PRIVACY POLICY

The website www.hypeandhyper.com (hereinafter: Website) is operated by the Hypeandhyper Nonprofit General Partnership (seat: 1027 Budapest, Kapás utca 41. III. floor 16.; company registration number: 01-03-025960; tax number: 26767464-1-41; hereinafter referred to as the Company/Service Provider) below informs the Users about the data processing on the Website and the activities performed by the Service Provider in accordance with Regulation 2016/679 of the General Data Protection Regulation of the European Parliament and the Council (hereinafter: GDPR) and provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Information Act).

This Privacy Policy applies to the process of the personal data provided by the User to the Company, as well as to all personal data collected by the Company either on the Company’s online interfaces or using ’Cookies’.

1.    Definitions

For the purposes of this Privacy Policy:

·       Personal data: any information relating to an identified or identifiable natural person (“data subject”); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

·       Data processing: any operation or set of operations on personal data or files, whether automated or non-automated, in particular by collecting, recording, organizing, storing, transforming or altering, using, querying, inspecting, transmitting, disseminating or otherwise making available, coordination or interconnection, restriction, deletion and destruction;

·       Data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

·       Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the relevant controller.

·       Destruction of data: complete physical destruction of the media containing the data;

·       Data transfer: making any data available to a specified third party;

·       Data erasure: making any data unrecognisable in a way such data may no longer be restored;

·       User: a person visiting the Website, browsing (concerned);

·       Online interface: the website operated by the Company (www.hypeandhyper.com);

1.    General Provisions

Anyone can access the Company’s website—without providing personal data—and obtain information on the website and related pages freely and without restrictions.

The service provider qualifies as a data controller for any data processing on the Website. During the provision of the Services, the service provider is also considered a data controller.

The Users are responsible for the data provided by the Users and the contents uploaded by them, therefore the Service Provider excludes its liability.

The Service Provider is entitled to unilaterally amend this privacy policy at any time. The service provider publishes the modification of the privacy policy  on the Website by displaying it in a separate menu item. Users are asked to read the privacy policy carefully every time they visit the Website.

This privacy policy is continuously available on the Website. Users may open this privacy policy on the Website, view it, print it out, save it, but may not modify it, only the Service Provider is entitled to do so.

1.     The scope of personal data managed by the Service Provider, the purpose, legal basis, method and duration of data processing

The legal bases for data processing are as follows:

(a) the voluntary consent of the user, of which the user was adequately informed, to the processing pursuant to Article 6 (1) (a) of the GDPR (hereinafter “Consent”);

b) according to Article 6 (1) (b) of the GDPR, the data processing is necessary for the implementation of a contract in which the User, as one of the parties, is concerned (hereinafter: implementation of the Contract)

(c) according to Article 6 (1) (c) of the GDPR, data processing is necessary for the fulfillment of a legal obligation to the data controller (such as the fulfillment of an accounting obligation—hereinafter: fulfillment of a legal obligation)

(d) according to Article 6 (1) (d) of the GDPR, the data processing is necessary for the protection of the vital interests of the data subject or of another natural person (hereinafter referred to as “vital interest”);

(e) in accordance with Article 6 (1) (e) of the GDPR, the data processing is necessary for the implementation of a task carried out in the public interest or in the exercise of official authority vested in the data controller (hereinafter referred to as “the public interest”);

(f) according to Article 6 (1) (f) of the GDPR, the data processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter “legitimate interest”).

1.    Inquiry for marketing purposes, data processing in case of sending a newsletter

We inform Users that we will send a newsletter to persons specifically subscribed to the newsletter. It is possible to subscribe to the newsletter on the Website by ticking the relevant checkbox and pressing a button.

People who have subscribed to the newsletter are entitled to unsubscribe from the newsletter at any time, also by clicking on the unsubscribe link at the bottom of each newsletter.

The Service Provider will no longer send a newsletter to those who have unsubscribed from the newsletter.

If your consent is withdrawn, you can re-enter your consent at any time. Consent is not a condition of using any of the Services. An e-mail address and name are required when giving consent, without which it is not possible to give consent. To withdraw consent, you must also provide an email address and name for identification purposes.

Data subject

Type of data processed

Data source

Purpose of data processing

Legal basis of data processing

Duration of data storage, time of deletion

Recipient of newsletter

Name

Affected user

Sending electronic direct marketing messages, newsletters

GDPR Article 6 (1) Point (a): consent of the person concerned 

Until consent is withdrawn.

