Privacy and data processing policy 15 February 2025.

 

2025.02.15.

 

„We treat our partners” data in the same way that we would expect others to treat our own data."

 

Table of contents:

 

1. Principles governing the processing of personal data.

 

2. Basic terms used in our data processing information.

 

3. Data Controllers.

 

4. Registration for the newsletter.

 

5. Cookie information and Google Analytics.

 

6. Table reservations and food orders can be made using the contact details provided on the Website.

 

7. Card application and card (gift card, voucher) registration.

 

8. Conclusion of a contract for catering services.

 

9. Scope of data processed during WASABI career job advertisements.

 

10. Data processor.

 

11. Data processing security.

 

12. Your rights.

 

13. Legal remedies.

 

14. Scope of the Data Processing Notice, applicable legislation.

 

This notice will be reviewed and updated as necessary in light of changes in legislation and changes to our data.

 

Effective date: 15 February 2025

 

Introduction

 

Data processing information (hereinafter: „Data processing information”) purpose, that WSB Zrt., as the franchise and licence owner, transferor and owner and operator of the websites listed below, and the Data Controllers, as the companies listed below as franchise and licence transferees, shall provide data subjects with all information relating to the processing of personal data, in particular information on the organisational and technical measures taken to protect data and on the rights of users/data subjects and their options for enforcing their rights.

 

This information scope It applies to the business entities listed among the Data Controllers and to the natural persons covered by the data processing activities. The data processing activities set out in this notice concern the personal data of natural persons. The scope of this notice does not extend to the processing of personal data relating to legal persons, in particular businesses established as legal persons, including the name and form of the legal person and data relating to the contact details of the legal person. Legal entities include associations, business associations, cooperatives, unions and foundations.

 

Please note that we respect your rights in all cases, we recognise the provisions of this Data Processing Notice as binding on us, and we will comply with your requests within the time limits specified by law. The Data Controllers undertake to comply with the provisions of this Data Processing Notice and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as GDPR) and in accordance with the relevant legislation, as set out in this Policy:

 

– during personal contact;

 

– when sending newsletters;

 

– www.wasabi.hu, www.wasabi-hirlevel.hu, www.wasabi-etlap.hu, www.whatsrunning.hu, www.yamatorestaurant.hu, www.margarets.hu, www.kistarcsainosztalgia.hu, www.happyetterem.hu, www.doblo.hu, websites available under the domain names www.seoulhouse.hu (hereinafter: Website) during operation;

 

– WASABI Club card, Yamato card, What’s Running card, Doblo card, Margaret’s card, Nostalgia card and Happy card (hereinafter referred to as: Card) during personal and online registration;

 

– WASABI career job advertisement

 

processed data.

 

1. Principles governing the processing of personal data.

 

1.1. Principle of legality: Data Controllers process your personal data lawfully. In order for the processing of personal data to be lawful, it must be based on your consent or have some other lawful basis established by law, including the need to comply with legal obligations applicable to the Data Controller, the performance of a contract to which the data subject is party, or the implementation of pre-contractual measures requested by the data subject.

 

1.2. Principle of fair and transparent data processing: The Data Controllers shall ensure that you, as the data subject, are informed about the fact and purposes of data processing. The Data Controllers shall provide all necessary information to the data subject, taking into account the specific circumstances and context of the processing of personal data. You have the right to receive confirmation and information about the processing of your personal data.

 

1.3. Principle of purpose limitation: personal data shall be collected only for specified, explicit and legitimate purposes. Data Controllers shall not process data in a manner incompatible with the purposes set out in the Data Processing Notice. Further processing of data for statistical purposes shall not be considered incompatible with the original purpose.

 

1.4. Principle of data minimisation: When processing data, Data Controllers shall bear in mind that personal data must be adequate and relevant for the purposes of data processing and must be limited to what is necessary.

 

1.5. Principle of accuracy: Personal data must be accurate and, where necessary, kept up to date. The Data Controller shall take all reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they were processed, are erased or rectified without delay.

 

1.6. Principle of limited storage: personal data shall be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

 

1.7. Principles of integrity and confidentiality: Data controllers shall process data in such a manner as to ensure that all appropriate technical and/or organisational measures are taken to ensure adequate security of personal data and to protect against unauthorised or unlawful processing, accidental loss, destruction or damage.

 

1.8. Principle of accountability: The Data Controller is responsible for complying with the principles set out in this Privacy Policy regarding the processing of personal data, as well as for certifying that data processing complies with this Privacy Policy.

 

2. Basic terms used in our data processing information.

 

2.1. Users: readers, visitors and users of our Website, any natural or legal person or other legal entity who visits or views the Website at least once, applies for the Card on the Website or by other means (by telephone, in person, via electronic mail, etc.), registers for the newsletter or requests an offer.

 

2.2. Concerned: a natural person identified or identifiable from the personal data processed by the data controller, or a sole trader or company that has entered into a contract with the Data Controllers and whose employee has been designated to liaise with us.

