TechGenius Recruitment Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (hereinafter referred to as the „Data Controller”) attaches great importance to the protection of personal data and is committed to ensuring that its data processing activities comply with Regulation (EU) 2016/679 of the European Parliament and of the Council („GDPR”) and the applicable Hungarian and European Union data protection legislation.

The purpose of this Privacy Notice is to explain to data subjects in a transparent, detailed and comprehensible manner what personal data are processed by the Data Controller, for what purposes, on what legal basis, for what period, under what technical and organisational measures, and what rights data subjects have.

Data of the controller

Company name: TechGenius Recruitment Trade and Service Provider Limited Liability
Company
Head office: 6724 Szeged, Pulz utca 46. B. ép. 67671 Puszcza Str., Bols.
Company registration number: 06-09-030660
Tax number: 32872787-2-06
E-mail: info@techgenius.hu

The Data Controller shall in any case keep personal data confidential and shall take all reasonable technical, organisational, IT and administrative measures to ensure their security, integrity, availability and confidentiality.

Principles of data management

The Data Controller only processes personal data that are necessary, relevant and proportionate for the purposes of the processing. In processing the data, the Controller shall act in accordance with the principles of data minimisation, purpose limitation, accuracy, limited storage, integrity and confidentiality.

The Data Controller shall endeavour to ensure that access to the personal data of data subjects is restricted to those persons who need it for the performance of their official duties or contractual obligations.

Scope of personal data processed

As a result of recruitment and selection activities, the Data Controller may process different types of personal data. This includes, in particular, data provided during the contact process, such as name, telephone number, email address, LinkedIn profile, place of residence or domicile, as well as data contained in CVs, cover letters or other application documents.

The Data Controller may also process data relating to the professional experience, education, language skills, technological knowledge, skills, competences, salary requirements, availability, work preferences, references, portfolio, qualifications, certificates and other information relevant to the position or professional cooperation of the data subject.

As a general rule, the Controller does not process sensitive personal data, including in particular health data, political opinions, religious or philosophical beliefs, trade union membership or biometric data. If, in exceptional cases, it is nevertheless necessary to process such data, it will do so only to the extent necessary and only if required by law, with the explicit consent of the data subject or on any other appropriate legal basis.

Purpose of the processing

The primary purpose of data processing is to ensure an efficient and professionally sound recruitment and selection process, to establish a relationship between candidates and the contracting partners and to ensure an appropriate professional fit.

The Data Controller processes personal data in order to assess the professional suitability of the data subject, to contact him or her in connection with current or future job opportunities, to manage information generated during the selection process and to ensure professional communication between candidates and partners.

Data processing may also include the registration of the data subject in a database, talent pool management, inquiries about future professional opportunities, customer communication, service development, statistical and administrative purposes, and to document and ensure the traceability of recruitment processes.

LinkedIn and direct professional enquiries

The Data Controller may also use publicly available professional databases and platforms, in particular the LinkedIn network, for the purpose of identifying potential candidates and professional contacts on the basis of its legitimate interest.

The Data Controller shall apply a balancing of interests test in this activity to ensure that the processing does not result in a disproportionate impact on the rights and freedoms of data subjects.

Professionals so identified may be contacted directly by the Data Controller in relation to relevant professional opportunities or collaborations. The data subject shall have the right to object to such requests at any time.

LinkedIn and direct contact

The Data Controller may also use publicly available professional databases and platforms, in particular the LinkedIn network, for the purpose of identifying potential candidates and professional contacts on the basis of its legitimate interest.

The Data Controller shall apply a balancing of interests test in this activity to ensure that the processing does not result in a disproportionate impact on the rights and freedoms of data subjects.

Professionals so identified may be contacted directly by the Data Controller in relation to relevant professional opportunities or collaborations. The data subject shall have the right to object to such requests at any time.

Legal basis for processing

The processing of personal data is based primarily on the consent of the data subject, in particular for the purposes of database registration, future enquiries and talent pool management.

Some processing activities may also be based on the performance of a contract or the taking of steps prior to the performance of a contract, for example, when applying for a specific job.

In certain cases, the legal basis for processing may be the legitimate interest of the Data Controller, in particular with regard to professional contacts, business development, the operation of recruitment services, the documentation of communications and the maintenance of service security.

In all cases, the Controller shall ensure that the processing has an adequate legal basis and that the rights of the data subjects are adequately protected.

 

Consent and its justification

The Data Controller is entitled to store and retain information on the consent in order to be able to verify the data subject's consent, if necessary.

In this context, the Data Controller may process the time, method, source, IP address used by the data subject, as well as the technical log data of the consent.

Duration of processing

The Data Controller shall keep the personal data only for the necessary period.

Personal data relating to job applications, contact and recruitment processes will be processed by the Data Controller, as a general rule, for a maximum of 3 years from the date of consent or from the last interaction with the data subject.