E-mail address

Affected user

Sending electronic direct marketing messages, newsletters

GDPR Article 6 (1) Point (a): consent of the person concerned 

Until consent is withdrawn.

1.    Data processed during the automatic data collection related to the Website

Data subject

Type of data processed

Data source

Purpose of data processing

Legal basis of data processing

Duration of data storage, time of deletion

User visiting the Website

IP address, country, browser used, device and operating system type and version number, language settings, date of visit

Affected user

Compilation of statistics, Website development, User identification and recognition

GDPR Article 6 (1) Point f): data processing is necessary to pursue the legitimate interests of the data controller

2 years from visit

Website traffic data (pages viewed, time spent, clicks, openings)

Affected user

Compilation of statistics, Website development, User identification and recognition

GDPR Article 6 (1) Point f): data processing is necessary to pursue the legitimate interests of the data controller

2 years from visit

The Service Provider uses cookies and other various programs on the Website in order to get to know the needs of the Users of the Website, their behavior related to the Website and to further develop the Website based on them. The Service Provider compiles anonymous statistics on Website visits.

The above data processing is in the legitimate business interest of the Service Provider, because in this way it can further develop and make its Website more secure. The range of processed and collected data is not significant, the Service Provider uses them only anonymously to compile and analyze statistics, does not collect behavioral preferences, and automated decision-making does not take place based on them, nor does the Service Provider send personalized offers to Users. As a result, the fundamental rights and freedoms of the User are not disproportionately affected by this data processing.

For more information, see the Cookie Policy, which the User can access at the attached link: Cookie Policy.

1.    Processing job applicant data

The Service Provider handles the CV and other data submitted by the applicants for employment with the Service Provider as follows:

We would like to inform you that by sending the User’s CV and job application to the Company, the User (applicant) consents to the Company’s personal data for recruitment, job posting, contact and identification purposes, and to send messages and notifications to such contact details.

In the recruitment procedure, the Service Provider handles the personal data provided below by the data subject during the application for a specific position, as well as other personal data collected about the data subject by the Company during the recruitment process, and deletes all data simultaneously with the end of the recruitment process.

If the recruitment process is protracted and lasts for more than a year, the Company will process the personal data for a maximum of one year from the date of their submission.

However, the User also has the option to save and process this data in his/her database for future recruitment and job posting purposes, regardless of the position affected by his/her application. The Company requests a separate consent to this. If the User gives his/her consent, he/she is entitled to process his/her data for another 2 years in the Company’s database for the purpose specified in this section.

If the Company establishes an employment relationship with the User, the data processing period specified in the employee privacy policy shall govern the processing of this data, of which the Company shall inform the User at the same time as concluding the employment contract.

The legal basis of data processing is defined below, depending on the type of data, separately for each data processing purpose:

Type of data processed

Data source

Purpose of data processing

Legal basis of data processing

Curriculum vitae data (education, schools, jobs, professional experience, hobby, etc.)

Affected applicant

Recruitment Salary offer Contact Identification

GDPR Article 6 (1) Point (a): consent of the data subject

Name

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer Contact Identification

GDPR Article 6 (1) Point (a): consent of the data subject

Home address

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer Contact Identification

GDPR Article 6 (1) Point (a): consent of the data subject

Place and date of birth

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer Identification

GDPR Article 6 (1) Point (a): consent of the data subject

Nationality

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer Contact Identification

GDPR Article 6 (1) Point (a): consent of the data subject

Phone number

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer Contact Identification

GDPR Article 6 (1) Point (a): consent of the data subject

Email address

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer Contact Identification

GDPR Article 6 (1) Point (a): consent of the data subject

Photo

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer Identification

GDPR Article 6 (1) Point (a): consent of the data subject

Language skills

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer

GDPR Article 6 (1) Point (a): consent of the data subject

Publications, presentations, projects

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer Contact Identification

GDPR Article 6 (1) Point (a): consent of the data subject

References

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer

GDPR Article 6 (1) Point (a): consent of the data subject

Social media data

Affected applicant Head hunter, recruitment from CVs databases

Recruitment Salary offer

GDPR Article 6 (1) Point (a): consent of the data subject

Use of public data available on social media interfaces

In case of applying for a job advertisement, the Company can view the User’s (candidate’s) data on social media platforms, such as his/her profile on Facebook and LinkedIn, his/her activities, activities, posts, comments to judge whether the applicant is suitable for a position in a given vacancy. The Company only views data that is publicly available on social media platforms, and does not conduct research in closed groups or other non- or restricted public places. Furthermore, the Company does not save or store the applicant’s social media profiles or record them. The Company does not process sensitive or special data about the applicant based on social media profile data. The Company will only see relevant information about the job advertisement and the position to fill on the social media pages.