 

2.3. Personal data: any information relating to an identified or identifiable natural person; on the basis of which the data subject can be identified, directly or indirectly, on the basis of one or more factors, as well as conclusions that can be drawn from this data about the data subject.

 

2.4. Data processing: any operation or set of operations performed on personal data or data files, regardless of the procedure used, in particular the collection, recording, organisation, storage, alteration, use, retrieval, disclosure, alignment or combination, blocking, erasure or destruction of data, as well as the prevention of further use of data.

 

2.5. Direct Marketing (DM) newsletter: information and advertising material sent by the data controller to the data subjects at specified intervals by post or e-mail about the products it distributes, the services it provides, any promotions, etc., to which the data subject has given their prior consent by subscribing to the newsletter.

 

2.6. Consent of the data subject: a voluntary, specific and unambiguous expression of the data subject's will, based on adequate information, by which he or she gives his or her clear and unambiguous statement, consent or agreement to the processing of personal data relating to him or her.

 

2.7. Acceptance of the privacy and data processing policy: By ticking the appropriate box (hereinafter: „checkbox”) for this purpose, the Data Subject declares that they have read, understood and accepted the provisions contained in this Privacy and Data Processing Policy.

 

2.8. Objection by the data subject: a statement by the data subject objecting to the processing of their personal data and requesting the termination of data processing and the deletion of the processed data and copies thereof.

 

2.9. Data deletion: the data controller shall render the data processed in relation to the data subject unrecognisable, as a result of which their restoration shall not be possible at a later date.

 

2.10. Data transfer: making the data available to a specific third party.

 

2.11. Data restriction: marking the data with an identifier for the purpose of restricting its further processing for a limited or specified period.

 

2.12. Data processing: performing technical tasks related to data processing operations, regardless of the method and means used to perform the operations and the location of the application, provided that the technical task is performed on the data.

 

2.13. Data processor: a natural or legal person or an organisation without legal personality who or which processes data on the basis of a contract concluded with the data controller, including contracts concluded on the basis of legal provisions.

 

2.14. Third person: a natural or legal person or an organisation without legal personality that is not the same as the Data Subject, the Data Controller or the Data Processor.

 

2.15. Special data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data for the purpose of uniquely identifying a natural person, health data, and personal data concerning a natural person's sex life or sexual orientation.

 

2.16. Other information: any data that does not fall under the categories of Personal Data and Special Data.

 

2.17. Data protection incident: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

2.18. cookies: short data files that are placed on the user's computer by the website visited by the user.

 

2.19. IP address: Unique identification number (Internet Protocol address) of computers and other devices connected to the Internet.

 

3. Data Controllers:

 

Name: WSB Catering and Service Private Limited Company 

 

Registered office: 2000 Szentendre, Rab Ráby tér 6.

 

Company registration number: 13-10-041901 

 

Tax number: 26640424-2-13.

 

Email address: wsbzrt@wasabi.hu 

 

Represented by: Dr. Béla Árpád Bródi, Chief Executive Officer 

 

Name: ABChikuma Ltd.

 

Registered office: 1095 Budapest, Mester utca 28. B. lph. 1st floor 5.

 

Company registration number: 01-09-708614

 

Tax number: 12892666-2-43

 

Email address: rendeles@wasabi.hu

 

Represented by: Szandra Kisgyőri, managing director

 

Name: Nagano Trade Ltd.

 

Registered office: 1037 Budapest, Szépvölgyi út 15.

 

Company registration number: 01-09-337983

 

Tax number: 26664189-2-41

 

Email address: wasabi@wasabi.hu

 

Represented by: Sándor György Eötvös, managing director

 

Name: Kuzama Trade Ltd..

 

Registered office: 1065 Budapest, Podmaniczky utca 21.

 

Company registration number: 01-09-333041

 

Tax number: 26576750-2-42

 

Email address: wasabi2@wasabi.hu

 

Represented by: Károly Rudolf Debreczeni, managing director

 

Name: „ZEBRA ÜZLETHÁZ Ltd.

 

Registered office: 4025 Debrecen, Piac utca 18.

 

Company registration number: 09-09-035176

 

Tax number: 12730917-2-09

 

Email address: wasabidebrecen@wasabi.hu

 

Represented by: István Tripó, managing director

 

Name: Tokomu Trade Ltd.

 

Registered office: 1124 Budapest, Németvölgyi út 91.

 

Company registration number: 01-09-333581

 

Tax number: 26586182-2-43

 

Email address: wasabimom@wasabi.hu

 

Represented by: Anna Beáta Bándy, managing director

 

Name: Minimal Design Ltd.

 

Registered office: 1051 Budapest, Hercegprímás u. 4.

 

Company registration number: 01-09-997434

 

Tax number: 14114429-2-41

 

Email address: whatsrunning@wasabi.hu

 

Represented by: László Attila Takó, managing director

 

Name: Seoul House Korean Restaurant Ltd.

