Log In

Don't have an account? Sign up now

Lost Password?

Sign Up

Privacy Policy

Who we are

 Our website address is: https://www.hatamoto.cloud

Comments

 When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.

 

 

On data processing in the context of recruitment and selection procedures

 

This information notice contains the information necessary for the voluntary and informed consent to the processing of the data contained in the Consent Forms.

 

1. Identity of the controller

 

On the basis of your consent, your personal data will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (EU) No. CXII of 2011 (Infotv.) and the provisions of the relevant international, European Union and other domestic legislation, in compliance with the rights of individuals, in particular the right to information self-determination, for the purposes set out in this notice:

 

Hatamoto Zrt.

Address: 1085 Mária u. 6. III/20

Tax number: 27960127-2-42, Company registration number: 01-10-142412

E-mail address: [email protected]

 

The personal data and documents provided by you as an applicant in the selection process may be known and processed by the controller’s staff involved in the selection process.

 

 

2. Purpose of processing, purpose limitation

 

2.1 Please be informed that your personal data submitted as part of your job application will be processed for the purpose of establishing an employment relationship with the controller or with any other entity, including non-resident entities, contracted with the controller, as a result of the recruitment activities carried out by the controller, including processing of selection procedures and job offers necessary for the establishment of the employment relationship, and for the same purpose by your LinkedIn. com for the same purpose and to check whether your data and application are included in the potential employer’s system (“applicant verification”).

 

2.2 Personal data may only be processed for specific purposes, for the exercise of rights and for the performance of obligations. At all stages of processing, the purpose of the processing must be fulfilled and the collection and processing of the data must be fair and lawful.

 

Only personal data that is necessary for the purpose of the processing and is adequate for the purpose shall be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose (Info tv. § 4 [1]-[2]).

 

The personal data shall retain this quality during the processing for as long as its relationship with the data subject can be re-established. The link with the data subject can be restored if the controller has the technical conditions necessary for restoration.

 

The processing must ensure that the data are accurate, complete and, where necessary for the purposes for which they are processed, kept up to date, and that the data subject can be identified only for the time necessary for the purposes for which they are processed.

 

3. Legal basis for processing (Article 6 GDPR)

 

The controller is involved in the processing of personal data both as controller and as processor.

 

3.1 The processing of personal data is lawful only if and to the extent that at least one of the following conditions is met:

 

(a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;

 

(b) the processing is necessary for the performance of a contract to which the data subject is a party or is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract;

 

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

 

(d) processing is necessary for the protection of the vital interests of the data subject or of another natural person;

 

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

 

3.2 On the basis of the above, we inform you that

 

a) your explicit consent is the legal basis for the processing and any subsequent transfer of data.

 

b) if your application includes special personal data (e.g. health condition), for the processing of which the Infotv. requires your written consent, the controller will process your special personal data only in case of your written consent. You provide your written consent to the Controller by completing and signing the Consent Forms.

 

c) Since your personal data are collected with your consent, the controller may collect your personal data in accordance with the provisions of the Infotv.

(d) your personal data may be used for statistical purposes in a non-personally identifiable way and may be disclosed for statistical purposes without your consent.

(e) where the processing of your personal data becomes necessary for purposes other than those set out in this notice, the controller will always seek your consent, giving prior information about the new purpose of the processing.

(f) the controller may, with your explicit consent given in the Consent Forms, verify the accuracy of the data and information provided in your application by contacting the third party(ies) (former employers) identified in your application with an explicit request to that effect.

(g) the controller shall only transfer personal data to third party controllers, in particular to business entities having contractual relations with the controller, for the purposes of the processing, in particular for the purposes of making a job offer, participating in a selection procedure, establishing an employment relationship and providing employment services, and for the purposes of recruitment, only on the basis of your prior request, information and consent, not including the obligation to provide data required by law. In the case of contacting you via LinkedIn.com, your consent is given on the basis of the LinkedIn privacy notice.

h) transfers to a Member State of the European Union, to another State party to the Agreement on the European Economic Area, or to a State whose

to a State to which a national of a national of the European Union and its Member States and of a State not party to the Agreement on the European Economic Area has the same legal status as a national of a State party to the Agreement on the European Economic Area shall be deemed to be a transfer within the territory of Hungary.
We will seek your explicit consent for any transfer to any other State.

