PRIVACY NOTICE

for candidates and recruiters


Effective from 18 March 2021

This Privacy Notice is intended to provide information about the privacy practice followed and applied by BlackBelt Technology Ltd. and BlackBelt Holding Plc. (BlackBelt) as joint data controllers when processing the data of candidates and recruiters.

Taking into account the fact that BlackBelt Holding Plc. and BlackBelt Technology Ltd. jointly determine the purpose and method of data processing, BlackBelt Technology Ltd. and BlackBelt Holding Plc. (hereinafter collectively: Data Controller or BlackBelt) shall, in accordance with REGULATION (EU) 2016/679 of the European Parliament, be deemed joint data controllers.

Please read this Notice carefully before providing your data and sending your CV.

BlackBelt is committed to fully respecting the privacy rights of its partners and processing their data in accordance with the provisions of Act CXII of 2011 (hereinafter: Privacy Act) on Informational Self-Determination and Freedom of Information and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

By sending us your CV and application form, you accept the Privacy Notice of BlackBelt. You declare that you have understood and acknowledged the information contained herein, that you have provided your data on a voluntary basis, and that you expressly consent to the processing of your data in accordance with this Privacy Notice.

For the purposes of this Privacy Notice, "CV" shall mean the User's CV and motivational letter, as well as the uploaded references and other documents and the entire content thereof.

The Data Controller shall not assume liability for any special data disclosed to it (e.g. in the CV) without the Data Controller's express request, so please do not provide such data unless you are expressly requested to do so. You may provide references (e.g. from a former employer). In this case, it is your duty and responsibility to obtain the consent of the person indicated as a reference to be contacted.

By applying, you give us your consent to be contacted via any of the contact details you have provided.

The Data Controller’s details and contact details

The name of the Data Controller

BlackBelt Technology Ltd.

BlackBelt Holding Plc.

Registered office

16 Ganz street, 1027 Budapest Residence 2 office building, 3rd floor

Central telephone number

+36 1 611 0462

E-mail

info@blackbelt.hu; dataprotection@blackbelt.hu

Website

www.blackbelt.hu

Based on a joint controller agreement, the Data Controllers appoint Róbert Sövegjártó as the contact person for the data subjects.

Data collection

The Data Controller collects data primarily from the Data Subjects. The data may be collected via the Website, the promotional material published by the Data Controller, an order sheet or via personal contact or a telephone call by the Data Controller’s employee.

The purpose and duration of data processing

In the case of candidates:

In accordance with the preferences specified and addressing specific positions, contacting / notifying / informing the candidates about job opportunities and recommending them to our clients.

A personalised service provided to the candidates, the registration of candidates, the targeted display of job offers, ensuring the quality of the search service, storing CVs for applications for potential later positions (CV web hosting service), sending job newsletters.

The duration of data processing during the registration, for 2 years from the last activity in connection with the candidate (e.g. from the last job application); or until the termination of the registration in any other way, including the candidate’s request to erase their data. The Data Subject has a right to withdraw their consent at any time.

In the case of the recruiter:

Sending a message requires a name and an e-mail address; we process these data for the purposes of making contact, and - in case of express consent - for newsletter subscription. This option can be enabled by ticking a dedicated checkbox.

BlackBelt shall process the data collected for making contact until the purpose of data collection is fulfilled, that is, the purpose of the message (the question to be answered) can be deemed met, but not longer than for 1 year of sending the message.

In the case of subscribing for the newsletter, the data shall be processed until unsubscription.

The authenticity and accuracy of the personal data shall be the sole responsibility of the candidate.

The legal basis for data processing

In the case of candidates:

The Data Subject’s personal data are mainly processed based on their voluntary consent, as well as legitimate interests. The Data Subject’s consent is given by providing their data and accepting the Privacy Notice.

In the case of the recruiter:

The Data Subject’s voluntary consent is given by providing their data, selecting the checkbox and accepting the Privacy Notice.

In case the Data Subject concludes a contract with the Data Controller, the Data Subject’s consent shall be given in accordance with the provisions of Section 6 (4) of the Privacy Act to the processing of all the personal data specified in the contract necessary to perform the contract.

The scope of the data processed

In the case of candidates:

Data provided in the CV (generally):

Name, photo, date of birth, telephone number, e-mail address, former employers, education, skills, qualifications, hobbies, personal assessment.

In the case of the recruiter:

Data provided by you: name, e-mail address, telephone number potentially provided in the description.

The potential consequences of failure to provide data

Providing your data ensures you will receive the right service, as well as the possibility of making contact with you.  Without providing your data, it is not possible.