 

Registered office: 1011 Budapest, Fő utca 8.

 

Company registration number: 01-09-068728

 

Tax number: 10444614-2-41

 

Email address: seouletterem@gmail.com

 

Represented by: Gyöngyi Erzsébet Eötvös, managing director

 

Name: For Sale 2002 Ltd.

 

Registered office: 1053 Budapest, Vámház körút 2.

 

Company registration number: 01-09-704842

 

Tax number: 12816840-2-41

 

Email address: forsale.etterem@gmail.com

 

Represented by: Erzsébet Kelemen-Honvéd, managing director

 

Name: Alfréd the Rabbit Ltd.

 

Registered office: 2045 Törökbálint, Pistályi út 6.

 

Company registration number: 13-09-217695

 

Tax number: 27113215-2-13

 

Email address: doblo@doblo.hu

 

Represented by: István Sallai, managing director

 

Name: FORRÓKŐ Ltd.

 

Registered office: 2143 Kistarcsa, Szabadság út 46.

 

Company registration number: 13-06-021821

 

Tax number: 24569600-2-13

 

Email address: kistarcsainosztalgia@gmail.com

 

Represented by: Katalin Gergely, managing director

 

Hereinafter collectively referred to as Data controllers.

 

Given that the purpose of certain data processing activities specified in this Notice and the method of data processing are determined jointly by the Data Controllers, WSB Zrt. and the other data controllers listed herein shall be jointly responsible for the processing of personal data. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR) Chapter IV, Section 1, Article 26 joint data controller are considered.

 

Data Protection Officer:

 

Szandra Kisgyőri

 

+36 30 825 6376

 

Our activities:

 

We are duly registered and operating Hungarian companies. We operate our services through WSB Zrt. as the legal owner and transferor of franchise and licence rights, and other Data Controllers as the transferees of franchise and licence rights.

 

Nationwide, WSB Zrt. operates the Website listed above and the associated webshop, while other Data Controllers operate the Restaurants and home delivery services. All of them are considered Data Controllers under the GDPR, in particular because they process the personal data of Website users (e.g. name, address, IP address, e-mail address), measure the use of the Website, and log visits for security reasons. When you visit the Website, the Data Controllers' internet server automatically registers the IP address and operating system type of your computer, as well as the time of your visit to the Website. During online marketing activities, they send you newsletters. If you contact us by email or via the Website in connection with a service, in particular if you book a table via the Website or request food delivery via the webshop, or if you request a quote or conclude a contract or register a Card, your personal data will be processed to the extent and for the duration necessary to provide the service in question.

 

4. Registration for the newsletter

 

Subscribing to the newsletter on the Website requires registration, during which you provide your e-mail address. We will only send advertising e-mails to this address if you have given your prior express consent. Taking into account the provisions of this information notice and after receiving appropriate information, the data subject separately consents to the Data Controllers processing their personal data necessary for sending advertising newsletters. The Data Controllers do not send unsolicited advertising messages.

 

In practice, consent means that you, as a user visiting the Website, fill in and tick the consent checkbox, and then, after registration, you will receive newsletters from us. In compliance with their legal obligations, Data Controllers maintain a database of newsletter subscribers and a blacklist of those who have unsubscribed from the newsletter.

 

4.1. Scope of data subjects:

 

Users who visit the Website and register for the Restaurant's newsletter.

 

4.2. Purpose of data processing:

 

· sending e-mail newsletters containing commercial advertising to subscribers,

 

· Accurate handling of orders or table reservations,

 

· information about current news and promotions,

 

· Storage in a database.

 

4.3. Legal basis for data processing:

 

· the voluntary, prior, informed consent of the data subject,

 

· Data controllers shall process the personal data of persons who have given their consent.

 

are required to keep records. (Section 6(5) of the Act.)

 

4.4. Scope and purpose of the data processed:

 

your name for identification purposes

 

sending you birthday greetings and reminders about discounts on your date of birth

 

your email address for sending newsletters and general communication

 

the date of registration technical operation execution.

 

Performing technical operations on the IP address used during registration.

 

4.5. Source of data: directly from the data subject, i.e. you.

 

4.6. Duration of data processing:

 

· until the user withdraws their consent, i.e. until they unsubscribe,

 

· but no longer than 24 months from the date the user last opened the newsletter.

 

4.7. Unsubscribing from the Newsletter:

 

You may unsubscribe from the newsletter free of charge, without restriction or justification. In this case, we will delete all your personal data required for sending advertising messages from our records and will not contact you with further advertising offers.

 

The consent statement may be withdrawn at any time without restriction or justification as follows, which does not affect the lawfulness of data processing prior to withdrawal:

 

· using the link at the end of our newsletter,

 

· by post: in a letter sent to the operators' registered office,

 

· electronically: by sending a message to the e-mail address info@wasabi.hu.

