Privacy Notice for Visitors and Users Submitting Job Applications or Resumes on the http://www.sightspot.hu Website
Dear Applicant, Visitor,
Before honoring us with your trust by sending us your job application or resume, or even just visiting our website, please familiarize yourself with our current Privacy Policy.
The Data Controller is fully committed to complying with the legal requirements related to the handling of personal data, particularly those set out in Regulation (EU) 2016/679 of the European Parliament and the Council.
This Privacy Policy has been prepared based on Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and taking into account the contents of Act CXII of 2011, which concerns the right to informational self-determination and freedom of information.
Data Controller Information
Name / Company Name: SIGHTSPOT NETWORK Kft.
Registered Office: 4032 Debrecen, Vágóhíd u. 2. 2nd floor, 6th door
Tax Number: 23972188-2-09
Website Name and Address: www.sightspot.hu
Privacy Policy Availability: On the above website and in paper form at the Data Controller’s registered office.
Contact Details of the Data Controller
Name / Company Name: SIGHTSPOT NETWORK Kft.
Registered Office: 4032 Debrecen, Vágóhíd u. 2. 2nd floor, 6th door
Mailing Address: 4032 Debrecen, Vágóhíd u. 2. 2nd floor, 6th door
Email: info@sightspot.hu
Phone: 06-20-404-9355
Definitions
- GDPR: General Data Protection Regulation, the new Data Protection Regulation of the European Union;
- Data Processing: Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
- Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller;
- Personal Data: Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
- Data Controller: A natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- Data Subject's Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them;
- Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
- Recipient: A natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- Third Party: A natural or legal person, public authority, agency, or body other than the data subject, data controller, data processor, and persons who, under the direct authority of the data controller or data processor, are authorized to process personal data.
Principles of Data Processing
The Data Controller declares that it processes personal data according to the provisions of this Privacy Policy and adheres to the relevant legal requirements, paying special attention to the following:
- Personal data must be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
- Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
- Personal data must be accurate and, where necessary, kept up to date; inaccurate personal data must be erased or rectified without delay.
- Personal data must be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes.
- Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
- The principles of data protection shall apply to any information relating to an identified or identifiable natural person.
Job Offers and Resumes
The Data Controller operates a job offers page on the website, handling the data of registered individuals applying for job offers for the purpose of providing information about the company's current, available job offers. Applicants can upload their resumes and related information on the job offers page. The purpose of data processing is to manage and record job applications and resumes submitted for advertised job offers, for the purpose of recruiting and selecting personnel.
During the job application process on the website, after providing personal data, users can familiarize themselves with the current Privacy Policy by checking an empty checkbox accompanied by the following text:
"By ticking the checkbox – based on Article 6(1)(a) of the General Data Protection Regulation (GDPR), as well as Article 7 – I consent to the processing of my personal data provided now according to the GDPR and the conditions of the Data Controller's Privacy Policy. I acknowledge that according to Article 7(3) of the GDPR, I can withdraw my consent at any time."
Submitted job applications and resumes are considered voluntary consent to the data processing described in this policy, thus the legal basis for data processing is the application for the job and the data subject's consent.
The scope of data subjects involved in the data processing are individuals who apply for job offers on the website. The personal data provided during the job application process includes name, address, email address, phone number, and in the case of uploaded resumes, data related to the resume owner's identity, previous and current jobs, skills, qualifications, professional experience, expertise, and language skills.
The data subject consents to the processing of their photo included in the resume by uploading the resume.
Use of email addresses: The Data Controller pays special attention to the lawful use of email addresses it processes, using them only as specified below. Email addresses are primarily processed for the purpose of identifying the data subject and contacting them regarding the job application.
The Data Subject explicitly consents to the Data Controller handling the uploaded resume, the data contained therein, and the email address in such a way that if the Data Subject would be suitable for another job based on the content of the resume, the Data Controller or its agents may contact the Data Subject regarding this matter. The Data Controller is authorized to contact the Data Subject based on the uploaded resume and provided email address.