4. Security of data processing

Please be informed that the controller ensures the security of the data processed and takes all reasonable and necessary technical and organisational measures to protect the personal data you have provided, in particular against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage and inaccessibility resulting from changes in the technology used. In the case of a transfer, the controller shall require the body receiving the data to provide an adequate level of security for the processing and to process the data only for the purposes specified in the transfer.

 

5. Duration of processing

As regards the duration of the processing, the controller will process your personal data, submitted CVs, job applications and other documents attached to job applications until your consent is withdrawn due to potential future job opportunities.

You may withdraw your consent to the processing at any time, as described in section 6.4, in which case the Data Controller will delete your CV, job application and all your personal data from the system. In the absence of withdrawal, the period of processing shall be the period specified above.

If you withdraw your consent to the processing or request the deletion of your data and the selection process has not yet been completed (vacancy not yet filled), you accept that your withdrawal will also terminate the procedure for the assessment of your application.

If you withdraw your consent to data processing or request the deletion of your data and you have previously consented to the further processing of your CV, your request for deletion or your withdrawal of consent will also terminate the storage of your CV for this purpose.

 

6. Fundamental rights relating to data management

6.1 Right to information

In accordance with Article 13 of the GDPR, the controller shall provide the data subject with information about the processing.

In particular, the controller shall provide the following information:

a.) the data subject’s data

b.) the legal basis for processing the data
c.) the purposes for which the data are being processed
d.) the recipients of the data

(e) the duration of the processing or the criteria for determining the duration of the processing

f.) profiling

g.) the fact and circumstances of automated decision-making

6.2 Right of access

Pursuant to Article 15 of the GDPR, the data subject has the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and relevant information.

 

6.3 Right to rectification

The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification by the controller of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.

6.4 Right to erasure (“right to be forgotten”)

6.4.1 In addition to the right to erasure, we will always ensure the possibility of withdrawing consent to data processing. If the processing is based on another legal basis, the removal of the processing is not guaranteed.

The data subject has the right to obtain from the controller the erasure of personal data relating to him or her without undue delay and the controller is obliged to erase personal data relating to him or her without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;

(c) the data subject objects to the processing on the basis of Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or the data subject objects to the processing on the basis of Article 21(2);

(d) the personal data have been unlawfully processed;

(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
(f) the personal data have been collected for the purpose of processing in relation to a child in accordance with Article 8 of the GDPR

(f) the processing of personal data relating to a data subject has been carried out in connection with the provision of information society services referred to in Article 8(1) of Regulation (EC) No 835/2001.

 

6.4.2 If the controller has disclosed the personal data and is required to delete it pursuant to paragraph 6.4.1, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that have processed the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.

6.4.3 Paragraphs 6.4.1 and 6.4.2 do not apply where the processing is necessary:

(a) for the exercise of the right to freedom of expression and information;

(b) to comply with an obligation under Union or Member State law to which the controller is subject to which requires the processing of personal data or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) on grounds of public interest in the field of public health;

(d) for archiving purposes in the public interest in accordance with Article 89(1) of the GDPR, scientific

historical research or statistical purposes, where the right referred to in paragraph 1 would be likely to render impossible or seriously impair such processing; or

(e) for the establishment, exercise or defence of legal claims.

6.5 Right to restriction of processing

6.5.1 The data subject shall have the right to obtain from the controller, at his or her request, the restriction of processing where one of the following conditions is met:

(a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;

(c) the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or

(d) the data subject has objected to the processing pursuant to Article 21(1) of the GDPR, in which case the restriction shall apply for a period of time until it is determined whether the controller’s legitimate grounds override those of the data subject.

6.5.2 Where processing is subject to restriction pursuant to paragraph 6.5.1, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the European Union or of a Member State.

6.5.3 The controller shall inform in advance the data subject at whose request it has restricted processing pursuant to paragraph 6.5.1 of the lifting of the restriction of processing.

6.6 Obligation to notify the rectification or erasure of personal data or the restriction of processing

The controller shall inform all recipients to whom or with whom it has disclosed the personal data of any rectification, erasure or restriction of processing under the GDPR, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject, at his or her request, of these recipients.

6.7 Right to data portability

In the cases provided for by the GDPR, the data subject has the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which he or she has provided the personal data.

Where technically feasible – The data subject may request the direct transfer of personal data between controllers.

 

6.8 Right to object

6.8.1 The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data, including profiling based on the aforementioned provisions, in the following cases:

(a) processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(b) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child

In the event of an objection, the controller may no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

6.8.2 Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.

