Privacy Policy

This privacy policy applies to the storage and handling of data related to test completion and evaluation, voluntarily provided by users on the centura.hu website, as well as on centura.eu and its subpages. Data is managed by Centura Személyzeti Tanácsadó, Alkalmasságvizsgáló és Humáninformatikai Kft., 1027 Budapest, Fazekas u. 10., hereinafter referred to as the Data Controller. Data processing is performed by Centura Személyzeti Tanácsadó, Alkalmasságvizsgáló és Humáninformatikai Kft., 1027 Budapest, Fazekas u. 20., Tax number: 11713579-2-41, hereinafter referred to as the Data Processor. Purpose of data management: The Data Controller uses the personal data in its possession to provide online access and to examine the job suitability of prospective or current employees.

Relevant Legislation

The Data Controller undertakes to conduct its activities in accordance with the laws in force at all times. These, at the time of publication of this document, are as follows:

• Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter: Electronic Commerce Act).
• Act XLVIII of 2008on the basic conditions and certain restrictions of commercial advertising activities (hereinafter: Commercial Advertising Act).
• Act CXII of 2011 on the right of informational self-determination and freedom of information. The current status of the legislation is available at net.jogtar.hu.
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Definitions

Based on Section 3 of Act CXII of 2011:

1. data subject: any specific natural person identified or identifiable - directly or indirectly - on the basis of personaldata;
2. personal data: data that can be associated with the data subject - in particular, the data subject's name, identificationmark, and knowledge characteristic of one or more of their physical, physiological, mental, economic, cultural, or social identities - as well as conclusions about the data subject that can be drawn from the data;
3. special data: personal data relating to racial origin, belonging to a national or ethnic minority, political opinion or party affiliation, religious or other ideological beliefs, membership of a trade union organization, or sexual life; personal data relating to health status, pathological addiction, and criminal personal data;
4. criminal personal data: personal data related to a criminal offense or criminal proceedings, generated during or before criminal proceedings by authorities authorized to conduct criminal proceedings or investigate crimes, and by the penal enforcement organization, and related to the data subject, as well as personal data related to criminal records;
5. data of public interest: information or knowledge recorded in any way or form, not falling under the definition of personal data, held by a body or person performing state or local government tasks, as well as other public tasks defined by law, and relatedto their activities or arising in connection with the performance of their public tasks, regardless of the method of handling, whether independent or collective, including in particular assessments of competence, jurisdiction, organizational structure, professional activity and its effectiveness, the types of data held and the legislation governing operations, as well as data on management and concluded contracts;
6. data made public in the public interest: any data not falling under the definition of data of public interest, the disclosure, accessibility or availability of which is ordered by law in the public interest;
7. consent: the voluntary and definite expression of the data subject's will, based on adequate information, with which they give their unambiguous consent to the processing of their personal data - in full or for specific operations;
8. objection: the data subject's statement objecting to the processing of their personal data and requesting the termination of data processing and the deletionof processed data;
9. data controller: a natural or legal person or organization without legal personality that, independently or jointly with others, determines the purpose of data processing, makes and executes decisions related to data processing (including the used device), or has them executed by a data processor commissioned by them;
10. data processing: any operation or set of operations performed on data, regardless of the procedure used, including in particular collection, recording, organization, storage, modification, use, retrieval, transmission, disclosure, alignment or combination, blocking, deletion and destruction, as well as preventing further use of data, taking photographs, audio or video recordings, and recording physical characteristics suitablefor identification (e.g., fingerprints or palm prints, DNA samples, iris images);
11. data transmission: making data accessible to a specific third party;
12. disclosure: making data accessible to anyone;
13. data deletion: making data unrecognizable in such a way that its restoration is no longer possible;
14. data marking: providing data with an identification mark for the purpose of distinguishing it;
15. data blocking: providing data with an identification mark for the purpose of permanently or temporarily restricting its further processing;
16. data destruction: complete physical destruction of the data carrier containing the data;
17. data processing: performing technical tasks related to data processing operations, regardless of the method and device used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;
18. data processor: a natural orlegal person or organization without legal personality that processes data under a contract with the data controller - including contracts under legal provisions;
19. data controller: a public authority that produces publicly available data of public interest to be published electronically, or in whose operation this data is generated;
20. data provider: a public authority that publishes data provided to it by the data controller on a website, if the data controller does not publish the data themselves;
21. data file: the totality of data managed in one register;
22. third party: any natural or legal person or organization without legal personality that is not the data subject, the data controller, or the data processor;
23. EEA state: a member state of the European Union and another state party to the Agreement on the European Economic Area, and a state whose citizen enjoys the same legal status as a citizen of a state party to the Agreement on the European Economic Area under an international treaty between the European Union and its memberstates and a non-EEA state;
24. third country: any state that is not an EEA state.

Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), based on Article 4:

• 'consent' of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
• 'personal data breach': a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwiseprocessed.

Scope of Processed Data

• Name or identifier
• Gender
• Email address
• Phone number
• Date of consent
• Data and results of test completion

Data Management Principles During Data Processing by Centura Ltd.

Personal data can be processed if:

• the data subject consents to it, or
• it is ordered by law or, under authorization by law, by a regulation of a local government within the scope defined therein.

