Privacy Policy

Effective: 29 April 2026 · Last modified: 29 April 2026

1. Data Controller Details

The Data Controller is not required to appoint a Data Protection Officer (DPO) under Article 37 of the GDPR. Data protection enquiries may be directed to the contact details above.

2. Definitions and Legal Basis

This Privacy Policy has been prepared in accordance with the following legislation:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR);
• Hungarian Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information;
• Hungarian Act I of 2012 — the Labour Code;
• Government Decree 118/2001 (VI. 30.) on the conditions for registration and operation of private employment agencies.

Personal data: any information relating to an identified or identifiable natural person.

Data subject: the natural person whose personal data is processed (e.g. a job seeker or a visitor who submits a contact form).

Processing: any operation performed on personal data (collection, recording, storage, use, deletion, etc.).

3. Data Processing Principles

The Data Controller applies the following principles when processing personal data:

• Lawfulness, fairness and transparency: processing is always lawful and transparent to the data subject.
• Purpose limitation: data is collected for specified, explicit and legitimate purposes only.
• Data minimisation: only data strictly necessary for the stated purpose is processed.
• Accuracy: data is kept accurate and up to date where necessary.
• Storage limitation: data is retained only for as long as necessary for the stated purpose.
• Integrity and confidentiality: data security is ensured through appropriate technical and organisational measures.

4. Data Processing Activities

4.1. Contact Form

Data processed	Name, email address, company name (optional), message content, IP address, time of submission
Purpose	Responding to enquiries, providing information, making contact
Legal basis	GDPR Art. 6(1)(b) — pre-contractual measures; and/or Art. 6(1)(f) — legitimate interests of the Data Controller
Retention period	Up to 2 years after the matter is closed, or earlier deletion upon request
Recipients	Employees of the Data Controller; hosting provider where necessary

4.2. Job Application

Data processed	Name, email address, phone number, CV content (education, experience, skills), cover letter, position applied for
Purpose	Processing the application, evaluating the candidate, contact during selection, connecting with the client employer
Legal basis	GDPR Art. 6(1)(a) — consent; Art. 6(1)(b) — pre-contractual measures
Retention period	Up to 3 years after the position is filled or application withdrawn — longer with separate consent for future positions
Recipients	Employees of the Data Controller; the client employer only with explicit consent

Important: candidate data is only shared with the client employer with the data subject's explicit consent, which may be withdrawn at any time.

4.3. Accounting Obligations

Data processed	Billing name, address, tax number, contact details
Purpose	Compliance with accounting and tax regulations
Legal basis	GDPR Art. 6(1)(c) — legal obligation
Retention period	8 years from the date of issue of the document

4.4. Technical Server Logging

Data processed	IP address, browser type and version, operating system, time of visit, pages viewed
Purpose	Ensuring secure and uninterrupted website operation, fault diagnostics, prevention of abuse
Legal basis	GDPR Art. 6(1)(f) — legitimate interests
Retention period	Maximum 30 days

5. Data Processors

The Data Controller uses data processors for certain tasks. Processors act solely on the instructions of the Data Controller.

5.1. Hosting Provider

5.2. Bot Protection (Google reCAPTCHA)

We use Google reCAPTCHA v3 to protect the contact form against automated abuse. Google analyses the visitor's IP address and browsing patterns to filter out bots.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy policy: policies.google.com/privacy

5.3. Web Analytics (Google Analytics 4)

To anonymously measure website traffic and user behaviour, we use Google Analytics 4. This service is activated only if the visitor consents to analytics cookies via the cookie banner. Google processes the visitor's IP address in anonymised form (last octet stripped) and does not link it with data from other Google services.

Provider: Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Tracking ID: G-LGJPM4KMLZ
Privacy policy: policies.google.com/privacy
Data transfer: Google primarily processes data within the European Economic Area, but some operations may transfer data to the USA under the EU-US Data Privacy Framework.

6. Use of Cookies

The website may place small data files (cookies) on visitors' devices to ensure proper functionality. Analytics cookies are placed only with the visitor's explicit consent.

Cookie type	Purpose	Lifetime	Legal basis
Session cookies	Basic website functionality (e.g. form state)	Until browser is closed	Legitimate interest
Language preference	Remembers your preferred language	30 days	Legitimate interest
reCAPTCHA cookies (Google)	Bot protection on application and contact forms	Up to 6 months	Legitimate interest
cc_consent	Stores your cookie preferences (analytics on/off)	1 year	Legitimate interest
_ga, _ga_LGJPM4KMLZ (Google Analytics)	Anonymous traffic measurement and behaviour analysis	Up to 2 years (13 months since last visit)	Consent

Necessary cookies are based on legitimate interest (GDPR Art. 6(1)(f)) and do not require separate consent. Analytics cookies (Google Analytics) are placed only after the visitor explicitly consents via the cookie banner (GDPR Art. 6(1)(a)). Consent may be withdrawn at any time using the "Cookies" button at the bottom of the page, or by clearing cookies in the browser settings.

7. Rights of the Data Subject

Under the GDPR, you have the following rights:

• Right to information — You may request information about what data we hold about you, for what purpose, and for how long.
• Right of access — You may request a copy of your personal data.
• Right to rectification — We will correct any inaccurate data upon request.
• Right to erasure — You may request deletion of your data in certain circumstances.
• Right to restriction — You may request that processing of your data be restricted under certain conditions.
• Right to data portability — You may request your data in a machine-readable format.
• Right to object — You may object to processing based on legitimate interests.
• Right to withdraw consent — You may withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise your rights, contact us at info@munkakozvetito.hu. We will respond within 30 days.

8. Data Security Measures

• Encrypted (HTTPS) connection between the website and visitors;
• Access control: personal data is accessible only to authorised employees;
• Regular data backups;
• Firewall and virus protection;
• Strong passwords and two-factor authentication for critical systems;
• Regular data protection training for employees;
• Data breach notification in accordance with GDPR Articles 33–34.

9. Legal Remedies

If you believe your data is being processed unlawfully, you may:

• Contact us directly at info@munkakozvetito.hu.
• Lodge a complaint with the supervisory authority:

  Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
  Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
  Phone: +36 1 391 1400
  Email: ugyfelszolgalat@naih.hu
  Website: naih.hu

• Seek judicial remedy before the competent court at your place of residence.

10. Changes to this Policy

We reserve the right to amend this Privacy Policy. Notice will be published on the website at least 8 days before changes take effect. Previous versions are available upon request.

This Privacy Policy takes effect on 29 April 2026.