 

4.8. Please note that pursuant to Section 6(5) of the Grt., we keep records of the personal data of persons who have given their consent. The data recorded in this register – relating to the recipient of the advertisement, i.e. you – will only be processed in accordance with the consent form until it is withdrawn.

 

4.9. The Data Controllers shall not transfer your data to third parties; they shall store it exclusively in their own database. Your data shall be accessible only to the Data Controllers' employees engaged in marketing or sales activities.

 

5. Cookie information and Google Analytics

 

The operator of our website currently uses cookies to operate the website.

 

Our website uses Google Analytics, a web analytics service provided by Google. Google Analytics is based on internal cookies, which means that it compiles reports for data controllers based on cookies and provides information about user interactions on the website, i.e. your interactions (e.g. where you clicked and how much time you spent on each subpage). Due to the way the internet works, website operators and owners can see the IP addresses of their users when using Google Analytics. However, Google Analytics only collects the IP addresses of website users in order to protect the security of the service and to enable website owners to get an idea of where their visitors come from around the world (this is also known as „geolocation by IP”). Further information about Google cookies is available at the following link: https://www.google.com/policies/technologies/cookies Detailed information about Google's privacy policy is available at the following link: https://policies.google.com/privacy?hl=hu

 

5.1. The purpose of using Google Analytics is primarily to provide Data Controllers with information about the following:

 

· how many visitors visited our Website and how much time they spent on our Website,

 

· whether the visitor is a returning or new visitor, and it is possible to track the visitor's path through the Website and where they entered.

 

5.2. Users can prevent Google Analytics cookies from being stored by adjusting their browser settings, but this may limit the proper functioning of the Website. Users can also prevent Google from collecting and processing data about their website usage through cookies by installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu

 

5.3. Google Analytics supports three JavaScript libraries (tags) for measuring website usage: gtag.js, analytics.js, and ga.js. gtag.js and analytics.js set the following cookies:

 

cookie type cookie function duration

 

– ga – used to distinguish users, 2 years,

 

– gid – used to distinguish users, 24 hours,

 

– gat – applicable to regulating the query rate, 1 minute,

 

AMP_TOKEN contains a token that can be used to retrieve the client ID from the AMP client ID service, valid for 30 minutes to 1 year.,

 

– gac – contains campaign-related information for the user, 90 days,

 

ga.js sets the following cookies:

 

cookie type, purpose of data processing, duration of data processing,

 

– utma – used to distinguish between users and sessions. It provides information on whether the user has visited the website before, thereby determining who is a new visitor to the website. The cookie is updated every time data is sent to Google Analytics, 2 years from setting/update.,

 

– utmt – used to control the request rate, 10 minutes,

 

– utmb – used to determine new sessions/visits 30 minutes from setting/update, 

 

– utmc – worked in conjunction with the _utmb cookie to determine whether the user was in a new session/visit. Until the browser was closed,

 

– utmz – tracks where visitors came from to the website 6 months from setting/update,

 

– utmv – used to store visitor-level, individually variable data. This cookie is created when the developer uses the setCustomVar method with visitor-level, individually variable data. Two years from the date of setting/update.

 

6. Table reservations and food orders can be made using the contact details provided on the Website.

 

The telephone number and email address provided on the Website, through which you can contact the Data Controllers.

 

Table reservation: you can make a reservation by telephone, in which case our colleagues will ask for the name of the reservation, the exact date and your telephone number. If you make your reservation via the website, you will need to provide your e-mail address, to which we will send a confirmation message with the name of the reservation, the date and your telephone number.

 

Food ordering: in the webshop, you add the products you wish to order to your shopping basket, enter your e-mail address, to which you will receive a confirmation message from the relevant Data Controller with the details of your order. In order to fulfil your order, we need your name, delivery address and a telephone number where we can reach you.

 

By ticking the relevant box, you declare that you have read and understood the relevant provisions of this Data Processing Notice and accept the processing and storage of your data by the Data Controller concerned, and you register with our webshop, which also implies your consent to receive our newsletter. For options on unsubscribing from the newsletter, see section 2.7.

 

6.1. Data subjects: customers, persons initiating table reservations.

 

6.2. Purpose of data processing: to provide you with information and to fulfil your table reservation or food order requests.

 

6.3. Legal basis for data processing:

 

· voluntary, prior, informed consent,

 

· Data controllers are required to keep records of the personal data of persons who have given their consent. (Section 6(5) of the Act.)

 

6.4. Scope and purpose of the data processed:

 

your name for identification purposes

 

Your email address. Provide information

 

Your mobile phone number Providing information, quick contact

 

delivery address order fulfilment

 

6.5. Source of data: directly from the data subject, i.e. you.

 

6.6. Duration of data processing:

 

· until the user withdraws their consent.

