that Job Applicants may share Sensitive data about themselves during the application process.
With due consideration of the above, if the Job Applicant also provides sensitive personal data, the legal basis for the processing of Sensitive data shall be the explicit consent of the Job Applicant in accordance with Article 9 (2) a) of the GDPR.
Job Applicants may withdraw their consent to processing at any time, however, this shall not affect the legality of the processing prior to the withdrawal of consent carried out on the basis of the consent.
5.3. PURPOSE OF PROCESSING
The Company shall process the personal data in CVs and other attached documents received directly or via recruitment firms for the purposes of informing data subjects about possible job opportunities that are most suited to their qualifications and interests, making appointments with data subjects and conducting the selection process.
A further purpose of the processing is to evaluate the application of the Job Applicant, or if the Job Applicant provides separate consent, then to examine future opportunities to employ the Job Applicant.
5.4. ACCESS RIGHTS FOR PROCESSING
5.5. RETENTION OF PROCESSED PERSONAL DATA
Personal data is essentially processed based on consent for the duration of the application process. If the Job Applicant is selected, the data given in connection with the application shall be rendered anonymous within 90 days of the first working day.
The personal data of unsuccessful Job Applicants shall be rendered anonymous within 30 days of notification thereof.
If a Job Applicant was unsuccessful, but provided explicit consent for the Company to retain his or her personal data for the purposes of being notified of similar positions becoming vacant in the future, the Company may retain such data based on this consent for a period of 2 years from the application. This consent shall enable the Company to contact the Job Applicant later on if a job becomes available that they may be suitable for. If the Job Applicant does not give consent to the data retention, the Company shall render his or her data anonymous within 30 days of notification thereof. In case you the Applicant does not agree to anonymise his/herdata, we are going to delete all of his/her personal data immediately, or later in 30 days upon his/her request.
Anonymisation: a technical procedure that permanently ensures no link can be restored between the data subject and the data. Anonymous data is information that does not enable a certain Job Applicant to be personally identified. This data is not connected to other personal data, i.e. the Job Applicant cannot be identified based on this data.
If the person is subsequently employed then contractual provisions regarding the given employment along with legislative provisions shall apply to the processing of data and documents.
6. PROCESSORS, TRANSFERS
The Company shall engage the services of a processor for the technical operations related to its processing.
Contact details of Processor:
1119 Budapest, Bártfai u. 15-17
Company registration number
The Company shall not transfer the Job Applicant’s data, unless a court, the public prosecutor, an investigation authority, an authority dealing with infringements or public administration, the National Authority for Data Protection and Freedom of Information (NAIH) or other bodies based on authorisation set forth in legislation contact the Company for information, the disclosure or transfer of data, or for the provision of documents.
7. RIGHTS OF DATA SUBJECTS
Job Applicants can access and update their data, or erase such from the system, via the user panel. In addition to this, Job Applicants may withdraw their consent and permanently delete their user profile.
7.1. Access/information rights of data subjects
The Job Applicant shall have the right to obtain information from the Controller as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
The Company must provide the Job Applicant with a copy of the personal data subject to the processing. For any further copies requested by the Job Applicant, the Controller may charge a reasonable fee based on administrative costs. Where the Job Applicant makes the request by electronic means, and unless otherwise requested by the Job Applicant, the information shall be provided in a commonly used electronic form.
7.2. Right of rectification
The Job Applicant shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. With due consideration of the purpose of the processing, the Job Applicant may request missing personal data be provided.
7.3. Right to restriction
At the request of the Job Applicant the Controller shall restrict processing if any of the conditions below are met:
If the processing is restricted, such personal data may only be processed, with the exception of storage, for the following reasons and based on the following legal bases:
If the restriction of the processing is lifted, the Company must inform the Job Applicant in advance where the processing was restricted on their behalf.
7.4. Right to object
For personal reasons, a Job Applicant may object at any time against the processing of his or her personal data based on legitimate interests, including profiling. In this case the personal data may no longer be processed unless the Controller demonstrates compelling legitimate grounds on its side for the processing which override the interests, rights and freedoms of the Job Applicant, or which relate to the establishment, exercise or defence of legal claims.
Where data is processed for direct marketing purposes, the Job Applicant shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the Job Applicant objects to processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.
This right to object as referred to above should be explicitly brought to the attention of the Job Applicant no later than at the first contact, and presented clearly and separately from any other information.
The Job Applicant shall not be entitled to object if the processing is based on consent, to ensure compliance with a legal obligation, the performance of a contract, or is to defend vital interests.
7.5. Right to erasure
At the request of the Job Applicant the Company shall, without undue delay, erase personal data concerning him or her.
In addition to this, the Controller shall erase the Job Applicant’s personal data without undue delay, if:
If the Controller published the personal data and is obliged to erase it in accordance with the above, taking account of available technology and the cost of implementation the Controller shall take all reasonable steps, including technical measures, to inform controllers which are processing the personal data that the Job Applicant has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Data may not be erasedif the processing:
7.6. Right to data portability
The Job Applicant shall have the right
7.7. Rights to automated processing
The Job Applicant shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The Job Applicant shall have this right on a universal basis, so exercising it does not depend on whether it is requested or not.
Thus automated processing may only be applied if
In the first two cases, the controller shall implement suitable measures to safeguard the Job Applicant’s rights and freedoms and legitimate interests, including at least the Job Applicant’s right
In the cases outlined above the decisions may not be based on special categories of personal data, apart from explicit consent and significant public interest, and only if appropriate steps have been taken to protect the rights, freedoms and legitimate interests of the Job Applicant.
In connection with exercising his or her rights listed in Section 7 the Data subject may contact the Company at 1134 Budapest, Váci út 31, or by email at firstname.lastname@example.org.
7.8. Right to legal remedy
All Job Applicants shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the processing of personal data relating to him or her infringes regulations. Contact information for legal remedies and complaints:
Name: National Authority for Data Protection and Freedom of Information Address: H-1125 Budapest Szilágyi Erzsébet fasor 22/c Telephone: +36 1 391 1400 Fax: +36 1 391 1410, Email: email@example.com, Website: www.naih.hu
In addition to the above, Job Applicants may also turn to the courts.
The official text of the GDPR can be found here: https://eur-lex.europa.eu/legal-content/HU/TXT/?uri=celex%3A32016R0679
Why should you choose us?
You can improve yourself on an average of 64 hours of professional and individual training each year.
Part-time working hours and working partly from home to help you attain a healthy work-life balance.
We organise annual health screenings for our colleagues, and health insurance is part of your benefits. We also support our colleagues’ sports activities, including team sports and running races.
More than 80% of our colleagues is proud to work at KPMG.
You'll receive continuous feedback on your work and performance, and you can participate in coaching run by one of our in-house coaches.
You can dedicate three working days per year to volunteering, including centrally organised professional pro bono jobs as well as individual initiatives supported by the company.
You can test yourself in KPMG offices abroad with your secondment lasting from a few months to a few years.
When you get started you'll receive an iPhone and a laptop, and you can also use the associated employee package for private purposes up to the set limit.