Privacy policy

RÁBALUX ZRT. PRIVACY POLICY

Regarding the processing of personal data related to job applications

Last updated: November 8, 2024

  1. Definitions

Data Processor: Any natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Data Controller.

Data Processing: Any operation or set of operations performed on Personal Data or data sets, whether automated or not, such as collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.

Restriction of Data Processing: Marking stored Personal Data to limit future processing.

Data Controller: A natural or legal person, public authority, agency, or other body that determines the purposes and means of Personal Data processing, either alone or jointly with others.

Data Breach: A security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored, or otherwise processed.

Pseudonymization: Processing of Personal Data in such a way that it can no longer be attributed to a specific Data Subject without additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure non-attribution to an identified or identifiable natural person.

Consent of the Data Subject: A freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they signify agreement to the processing of their Personal Data.

Identifiable Natural Person: A natural person who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Recipient: Any natural or legal person, public authority, agency, or other body to whom or which the Personal Data is disclosed.

Data Subject: An identified or identifiable natural person whose Personal Data is processed.

Third Party: Any natural or legal person, public authority, agency, or other body other than the Data Subject, Data Controller, Data Processor, or persons authorized to process Personal Data under the direct authority of the Data Controller or Data Processor.

Special Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic and biometric data for uniquely identifying a natural person; data concerning health; or data concerning a natural person’s sex life or sexual orientation.

Personal Data: Any information relating to an identified or identifiable natural person (Data Subject).

 

  1. Data Controller

Data Controller: Rábalux Zrt.

Headquarters: 9027 Győr, Körtefa utca 5.

Mailing Address: 9027 Győr, Körtefa utca 5.

Represented by: Kálmán Zsolt Baksa, CEO

Email: info@rabalux.com

 

  1. Personal Data Processed

Name of Data Processing

Purpose of Data Processing

Legal Basis for Processing

Categories of Data Processed

Duration of Processing

Job application submission, phone interview, and preliminary screening

To contact you as an applicant for arranging interviews or personal meetings and assess your suitability for the advertised position.

GDPR Article 6(1)(b) – Necessary for steps taken prior to entering into a contract upon the Data Subject’s request.

Name, contact details (phone number, email), and any personal data provided during the application process (e.g., CV data).

Until the evaluation of the application, but no longer than 6 months from submission. With consent, the CV may be retained until withdrawal of consent.

 

  1. Recipients of Personal Data

The Data Controller does not transfer Personal Data to third parties. However, it may receive your contact details through job advertisement platforms. In such cases, the platform operator will initially contact you, and their privacy policy applies to their data processing activities.

The Data Controller strives to assist you in obtaining detailed information about your Personal Data processing in such cases. Should you find the platform’s privacy practices inadequate, please contact us via the details provided in Section 2.

 

  1. Data Security Measures

The Data Controller evaluates risks related to its data processing activities in its internal Data Protection Policy, assessing them based on severity and likelihood. Necessary authorization management, internal organization, and technical solutions are implemented to prevent unauthorized access, alteration, or destruction of data. These requirements are enforced with Data Processors as well.

Records of data breaches are maintained, and incidents are reported when necessary.

The Data Controller employs password protection for its computers and intrusion prevention for its IT devices. Servers are stored in secure, climate-controlled areas with regulated access.

  1. Data Subject Rights

You have the right to request information about your Personal Data processed by us via post, email, or telephone.

Upon request, we will inform you of:

  • The Personal Data processed;
  • The purposes of processing;
  • The legal basis for processing;
  • The duration of processing;
  • Who has received or will receive the data and for what purposes.

We will respond within one month in writing, electronically, or on paper.

You may request:

  • The correction or deletion of inaccurate data;
  • Restriction of data processing under specified conditions;
  • A machine-readable format of your data for transfer to another controller.

Requests will be addressed as promptly as possible, but within one month. If necessary, recipients of data will also be informed.

Should you wish to withdraw your consent for data processing, you may do so by contacting us using the details provided in this notice.

Visually impaired or elderly individuals may request the notice in a Word format or large print.

Complaints can be lodged with the National Authority for Data Protection and Freedom of Information (NAIH):

Address: 1055 Budapest, Falk Miksa utca 9-11

Website: www.naih.hu

Phone: +36 (1) 391-1400

Email: ugyfelszolgalat@naih.hu

Or you may seek remedies before a competent court under Act CXXX of 2016 on Civil Procedure. Details of competent courts are available at https://birosag.hu/birosag-kereso.

For further assistance, contact the Data Controller using the details in Section 2.

Rábalux Zrt.

Data Controller

Back to the previous page
The website uses cookies
Our website uses cookies to ensure optimal operation, enhance user experience, and for website maintenance. Essential cookies guarantee the proper functioning of the website, while other cookies assist in generating visitor statistics (statistical cookies) and displaying targeted advertisements (marketing cookies). By clicking the "Settings" button, you can customize your cookie preferences. By clicking the "Accept all" button, you consent to the use of all cookies. By clicking the "Reject all" button, you prohibit the use of statistical and marketing cookies. For further information, please read our Privacy Policy.
ElfogadomBeállítások