 

6.7. Data Controllers shall not transfer your data to third parties; it shall be stored exclusively in their own databases. Your data shall only be accessible to Data Controllers' employees engaged in marketing or sales activities. If you contact us by telephone to make a table reservation, we will store your data on paper until the date of the reservation, after which the paper will be destroyed.

 

7. Card application and card (gift card, voucher) registration

 

You can find details about our services on our website. After registering in our restaurants or online, we will create a „user account” for you. In the case of personal registration, we will issue you with a card, which will contain your details in our system from that point onwards. 

 

 7.1 When using the Card, you will receive discounts and credits for your purchases as part of the Basic Services. Information about the use of the Card, discounts and credits is only available on the Website and in our restaurants.

 

7.2. In addition to the basic services, we provide the following additional services:

 

The advertisements cover our own products, goods, promotions or services.

 

If you have any questions regarding the Card, please contact our colleagues working in our restaurants, or visit our Restaurants section on the Website.

 

7.3.During prize draws, we usually raffle gift vouchers, shopping vouchers or discount vouchers. Prize draws are announced on our websites or Facebook account.

 

7.4. We use your data exclusively for the organisation and implementation of promotions, the delivery of prizes, the sending of prize notifications, maintaining contact, as well as for complaint handling, fraud detection and legal enforcement. For this purpose, we process the following personal data: first name, surname, date of birth, e-mail address.

 

7.5. Market research

 

Market research enables us to make decisions about our business model on an empirical basis. To this end, we deal with predefined areas and criteria, such as demographic developments, consumer habits and media usage. To do this, we record personal data, which we anonymise in advance to protect our customers, so that the data processing cannot be traced back to you personally.

 

 Personal data evaluation allows us to automatically examine your areas of interest. By evaluating your personal data and learning about your habits, we can offer and recommend more personalised services, offers and promotions tailored to you.

 

7.6. Within the scope of using the Card, you provide our Company with the following personal data in connection with registration and the related Basic Services:

 

  • Surname and first name
  • date of birth
  • e-mail address
  • name day (optional information)

 

After registration, we will create a card number, to which we will assign the personal data you have provided, enabling us to identify you unambiguously. 

 

7.7 If you have agreed to receive information and advertisements, we will inform you about our products, services, prize draws, customer surveys and promotions in accordance with point 1.

 

This data processing is based on Article 6(1)(a) of the General Data Protection Regulation (GDPR) and serves the purpose of receiving non-personalised advertising.

 

8. Conclusion of a contract for catering services

 

If a contract for services is concluded between us for the provision of catering services based on your request for a quote or other inquiry, and you are a sole trader or an employee of a company that has entered into a contract with us and have been designated as the contact person, your personal data will be recorded in the contract.

 

7.1. Data subjects: sole traders who have concluded a contract of engagement with the Data Controller, as well as employees designated by companies to act as contact persons.

 

7.2. Purpose of data processing: performance of the contract.

 

7.3. Legal basis for data processing:

 

· the performance of a contract to which the data subject or his or her employer is party, or the implementation of measures taken at the request of the data subject prior to entering into a contract;,

 

· compliance with legal obligations applicable to Data Controllers, such as the obligations stipulated in Act C of 2000 on Accounting.

 

7.4. Scope and purpose of the data processed:

 

your name for identification purposes

 

your mailing address information

 

Your e-mail address Information provided

 

Your mobile phone number Providing information

 

7.5. Source of data: directly from the data subject, i.e. you

 

7.6. Duration of data processing: if the Contract of Engagement between us is terminated, the data provided will be deleted after the expiry of the retention period (8 years) specified in Act C of 2000 for the last invoice issued to you. After the date of termination of the Contract of Engagement, the Data Controller concerned shall only store the data and shall not perform any data processing operations on them.

 

9. WASABI career job advertisement scope of processed data

 

9.1. On the registration page of the Website, the User has the opportunity to enter their details in order to use the services of the Website (hereinafter: Registration). During registration, the following personal details must be provided (details marked with an asterisk (*) are mandatory):

 

  1. full name*;
  2. e-mail address*;
  3. password*;
  4. telephone number*
  5. newsletter subscription

 

In the Google website link on the WASABI Career Facebook page, the allas@wasabi.hu The User may provide their data in order to apply for the advertised position by sending an email to the email address provided or in person at the Data Controller's office. The following personal data must be provided during registration (data marked with * is mandatory):

 

  1. full name*;
  2. place of residence*;
  3. date of birth*;
  4. telephone number*.
  5. Upload your CV.

 

9.2When creating a new CV, you can enter the following information:

 

  • personal details:
    • photograph;
    • address;
    • year of birth;
    • nationality;
    • no;
    • telephone number.
  • studies:
    • type of qualification, name, name of institution, date of completion;
    • IT knowledge, certification;
    • language skills: language, level, time of acquisition;
    • type of driving licence, date of issue;
    • other knowledge.
  • work experience:
    • name of the employing company;
    • job title;
    • work address;
    • period of employment;
    • job description.