Data transfer

In the case of candidates:

We can only transfer the CVs of our candidates to our partners after consulting them personally or on the phone. In case we transfer the data to other partners, for other positions, we inform the candidate in advance thereof, and they can object to the data transfer via a message sent to the Data Controller.

Engaging a data processor, data transfer to third (non-EU) countries

    • The Data Controller shall be entitled to engage a Data Processor to perform its duties. Data processors shall not make any independent decisions; they are only entitled to act upon the instructions given. The Data Controller inspects the work done by the data processors. The data processors may only engage sub-processors with the Data Controller’s approval.

In the case of candidates:

  • Recruitee BV (Keizersgracht 313 1016 EE Amsterdam, the Netherlands)
  • HUBSPOT CRM system (HubSpot Ireland Limited (One Dockland Central, Guild Street, Dublin 1, Ireland) HubSpot Inc. 25 First Street, Cambridge, MA 02141 USA

    • In the case of recruiters:

  • HUBSPOT CRM system (HubSpot Ireland Limited (One Dockland Central, Guild Street, Dublin 1, Ireland) HubSpot Inc. 25 First Street, Cambridge, MA 02141 USA

Automated decision-making

The processing does not involve any automated decision-making.

Access to the data and data security measures

Access to the data and data transfer 

The personal data provided by the Data Subject can be accessed by the Data Controller’s employees for the purpose of performing their duties. This includes, in particular, staff engaged in HR, especially in recruiting, in order to enable administration. Sales colleagues, when making recommendations to clients (in order to organise and perform the service). Besides, the legal representative, in case it is absolutely vital. 

The Data Controller may only disclose the personal data to government agencies in exceptional cases. Such cases are, for example, court proceedings initiated against the Data Subject, when the competent court may require the documents containing the Data Subject’s personal data to be disclosed; or the police contacting the Data Controller to request transfer of the documents containing the Data Subject’s personal data for the purposes of an investigation.

While performing their duties, the Data Controller’s employees shall make sure that the personal data are stored in a manner which prevents unauthorised access, modification and destruction. 

Data security measures

The Data Controller shall implement any necessary technical and organisational measures and appropriate procedures in order to ensure the security of the personal data during processing.

    • The Data Controller shall select and operate the IT tools used for data processing with a view to
  • make the data processed accessible only to authorised personnel (availability);
  • ensure the authenticity and the authentication of the data processed (authenticity of data processing);
  • be able to verify the integrity of the data processed (data integrity);
  • protect the data processed against unauthorised access (data confidentiality).

The Data Controller shall take appropriate measures to protect the personal data against accidental or unlawful destruction, loss, alteration, damage, unauthorised disclosure or access; restrict access to the personal data by specifying levels of authorisation; protect the IT systems with a firewall and ensure virus protection; make sure that during the electronic data processing, the data are only accessible for specific purposes, under controlled circumstances and only by persons who need such access to perform their duties; in order to protect the data sets processed electronically in its various records, use appropriate technical solutions to make sure that the data stored cannot be directly linked and assigned to the Data Subject, unless permitted by law.

The rights of the Data Subjects and the enforcement thereof

The Data Subject has a right to request the Data Controller to ensure access to, rectify, erase or restrict the processing of, the personal data, and to object to processing their personal data.

Also, the Data Subject has a right to request provision of complete and detailed information about data processing.

Furthermore, the Data Subject shall also have the right to receive his or her personal data in a structured, commonly used and machine-readable format upon request, as well as to have the personal data transferred to another data controller. The Data Controller shall fulfil these requests within 1 month. The detailed content of Data Subjects' rights and the detailed conditions of their enforcement are set out in the Privacy Policy.

In the case of data processing based on Article 6 (1) of the GDPR, the consent may be withdrawn at any time, which shall not affect the lawfulness of the data processing carried out before withdrawal on the basis of the consent.

The right to legal remedy

    • In case the Data Subject finds that BlackBelt has violated any legal provisions on data processing while processing their personal data, the Data Subject may 
  • lodge a complaint with the representative of BlackBelt at info@blackbelt.hu or dataprotection@blackbelt.hu-email or via mail, requesting to stop the unlawful processing, or
  • lodge a complaint with the Authority (National Authority for Data Protection and Freedom of Information, address: 9-11 Falk Miksa utca, 1055 Budapest, e-mail: ugyfelszolgalat@naih.huhonlap: www.naih.hu), or
  • decide to turn to court.

In this case, the Data Subject can freely decide whether to institute legal proceedings with a court with competence either according to their place of permanent or temporary residence or the registered office of BlackBelt.

We appreciate it if you turn to us first with your complaint so we can investigate and address it as soon as possible.