6.8.3 If the data subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes.

6.9 Right of redress

The right of redress and how to exercise it is set out in point 9 of this notice

 

7. Enforcement of rights in relation to data management

7.1 Please be informed that in order to ensure that your personal data are up-to-date, accurate and authentic, you may request the rectification or erasure of your personal data at any time during the period of processing, without giving any reason, in accordance with the provisions of the Information Act, by sending a written request to [email protected] or by post to the headquarters of the data controller (Hatamoto Zrt – 1085, Budapest Mária utca 6.).

7.2 During the period of processing, you may at any time request information on all facts relating to the processing of your personal data, in particular on the purpose and legal basis of the processing, the person who is authorised to process and process the data, the duration of the processing, who may access the data, and if the processing is carried out for the purpose of complying with a legal obligation or for the purposes of the legitimate interests of the controller or a third party. The controller shall comply with this request within 30 days of receipt of the request. In any case, access to and modification of the data you have provided shall be free of charge.

7.3 In addition to the information provided in this notice, you may request information from the controller about the data processed by the controller or by a processor on its behalf, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the processor and the activities of the processor in relation to the processing, and, in the case of transfer of your personal data, the legal basis and the recipient of the transfer.
The controller shall provide the information in an intelligible form without undue delay and at the latest within 30 days of the submission of the request. The controller may refuse to provide the information only in the cases provided for by the applicable legislation, in which case it shall inform you of the reasons for the refusal and of the possibility of judicial remedy or recourse to the National Authority for Data Protection and Freedom of Information.

7.4 If your personal data is not accurate, you may request the controller to correct it or, if accurate personal data is available, the controller will correct the personal data and inform you accordingly.

7.5 The controller shall delete the personal data processed if:

– The processing is unlawful;

– If the processing is unlawful;

– The personal data is incomplete or inaccurate and this incompleteness cannot be lawfully remedied, provided that erasure is not excluded by law;

– The purpose for which the data is processed has ceased to exist or the time limit for its processing as set out in this notice has expired,

– It has been ordered by a court or the National Authority for Data Protection and Freedom of Information.

7.6 Instead of deletion, the controller shall block the data if you request this or if, on the basis of the information available to it, it is likely that deletion would harm your legitimate interests. Blocked personal data may be processed only for as long as the processing purpose which precluded the deletion of the personal data persists. In the case of blocked personal data, access will be restricted to the extent reasonably necessary.

7.7 The controller shall, by appropriate technical means, mark the personal data which it processes where the data subject contests the accuracy or correctness of the personal data but the inaccuracy or incorrectness of the contested personal data cannot be clearly established.

7.8 The rectification, blocking, marking and erasure shall be notified to the data subject and to all those to whom the data were previously disclosed for processing. Notification may be omitted if this does not harm the legitimate interests of the data subject having regard to the purposes of the processing.

7.9 If the controller does not comply with the data subject’s request for rectification, blocking or erasure, it shall, within 30 days of receipt of the request, communicate in writing the factual and legal grounds for refusing the request for rectification, blocking or erasure. In the event of refusal of a request for rectification, erasure or blocking, the controller shall inform the data subject of the possibility of judicial remedy and of recourse to the Authority.

 

8. Data breach handling

8.1 We will notify a data breach to the competent supervisory authority without delay and, if possible, no later than 72 hours after the data breach has come to our attention, unless the data breach is unlikely to pose a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, the reason for the delay will be sent with the notification.

8.2 The notification of a personal data breach shall include:

(a) the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects and the categories and approximate number of data subjects affected by the breach;

(b) the name and contact details of the person responsible for taking action on the notification;

(c) the likely consequences of the data breach;

(d) the measures taken or envisaged by the Data Controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.

8.3 We will keep records and a database of data breaches. The person responsible for data protection shall ensure that the records are kept up to date.

8.4 If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform the data subject of the personal data breach without undue delay, in particular with regard to points 8.2 b), c), d).

8.5 The data subject need not be informed if any of the following conditions are met:

(a) the controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular measures, such as the use of encryption, which render the data unintelligible to persons not authorised to access the personal data;
(b) the controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;

(c) disclosure would require a disproportionate effort. In such cases, the data subjects will be informed by means of publicly disclosed information or by other similar means.

9. Remedy

9.1 The data subject may object to the processing of his personal data if

a) the processing or transmission of personal data is necessary solely for the fulfillment of the legal obligation of the data controller, or for the enforcement of the legitimate interests of the data controller, data recipients or third parties, unless the data processing is ordered by law;

b) personal data is used or forwarded for the purpose of direct business acquisition, public opinion polls or scientific research;

c) in other cases defined by law.