 

9.3. In the User Profile, the User has the option to select the job they are looking for, which they can click on to indicate their own details and those related to the job they are looking for (job type, location, other aspects) in an e-mail message, save job advertisements, modify the data provided, delete the data except for non-mandatory data, subscribe to or unsubscribe from the newsletter.

 

9.4. The Data Subject also has the option of appearing in person at the Data Controller's restaurants or having a personal conversation with the Data Controller's advisor (hereinafter: Interview) on a paper or digital data sheet specifically designated for this purpose (hereinafter: Data sheet) provides their details, CV and requirements relating to the position to be filled so that the Data Controller can find a suitable job offer for them. When completing the Data Sheet and during the interview, only the Data Subject's data necessary for job search will be recorded. Based on the data provided on the Data Sheet and during the interview, the Data Controller also creates the Data Subject's User Profile, which may contain the data specified in the „User Profile” section, based on the Data Subject's voluntary consent.

 

9.5. During a telephone conversation with the Data Controller, the Data Subject also has the opportunity to provide their data so that the Data Controller can contact them in the future with job opportunities and send them job offers to the e-mail address they have provided.

 

  • name (surname, first name)*;
  • the town where you live;
  • telephone number;
  • e-mail address;
  • type of qualification (primary school, vocational school, etc.)
  • What type/category of work would you like? (finance, manual labour, etc.).

 

9.6. Applying for a job advertisement

 

The Data Controller processes the personal data provided in applications for job vacancies advertised by it (CV, identification data, contact details, data relating to qualifications, employment and interests) for the purpose of processing applications for job vacancies.

 

The Data Controller shall process the Data Subject's data that are relevant to the establishment, performance and termination of the employment relationship with the Data Controller in accordance with Section 10 of Act I of 2012 on the Labour Code (hereinafter: Mt.):

 

  • employee identification details:
    • name (birth name);
    • place and date of birth;
    • mother's name;
    • nationality;
    • place of residence, place of stay;
    • TAJ number, tax identification number; identity card number
    • marital status;
    • number of children, place and date of birth; tax identification number
    • bank account number;
    • photograph.
  • Data on studies and qualifications:
    • data on educational attainment;
    • data relating to professional qualifications and skills;
    • language skills.
  • employment-related data:
    • start date of employment, position held, working hours, work performed

 

place;

 

  • the date, manner and conditions of termination of employment.

 

The Data Controller shall only collect special data on the basis of the Data Subject's written consent, which is necessary for the performance of the given job. Only persons over the age of 16 are entitled to provide data.

 

  1. Purpose of data processing

 

The data controller uses the data for the following purposes in connection with the services it provides:

 

  1. During registration on the Website: the purpose of data processing is to provide the services of the Website and to create a user profile.
  2. Purpose of data processing when creating a user profile (or filling out the Data Sheet and completing the Interview)
    • managing, modifying, and deleting data stored in user profiles and CVs;
    • using the data for the purpose of applying for job advertisements, setting up job searches, saving job offers, and maintaining contact with the User, sending notifications about job offers and job opportunities that match their qualifications, aptitudes and requirements;
    • The purpose of processing the data provided when creating a CV is to enable the User to

 

the Data Controller shall contact the User with a suitable job offer, and the User shall

 

qualifications, aptitudes and

 

identifying needs;

 

  1. monitoring and promoting the professional development of the Data Subject.
  2. The purpose of data collection during telephone enquiries is to send information about job offers that match the Data Subject's qualifications and interests to the email address provided during the enquiry.
  3. Purpose of data processing when applying for a job advertisement
    • liaising with the Data Subject in relation to the specified job offer;
    • forwarding of data and CVs to employers advertising the specified job vacancies, based on the consent of the data subject;
    • selection procedure related to the job advertisement published by the Data Controller

 

conducting;

 

  1. promoting the creation and maintenance of employment;
  2. with the Data Subject's separate consent, creating a User Profile for the Data Subject, identifying the Data Subject's qualifications, aptitudes and requirements that are relevant to the employment position to be filled; forwarding job offers to the Data Subject that match their interests, qualifications, aptitudes and requirements;

 

9.8. The Data Controller shall also use the personal data provided by the User for statistical purposes, exclusively in such a way that the personal data is anonymised, so that it is no longer suitable for identification and cannot be linked to any natural person.

 

9.9. Duration of data processing

 

The Data Controller shall process personal data for the duration of the purpose of data processing, i.e. in connection with registration on the Website, in the case of User profiles, in connection with data collection during telephone enquiries, and in the case of sending Newsletters, until the User requests the deletion of their data or withdraws their consent to the processing of their personal data or to receiving Newsletters.