Granting and withdrawing consent

For the processing of personal data for the purpose set out above, the User (applicant) gives his/her voluntary consent by actively submitting his/her application for the job advertisement. You can withdraw your consent to data processing at any time by sending an e-mail to data@hypeandhyper.com with the required information: name, date of birth and e-mail address, so that the Company can identify whose data it must delete.

If your consent is revoked, all your processed data will be deleted. The obligation to delete applies to both electronic and paper-based data.

Notification of the success of the application

The applicant will be informed by e-mail after the end of the recruitment process whether the Company intends to establish an employment relationship with the applicant or not.

1.    The data controller and data processors

The data controller of the data specified in point 3 is the Service Provider:

Hypeandhyper Nonprofit General Partnership

Seat: 1027 Budapest, Kapás utca 41. III. floor 16.

Registered by the Metropolitan Court of Registry (Hungary)

Company registration number: 01-03-025960

Tax number: 26767464-1-41

Email address: hello@hypeandhyper.com

On the part of the Service Provider, the data of the User are accessed by the employees of the Service Provider in the scope that is absolutely necessary for the performance of their work. Access rights to your personal data are set out in strict internal policies.

Date processors

In order to process and store the User’s data, the Service Provider uses various companies with which it concludes a data processing contract. The following data processors process the User’s data:

Name and address of data processor

Purpose of data processing

Scope of data involved in data processing

MailChimp (675 Ponce de Leon Ave NE, Suite 5000; Atlanta, GA 30308 USA)

Newsletter sending service

(Data indicated in point III.2.

Google LLC.(USA, Google Data Protection Office, 1600 Ampitheatre Pkwy Mountain View, California 94043- Google Analytics)

Google Analytics service

(III)Data indicated in point III.2.

Hostinger International Ltd.(61 Lordou Vironos Street, 6023 Larnaca, Cyprus)

Hosting service providing

(III)Data indicated in point III.2.

Of the data processors used, all US-based data processors (Google LLC and MAilChimp) are listed in the European Commission’s GDPR Article 45 Compliance Decision and Commission Implementing Decision 2016/1260, as well as in the US-EU Privacy Shield List established thereon. That is, the transfer to this country does not constitute a transfer to a third country outside the European Union and does not require the specific consent of the data subjects, and the transfer to that country is permitted under Article 45 of the GDPR. These companies undertook to comply with the GDPR.

The Company is entitled and obliged to transfer to the competent authorities all personal data at its disposal and duly stored by it, which is required to be transferred by law or a final official obligation. The Company cannot be held liable for such data transfer and the consequences thereof. No other data transmission is performed by the Company.

1.    Privacy Policy applied by the Company

The Company respects the rights of the visitors and Users of the online interfaces operated by it as defined by law.

The personal data necessary for the use of the Company’s services is used by the Company with the consent of the data subjects and only for the intended purpose. The Company use your personal data specified in point 3 only in the manner and for the purposes specified in this Privacy Policy.

The Company, as a data controller, undertakes to transfer the data in its possession to the provisions of GDPR, and process it in accordance with the relevant other legal acts and as defined in this Privacy Policy, and they will not be transferred to third parties other than the data controllers specified in this Privacy Policy. An exception to the provision of this section is the use of data in a statistically aggregated form, which may not contain the name of the relevant User or other data suitable for identification in any form, thus it does not qualify as data processing or data transmission.

The Company may in certain cases, such as, in particular, formal court or police inquiries, legal proceedings for copyright, property or other infringements or a reasonable suspicion thereof, harm the Company’s interests, endanger the provision of its services, court or other official decisions, unless otherwise provided by law and, with the prior express consent of the User, makes the User’s available data available to third parties.

The Company will make every effort to ensure that the management and processing of Users’ data is protected in accordance with applicable law, for which purpose the Company and the Chamber operate a security system.

1.    Protection of personal data

The Company complies with its obligations under applicable data protection laws by:

·       keeping personal data up to date;

·       safely storing and destroying them;

·       not collecting or storing excessive amounts of data;

·       protecting personal data from loss, misuse, unauthorized access and disclosure, and ensuring that appropriate technical measures are in place to protect personal data.

The Company shall take appropriate technical and organizational measures to protect the User’s personal data against accidental or unlawful destruction or accidental loss and alteration, or unauthorized transmission or access, in particular when processing involves the transmission of data over a network, against all illegal forms of processing.