9.2 The data controller examines the objection as soon as possible, but no later than 15 days after the submission of the application, makes a decision on its validity, and informs the applicant of his decision in writing.

9.3 If the data controller determines that the data subject’s protest is well-founded, it will terminate the data management, including further data collection and data transmission, and lock the data, as well as notify all those to whom the personal data affected by the protest was previously transmitted about the protest and the measures taken based on it. and who are obliged to take measures to enforce the right to protest.

9.4. If the data subject does not agree with the decision made by the data controller, he may appeal to the court within 30 days of its notification. The court acts out of order.

9.5. The National Data Protection and

Freedom of information You can live with an authority:

National Data Protection and Freedom of Information Authority 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, PO Box: 5.
Telephone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: [email protected]

9.6 During judicial enforcement (Info tv. § 22, GDPR Article 12 (4)), the data controller is obliged to prove that the data management complies with the provisions of the law. The data recipient is obliged to prove the legality of the data transmission.


The adjudication of the lawsuit falls within the jurisdiction of the court. According to the choice of the person concerned, the lawsuit can also be initiated before the court of the place of residence or residence of the person concerned.

A person who otherwise does not have legal capacity can be a party to the lawsuit. The Authority may intervene in the lawsuit in order to win the case for the person concerned.

If the court approves the request, it obliges the data controller to provide information, correct, block, delete the data, annul the decision made by automated data processing, take into account the data subject’s right to protest, and release the data requested by the data recipient.

If the court rejects the data recipient’s request, the data controller is obliged to delete the data subject’s personal data within 3 days from the notification of the judgment. The data manager is obliged to delete the data even if the data recipient does not apply to the court within the specified deadline.

The court may order the publication of its judgment – by publishing the identification data of the data controller – if it is required by the interests of data protection and the protected rights of a larger number of stakeholders.

9.7. Compensation and damages (Info tv. § 23)

9.7.1 If the data controller causes damage to another person by illegally handling the data subject’s data or by violating data security requirements, he is obliged to compensate it.

9.7.2. If the data controller violates the data subject’s right to privacy by illegally handling the data subject’s data or violating data security requirements, the data subject may demand damages from the data controller.

9.7.3. The data controller is liable to the data subject for the damage caused by the data processor, and the data controller is also obliged to pay the data subject the damages due in the event of a privacy violation caused by the data processor. The data controller shall be released from responsibility for the damage caused and from the obligation to pay compensation if it proves that the damage or the violation of the privacy rights of the data subject was caused by an unavoidable cause outside the scope of data management.

9.7.4. The damage does not have to be compensated and no compensation can be claimed if the damage resulted from the intentional or grossly negligent behavior of the injured party or the violation of the right to privacy.

 

10. Governing laws

Regarding matters not regulated in these regulations, in particular, the following legislation shall govern:

– CXII of 2011. Act – on the right to self-determination of information and freedom of information (hereinafter: Infotv.)

– CVIII of 2001 Act – on certain issues of electronic commercial services and services related to the information society (mainly § 13/A)

– XLVII of 2008 law – on the prohibition of unfair commercial practices towards consumers;
– XLVIII of 2008 Act – on the basic conditions and certain limitations of economic advertising activity

(especially § 6)

– 2005 XC. Act on Electronic Freedom of Information

– Act C of 2003 on electronic communication (specifically § 155.a)

– 16/2011. s. Opinion on the EASA/IAB Recommendation on Best Practices for Behavioral Online Advertising

 

11. Amendment

The data controller reserves the right to modify the contents of this information. In the event of a change, we will inform you in advance in writing or by e-mail, and we will publish a notice of the change and the effective version of the information on our website. We will send you information about the amendment in good time so that, if you wish, you can object to the further processing of your personal data before the amendments take effect and initiate the deletion of your personal data.

When submitting your application materials, you also declare that you have read and accepted this information.

 

11.1 Storage of data subject data, data security measures

The data concerned is stored based on the security rules defined in the Quality Management System, IT Security regulations and other data and document management regulations of the data controller and the data processors, which in this case mean the storage of the data at the location of the data controller or data processor on a protected IT network. In the case of paper-based storage, the data carriers were placed in a closed place, accessible only by competent persons according to their job duties.

 

11.2 Responsibility of the data controller

The data controller is responsible for the damage caused by violating the provisions of the GDPR. The data manager is exempt from liability if he proves that he is not responsible in any way for the event that caused the damage.