The duration of data processing shall be until the withdrawal of the applicant's consent, but no longer than the shortest possible time from the receipt of the resume, up to a maximum of 1 year (based on the principle of purpose limitation). The processed data will be used exclusively during the recruitment and selection process to determine whether the candidate is suitable for a particular position. The applicant may withdraw consent for the storage of the resume at any time, using any of the contact details provided in the Data Security and Privacy Policy or this Privacy Notice.
The data subject may withdraw their consent for data processing at any time, but this does not affect the legality of data processing based on consent before its withdrawal.
In case of withdrawal, the Data Controller notifies the Job Applicant with the following message:
"I declare that the deletion of personal data provided during the application process on the website has been completed at [date, time] according to Article 17(1) and Article 19 of the General Data Protection Regulation (GDPR)."
The duration of data processing always depends on the specific user purpose, but the data must be deleted immediately if the originally intended purpose has been fulfilled. If there are no legal obstacles to deletion, the data will be deleted. Data will be deleted upon the withdrawal of consent for data processing.
The modification or deletion of personal data can be initiated by email, phone, or letter using any of the contact details provided above.
If the data subject requests the deletion of only specific personal data, such as an email address, the Data Controller will use the following wording:
"I declare that the deletion of the personal data you requested to be deleted, such as the email address something@something.com, was completed at [date, time] according to Article 17(1) and Article 19 of the General Data Protection Regulation (GDPR)."
The authorization to access personal data, including submitted job applications and resumes, is limited to employees of SIGHTSPOT NETWORK Kft. who are authorized to do so.
SIGHTSPOT NETWORK Kft. does not disclose the received job applications and resumes to any third parties for statistical or other purposes, nor does it make the known data public. Any information regarding the evaluation of submitted job applications and resumes is provided exclusively to the data subject upon their request.
Data Storage Method: Electronic. SIGHTSPOT NETWORK Kft. pays special attention to the secure storage and safekeeping of received job applications and resumes. The electronic database is protected with passwords and appropriate access levels to prevent unauthorized access, modification, disclosure, deletion, or destruction.
Consent for processing personal data can be withdrawn at info@sightspot.hu. You have the right to withdraw your consent for the processing of your personal data by the data controller at any time. However, this does not affect the legality of processing your personal data before the withdrawal of consent.
Scope of Processed Data and Purpose
Name: Identification, communication
Address: Identification, communication
Email: Identification, communication
Phone: Identification, communication
Resume upload, job application: Identification, communication, application, recruitment, selection
Registration time: Technical information operation.
IP address: Technical information operation.
The user can give consent for data processing by deliberately ticking an empty checkbox explicitly provided for this purpose on the website.
As a data subject, you have the right to object to the processing of your personal data, in accordance with the data processing information detailed above and the legal procedures outlined in this Privacy Notice and the regulations mentioned herein.
The data subject has the right to request access to, correction, deletion, or restriction of processing of their personal data from the data controller, and to object to the processing of such personal data, as well as the right to data portability.
The data subject has the right to lodge a complaint with the supervisory authority.
If the data subject wishes to enjoy the benefits of registration, i.e., to use the services of the website, providing the requested personal data is necessary. The data subject is not obliged to provide personal data, and the lack of providing data does not result in any disadvantage for the data subject.
The data subject is entitled to request the data controller to rectify or supplement inaccurate personal data concerning them without undue delay.
The data subject is entitled to request the data controller to delete inaccurate personal data concerning them without undue delay, and the data controller is obliged to delete such personal data without undue delay, provided there is no other legal basis for processing.
Cookies
The website does not store cookies.
Social Media
Social media is a media tool where messages are disseminated through social users. Social media uses the internet and online presence opportunities to turn users from content recipients into content editors.
Social media includes platforms where user-generated content can be found, such as Facebook, Google+, Twitter, Pinterest, etc.
Social media appearances can take the form of public speeches, presentations, product or service descriptions.
The forms of information appearing on social media can be forums, blog posts, images, videos, audio files, message boards, email messages, etc.