 

Personal data shall be deleted simultaneously with the termination of the purpose of data processing or at the request of the User without undue delay, except for data which the Data Controller is required to retain for the period specified in the legislation mandating data processing, thus, the Data Controller shall retain personal data processed in the course of establishing, fulfilment and termination of the employment relationship established with the Data Controller until the expiry of the limitation period for labour law claims arising from the employment relationship, i.e. for 3 years from the termination of the employment relationship pursuant to Section 286(1) of the Labour Code, or for a longer period if required by law.

 

When applying for a job advertisement, the Data Controller processes personal data for the duration of the purpose of data processing, i.e. in the case of a specific job offer, for the duration of the administration of the job offer, and in the case of communicating a job offer that matches the Data Subject's interest or choice, for the duration of the purpose of data processing or until the Data Subject requests the deletion of the data or withdraws their consent.

 

10. Data processors.

 

10.1. Data Controllers shall engage a data processor to perform the following data processing activities:

 

· Website operation and maintenance:

 

Name: Devwing Limited Liability Company

 

Registered office: 1165 Budapest, Hunyadvár u. 56 1/3

 

Tax number: 26499785-2-42

 

Contact: info@devwing.hu

 

· Hosting service providing IT infrastructure:

 

Name: DotRoll Ltd.

 

Headquarters: 1148 Budapest, Fogarasi út 3-5.

 

Representative: Gábor Busai

 

Contact: + 36 1 432 3232

 

Name: Devwing Limited Liability Company

 

Registered office: 1165 Budapest, Hunyadvár u. 56 1/3

 

Tax number: 26499785-2-42

 

Contact: info@devwing.hu

 

· Web analytics, email and document management, calendar, phone contacts, spreadsheet synchronisation, targeted advertising display:

 

Name: Google LLC

 

Headquarters: 1 Hacker Way, Menlo Park, California 94025

 

Representative: N/A

 

Availability: N/A

 

Website: https://www.google.com/

 

· Targeted advertising display:

 

Name: Facebook Inc.

 

Headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

 

Contact: +1 650-543-4800

 

Website: https://www.facebook.com/

 

– Card registration:

 

Netlient IT Services Limited Liability Company

 

Registered office: 2600 Vác, Háló köz 3.

 

Email address: info@ugyfelkartya.hu

 

Representative: András Szilágyi, managing director

 

· Compliance with tax and accounting obligations:

 

Five Agents Ltd.

 

Registered office: 1037 Budapest, Szépvölgyi út 23.

 

Representative: Kristóf Palotai

 

Contact: + 36 30 634 9424

 

10.2. If data processing is carried out on behalf of the Data Controller, the Data Controller shall only use data processors who provide adequate guarantees to comply with the legal requirements for data processing and to implement appropriate technical and organisational measures to protect the rights of data subjects.

 

10.3. Data Controllers reserve the right to engage additional data processors after informing the data subjects in advance, which may also be done by amending this Privacy Policy accordingly and publishing it on the Website.

 

11. Data processing security.

 

11.1. As a data controller, we take all technical and organisational measures to guarantee you an appropriate level of data security, in particular against unauthorised access, alteration, transfer, disclosure, deletion or destruction of personal data, as well as against accidental destruction and damage, and against inaccessibility resulting from changes in the technology used.

 

11.2. Together with data processors, we take measures to ensure that persons acting on our behalf who have access to your data may only process the data in accordance with the instructions of the Data Controllers, unless they are required by law to deviate from this.

 

We use data networks with appropriate firewall and password protection, but please note that no method of data transmission over the internet is completely secure or error-free. You are responsible for the security of your passwords, IDs or other special access methods, unless the damage was caused by the Data Controllers through unlawful processing of the data subject's data or a breach of data security requirements.

 

11.3. We shall take the necessary measures to protect paper-based records, particularly with regard to physical security and fire protection.

 

We securely store and protect data carriers containing personal data that we use or possess, regardless of the method of data recording, against unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage.

 

12. Your rights.

 

You have the right to request access to your personal data from the Data Controllers, to have it corrected, deleted or restricted, and to object to the processing of such personal data. The data subject also has the right to data portability and to withdraw consent at any time.

 

12.1. Your right to information

 

With this Data Processing Notice, we provide you with prior and adequate information about our data processing activities before you give your voluntary consent to data processing.

 

12.2. The data subject's right of access

 

You have the right to receive feedback on whether Data Controllers are processing your personal data.

 

At your request, we will provide you with information on the following:

 

· the data we process, the categories of personal data concerned, their source,

 

· the purpose and legal basis of data processing,

 

· the duration of data processing, the duration of personal data storage,

 

 · your right to request that we correct, delete or restrict the processing of your personal data, and to object to the processing of such personal data, your right to lodge a complaint with a supervisory authority,

 

· the data processed by the data processors used, their source, the purpose of data processing, its legal basis and the duration of data processing,

 

· the name and address of the data processor and its activities related to data processing,

 

· the circumstances and effects of any data protection incidents and the measures taken to remedy them,

 

· in the case of data transfer, the legal basis and recipient thereof.