Accordingly, the Company applies, among other things, different levels of access rights to the data, which ensures that only persons with the appropriate rights, who need to know the data in order to fulfill their obligations arising from or related to their work, have access to the data.

1.    User rights

Pursuant to data protection legislation, the User is entitled to:

1.    request access to his/her personal data,

2. request correction of his/her personal data,

3. request the deletion of his/her personal data,

4. request restrictions on the processing of personal data,

5. protest against the processing of his/her personal data,

6. request data portability,

7.  protest against the processing of his/her personal data (including protest against profiling; and other rights related to automated decision-making),

8. withdraw his/her consent or submit a complaint to the competent supervisory authority.

a) Right of access

User has the right to receive feedback from the data controller as to whether the processing of his/her personal data is in progress and, if such data processing is in progress, to request access to his/her personal data.

User has the right to request a copy of the personal data subject to data processing. For identification purposes, the data controller may request additional information from the User or charge a reasonable fee for additional copies.

b) Right to rectification

The User is entitled to request the data controller to correct inaccurate personal data concerning the User. Depending on the purpose of the data management, the User is entitled to request that the incomplete personal data be supplemented, inter alia, by means of an additional statement.

c) Right to erasure (‘right to be forgotten’)

User has the right to request the data controller to delete his/her personal data, and the data controller is obliged to delete this personal data. In this case, the data controller cannot provide additional services to the User.

d) Right to restriction of processing

User has the right to request a restriction on the processing of his/her personal data. In this case, the controller identifies the personal data concerned, which may only be processed for certain purposes.

e) Right to protest

The user has the right to object to the processing of his/her personal data, including profiling, with the data controller at any time for reasons related to his/her situation, or he/she may request the data controller not to further process his/her personal data.

In addition, if the User’s personal data is processed by the Company or the Chamber on the basis of a legitimate interest, the User is entitled to object at any time to the processing of the relevant personal data for this purpose.

In addition, the User has the right to request human intervention in individual cases related to automated decision-making. Please note that the data controller does not use an automated decision-making mechanism.

f) Right to data portability

The user is entitled to receive the personal data provided in a structured, widely used machine-readable format (that is in digital format) and, if the transfer is technically possible, to request the transfer of this data to another data controller without would be hindered by the Company or the Chamber.

g) Right to withdraw consent

If the User’s personal data is processed on the basis of his/her consent, he/she can withdraw his/her consent at any time without giving a reason by clicking on the link in the newsletters or by changing the settings of his/her website account or mobile device. Withdrawal of consent shall not affect the lawfulness of the data processing prior to the withdrawal.

If the User withdraws his/her consent to the processing of his/her personal data by the Company and the Chamber, the Company and the Chamber may not be able to provide the requested services at all or only in part.

h) The right to submit a complaint to a supervisory authority;

If the User believes that his/her personal data has been misused, he/she may also contact the local data protection authority and submit a complaint, in particular in the Member State of his/her habitual residence, place of work or the place of the alleged infringement.

In Hungary, you can also contact the Hungarian National Authority for Data Protection and Freedom of Information: H-1125, Hungary, Budapest, Szilágyi Erzsébet fasor 22/C .; phone: + 36-1 391-1400; fax: + 36-1 391-1410; e-mail address: ugyfelszolgalat@naih.hu).

1.    Contact

If the User wishes to exercise his/her rights in connection with data protection issues or to submit a complaint, he/she may contact the Company’s designated employee by sending a letter to the e-mail address provided below. In addition, he/she may contact the Company by mail to the addresses provided below.

Email address: data@hypeandhyper.com

1.    Further provisions

In the event of a data protection incident, the Company shall, in accordance with the law, notify the supervisory authority of the data protection incident within 72 hours of becoming aware of it and shall keep records of these. In cases specified by law, it also informs the users concerned.

The data controller regularly checks its online interfaces and the information provided on them, and makes every effort to ensure that the information is up-to-date and true. However, one may find information on online interfaces that is no longer up to date. The Company assumes no financial responsibility for such information.

Visitors to the online interfaces and Users may visit other websites not operated by the Company from the Company’s online interfaces. The Company is not responsible for the accuracy of the data provided therein, for the content of the web pages, or for the security of the data provided by the visitors of the online interfaces and the Users on the online interfaces of the Company. Therefore, when using these websites, please check the privacy policies of your company.

This Privacy Policy is effective as of March 1, 2020.