The purpose of data retention is to enable the Data Controller to contact the data subject in the future about relevant professional, employment or business opportunities.

After the expiry of the data retention period, the Data Controller shall delete, anonymise or otherwise destroy the data in an irreversible manner, unless a longer retention period is required by law.

The Data Controller is entitled to request a new consent from the data subject before the expiry of the data retention period in order to continue to process the personal data for recruitment and talent pool purposes.

Data transmission to contracting partners

During the recruitment and selection process, the Data Controller may, with the data subject's knowledge, after prior consultation or communication, only to the extent necessary, transfer the data subject's personal data, CV, professional profile and related documents to its contracting partners, clients or potential employers.

The sole purpose of the data transfer is to assess the professional suitability of the candidate and to carry out the selection process for the position in question.

In no case will the Data Controller sell, transfer for marketing purposes or use the personal data for purposes other than recruitment.

Data processors and external service providers

The Data Controller may use various data processors and external service providers in the operation of its services.

These service providers may include in particular:

  • Providers of ATS and recruitment systems, including in particular Zoho Recruit;
  • cloud hosting providers;
  • IT and systems management service providers;
  • e-mail and communication service providers;
  • video interview and online meeting platforms;
  • document management and administration systems;
  • administrative and automation tools supporting artificial intelligence.

In all cases, the Data Controller shall ensure, through appropriate contractual and technical safeguards, that the processors process personal data confidentially, securely and in accordance with the applicable law.

International data transmission

The Data Controller may transfer personal data to a country outside the European Economic Area (EEA), in particular in the case of cooperation with international customers, partners or service providers.

In such cases, the Data Controller shall take all necessary measures to ensure that the transfer is subject to appropriate safeguards, including in particular the application of Standard Contractual Clauses adopted by the European Commission.

Automated processes and AI use

The Data Controller may also use partially automated and artificial intelligence assisted technologies in order to operate recruitment processes more efficiently.

In particular, these technologies are designed to support candidate pre-screening, analyse professional relevance, support referral processes, automate administrative tasks and improve recruitment efficiency.

In any case, such AI-based or automated tools will only have a decision-support role and will not result in solely automated decision-making with legal effects on the data subject. All final recruitment and selection decisions are made by a human decision-maker with appropriate professional authority.

References and background checks

For certain positions, the Data Controller may also carry out a professional reference check or other background check processes.

In such cases, the Data Controller shall in all cases inform the data subject in advance and shall only contact persons specified or approved by the data subject.

Rights of data subjects

Data subjects have the right to request information about the processing of their personal data, to request access to the data processed about them, to request their rectification, erasure or restriction of processing.

Data subjects also have the right to data portability, the right to object to processing and the right to withdraw their consent at any time without giving reasons.

The data subject may also request that he or she is not contacted by the Data Controller in the future with job offers or job vacancies.

The withdrawal of consent does not affect the lawfulness of the processing prior to the withdrawal.

The data subject may also request not to be contacted with job offers in the future, in which case the Data Controller will process the data solely for the purpose of recording this request.

Remedies

If the data subject believes that the processing of his or her personal data violates the applicable data protection laws, he or she has the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) or to initiate legal proceedings.

At the same time, the Data Controller shall endeavour to resolve any questions or complaints regarding data management directly, promptly and efficiently as a matter of priority.

The data subject may also request not to be contacted with job offers in the future, in which case the Data Controller will process the data solely for the purpose of recording this request.

Data security

The Controller shall implement appropriate technical and organisational measures to protect personal data, in particular to prevent unauthorised access, loss, destruction, alteration, disclosure or transmission.

The Data Controller regularly reviews and improves its security measures to ensure that personal data are protected at a level appropriate to technological developments and current risks.

Withdrawal of consent

The data subject has the right to withdraw his or her consent at any time without giving reasons.

The request for withdrawal shall be sent by the data subject to info@techgenius.hu by e-mail or by post to TechGenius Recruitment Kft., 6724 Szeged, Pulz utca 46. door 1.

The Controller shall take the necessary measures without undue delay upon receipt of the request for withdrawal.

If the data subject has any questions regarding the processing of personal data, he or she may contact the Data Controller using the contact details provided on the website.

Cookies and online tracking technologies

The Data Controller's website and online recruitment systems may use cookies, analytics and other online tracking technologies to improve the user experience, provide statistical analysis, ensure system security and support marketing activities.

The technologies used may include in particular Google Analytics, LinkedIn Insight Tag, Meta Pixel or other similar services.

The Data Controller may provide detailed information on the use and management of such technologies in a separate cookie notice.

 

Amendments to the privacy notice

The Data Controller reserves the right to amend this Privacy Notice.

Any changes will take effect upon publication on the website.

Contact

If the data subject has any questions regarding the processing of personal data, the Data Controller is available through the contact details above.