 

We will respond to your request within a maximum of one month in accordance with the relevant provisions of the GDPR. If we refuse to provide the information, we will inform you in writing within one month of the reason for the refusal and inform you of the supervisory authority to which you can submit a complaint and your right to seek legal redress. If your request is clearly unfounded or excessive, we may refuse to provide the information or charge an administrative fee for providing it.

 

12.3. Your right to rectification:

 

You may request the Data Controllers to correct any inaccurate data and to complete any incomplete data. The Data Controllers shall take action without undue delay upon receipt of your request.

 

12.4. Right to erasure („right to be forgotten”):

 

You have the right to request that the Data Controllers delete your personal data without undue delay.

 

12.5. Your right to restrict data processing:

 

You have the right to request that the Data Controller restrict data processing, particularly in the following cases:

 

· if you dispute the accuracy of your data, for the period during which we verify it,

 

· the data processing is unlawful and you request the restriction of the use of the data instead of erasure,

 

· we no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims;,

 

· if you object to the processing of your data, for the period until it is determined whether the legitimate interest of the Data Controller takes precedence over the legitimate interest of the data subject.

 

12.6. Your right to data portability:

 

You may request that we provide you with your personal data in a structured, commonly used, machine-readable format and/or transfer it to another data controller.

 

12.7. Right to object

 

You may object to the processing of your personal data (i) if the processing of personal data is necessary solely for the fulfilment of our legal obligations or for the enforcement of our legitimate interests; (ii) if the purpose of the data processing is direct marketing, public opinion polling or scientific research; or (iii) if the data processing is carried out in the public interest.

 

We will examine the legitimacy of the objection within 15 days, and if we find the objection to be justified, we will terminate the data processing and block the personal data processed, and we will notify all those to whom the personal data affected by the objection had previously been transferred of the objection and the measures taken on the basis thereof. If you disagree with our decision, you may appeal to the court within 30 days of its notification.

 

12.8. Objection by the data subject in the case of direct marketing

 

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling, insofar as it is related to direct marketing. If you object to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for this purpose.

 

12.9. Automated decision-making in individual cases, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

 

The preceding paragraph shall not apply if the decision:

 

· it is necessary for the conclusion or performance of the contract between us;

 

· the decision is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

 

· is based on your explicit consent.

 

Please send all requests regarding the exercise of your rights set out in this Privacy Policy to the following contact details:

 

· by post: by registered letter with acknowledgement of receipt sent to the registered office of the Data Controllers,

 

· electronically: by sending a message to the email address wsbzrt@wasabi.hu.

 

13. Legal remedies.

 

13.1. Please always contact the Data Controllers first with your complaint. We are also happy to assist you at the following contact details:

 

· by post: in a letter sent to the registered office of the Data Controllers,

 

· electronically: by sending a message to the email address wsbzrt@wasabi.hu.

 

13.2. Right to appeal to the court:

 

In the event of a violation of your rights, you may take legal action against the Data Controllers. The court will hear the case as a matter of priority. The adjudication of the case falls within the jurisdiction of the court. The case may be brought before the court of your place of residence or domicile, at your discretion.

 

13.3. Data protection authority proceedings:

 

In the event of a violation of your rights, you are entitled to lodge a complaint with the National Authority for Data Protection and Freedom of Information at the following contact details:

 

Name: National Authority for Data Protection and Freedom of Information

 

Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

 

Postal address: 1530 Budapest, Pf.: 5.

 

Telephone: +36 1/391-1400

 

Fax: +36 1/391-1410

 

Email: ugyfelszolgalat@naih.hu

 

Website: http://www.naih.hu

 

14. Scope of the Data Processing Notice, applicable legislation

 

14.1. The scope of the Data Processing Notice extends to data processing on the Website and when you contact any of the Data Controllers via the Website or by other means, ask questions, including data processing necessary for the use of services available on the Website or on any website operated by the Data Controllers.

 

This Data Processing Notice shall enter into force on 1 February 2025. The provisions of the Data Processing Notice shall apply to all data subjects from the date of entry into force.

 

14.2. The Data Controllers reserve the right to modify the Data Processing Notice and the information related to the use of the Website from time to time, unilaterally and without prior notice. The Data Controllers shall ensure that the current Data Processing Notice is continuously available on the Website.

 

14.3. By accepting this Data Processing Notice, all data subjects acknowledge that the provisions of the Data Processing Notice in force on the date of data processing shall govern the processing of their personal data.

 

14.4. Data Controllers shall consider the following legislation to be particularly relevant when providing their services and processing personal data:

 

· General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

 

· Act V of 2013 – on the Civil Code (Ptk.)

 

· Act CXII of 2011 – on the right to informational self-determination and freedom of information (Infotv.)

 

· Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities (Grt.)

 

· Act CVIII of 2001 on certain issues related to electronic commerce services and information society services (Elkertv.).

 

———————- O ———————-