Accordingly, the range of data processed, in addition to personal data, may include the user's public profile picture.
Affected Parties: All registered users.
Purpose of Data Collection: To promote the website or its related web pages.
Legal Basis for Data Processing: The voluntary consent of the data subject.
Duration of Data Processing: As per the regulations visible on the respective social media platform.
Deadline for Data Deletion: As per the regulations visible on the respective social media platform.
Authorized to Access Data: As per the regulations visible on the respective social media platform.
Rights Related to Data Processing: As per the regulations visible on the respective social media platform.
Method of Data Storage: Electronic.
It is important to consider that when a user uploads or submits any personal data, they give worldwide permission to the social media platform operator to store and use such content.
Therefore, it is very important to ensure that the user has full authorization to disclose the published information.
Google Analytics
Our website does not use Google Analytics.
Data Processors
Hosting service provider:
Name / Company Name: SIGHTSPOT NETWORK Kft.
Registered Office: 4034 Debrecen, Vágóhíd u. 2. Building 6, 2nd Floor
Phone: 06-20-404-9355
Email: info@sightspot.hu
The data provided by you is stored on the server operated by the hosting service provider. Only our employees and the employees operating the server have access to the data, and they are all responsible for the secure handling of the data.
Activity Description: Hosting service, server service.
Purpose of Data Processing: To ensure the operation of the website.
Processed Data: Personal data provided by the data subject.
Duration of Data Processing and Deletion Deadline: Data processing is until the end of the website's operation, or according to the contractual agreement between the website operator and the hosting service provider. The data subject can also request the deletion of their data by contacting the hosting service provider if necessary.
Legal Basis for Data Processing: The data subject's consent or data processing based on law.
Rights Related to Data
Processing Right to Request Information:
You can request information from us through the provided contact details about what data our company processes, on what legal basis, for what data processing purpose, from what source, and for how long. Upon your request, we will provide information to the email address you provided, without undue delay, but no later than within 30 days.
Right to Rectification:
You can request us to modify any of your data through the provided contact details. We will take action upon your request without undue delay, but no later than within 30 days, and inform you via the email address you provided.
Right to Erasure:
You can request the deletion of your data through the provided contact details. We will do so upon your request without undue delay, but no later than within 30 days, and inform you via the email address you provided.
Right to Restriction:
You can request the restriction of your data through the provided contact details. The restriction will last as long as necessary for the reason indicated by you for the storage of the data. We will take action upon your request without undue delay, but no later than within 30 days, and inform you via the email address you provided.
Right to Object:
You can object to data processing through the provided contact details. We will examine the objection within the shortest possible time, but no later than 15 days from the submission of the request, make a decision on its validity, and inform you of the decision via email.
Legal Recourse Related to Data Processing
In case of unlawful data processing, notify our company so that we can restore legal status within a short time. We will do everything in our power to resolve the outlined problem.
If, in your opinion, the legal status cannot be restored, notify the authority at the following contact details:
National Authority for Data Protection and Freedom of Information
Mailing Address: 1363 Budapest, Pf. 9.
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat (at) naih.hu
URL: https://naih.hu
The Data Controller does not verify the personal data provided. The accuracy, authenticity, and validity of the provided data are the sole responsibility of the person providing it. By providing their email address, the data subject takes responsibility for ensuring that only they have access to the email address provided.
Protection of Minors:
The information on our website is not intended for minors. During our data processing, we do not collect data on individuals under the age of 18.
The Data Controller reserves the right to unilaterally modify this Privacy Notice at any time, by notifying the data subjects in advance on the info@sightspot.hu website.
Legal Basis for Data Processing
- Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
- Act LXVI of 1995 on the Protection of Public Documents, Public Archives, and Private Archival Material.
- Government Decree 335/2005 (XII. 29.) on the General Requirements for Record Management of Bodies Performing Public Tasks.
- Act CVIII of 2001 on Electronic Commerce Services and Certain Issues Related to Information Society Services.
- Act C of 2003 on Electronic Communications.