The consent of the legal representative of an incapacitated and partially incapacitated minor - with an age not lower than 13, according to Article 8(1) of the GDPR - is required, except for service parts where the statement aims at mass registrations occurring in everyday life and does not require special consideration. Personal data can only be processed for a specific purpose, to exercise rights and fulfill obligations. Data processing must comply with this purpose at every stage. Only personal data that is essential for the realization of the data processing purpose, suitable for achieving the purpose, and only to the extent and for the time necessary to achieve the purpose can be processed. Personal data can only be processed with informed consent. The data subject must be informed - clearly, comprehensibly and in detail - about all facts related to the processing of their data, including in particular the purpose and legal basis of data processing, the person authorized for dataprocessing and data processing, the duration of data processing, and who can access the data. The information must also cover the data subject's rights and remedies related to data processing.

• their collection and processing are fair and lawful;
• they are accurate, complete and, if necessary, up-to-date;
• their storage method is suitable for identifying the data subject only for the time necessary for the purpose of storage.

Personal Data Processed on centura.hu and centura.eu, Purpose and Duration of Data Processing

• Data Controller: Centura Személyzeti Tanácsadó, Alkalmasságvizsgáló és Humáninformatikai Kft.
• Data Processing Name: Select! system administrators and test takers
• Purpose of Data Processing: Examination of job suitability of test takers, provision of access for administrators
• Legal Basis of Data Processing: Voluntary consent of the data subject (Section 5(1) a) of Act CXII of 2011)
• Place of Actual Data Processing: Data center of T-Systems Magyarország Zrt.
• Automation of Data Processing: Machine-based
• Data Retention and Deletion Deadline: One year from the consent
• Scope of Data Subjects: Candidates invited to take the test; administrators using the Select! system
• Data of the Data Controller, Contact Information:
  • Name: Centura Személyzeti Tanácsadó, Alkalmasságvizsgáló és Humáninformatikai Kft.
  • Address: 1027 Budapest, Fazekas u. 20.
  • Company Registration Number: 01-09-931267
  • Name of the Registering Court: Metropolitan Court
  • Tax Number: 11713579-2-41
  • Email: info@centura.hu
  • Contact information of the Data Protection Officer electronically: info@centura.hu

Legal Remedy

(A) Information

The data subject may request information about the processing of their personal data, and may request the rectification or, except for data processing ordered by law, the deletion of their personal data in the manner indicated when the data was collected. At the data subject's request, the data controller provides information about the data it manages, the purpose, legal basis and duration of the data processing, the name and address (registered office) of the data processor and its activities related to the data processing, as well as who and for what purpose receive or have received the data. The data controller provides the information in writing, in an understandable form, within the shortest possible time, but no later than 30 days from the submission of the request. This information is free of charge if the requester has not submitted a request for information on the same area to the data controller in the current year. In other cases, the data controller may charge a fee.

(B) Rectification

The data subject may request the rectification or updating of their data. The data controller notifies the data subject and all those to whom the data was previously transmitted for data processing purposes of the rectification. The notification is omitted if it does not violate the legitimate interest of the data subject, considering the purpose of the data processing.

(C) Restriction of Data Processing

The data subject may request the restriction of data processing, i.e., they may specify which data controllers should not have access to their data. The data controller notifies the data subject and all those to whom the data was previously transmitted for data processing purposes of the restriction of data processing. The notification is omitted if it does not violate the legitimate interest of the data subject, considering the purpose of the data processing.

(D) Deletion of Data

The data controller deletes personal data if its processing is unlawful, the data subject requests it, the purpose of the data processing has ceased, or the statutory deadline for storing the data has expired, or it has been ordered by a court or the data protection commissioner. The data controller notifies the data subject and all those to whom the data was previously transmitted for data processing purposes of the deletion. The notification is omitted if it does not violate the legitimate interest of the data subject, considering the purpose of the data processing.

(E) Portability

The data subject may request the portability of their data in a structured, widely used, machine-readable format.

(F) Objection

The data subject may object to the processing of their personal data if:

• the processing (transmission) of personal data is necessary exclusively for the enforcement of the right or legitimateinterest of the data controller or the data recipient, unless the data processing is ordered by law;
• the use or transmission of personal data is for direct marketing, public opinion polling, or scientific research purposes;
• the right to object is otherwise permitted by law.

The data controller – while suspending the data processing – examines the objection within the shortest possible time, but no later than 15 days from the submission of the request, and informs the requester in writing of its result. If the objection is justified, the data controller terminates the data processing – including further data collection and transmission – and blocks the data, and notifies all those to whom the personal data affected by the objection was previously transmitted and who are obliged to take measures to enforce the right to object of the objection and the measures taken based on it. If the data subject does not agree with the decision made by the data controller, they may appeal to a court within 30 days of its communication. The data controller may not delete the data subject's data if the data processing is ordered by law. However, the data may not be transmitted to the data recipient if the data controller has agreed with the objection or the court has established the legitimacy of the objection. In case of violation of their rights, the data subject may appeal to a court against the data controller. The court shall proceed with the case as a matter of priority.

Legal remedies and complaints can be made to the National Authority for Data Protection and Freedom of Information or its successor (designated supervisory authority):

• Name: National Authority for Data Protection and Freedom of Information
• Registered office: 1125 Budapest Szilágyi Erzsébet fasor 22/c.
• Postaladdress: 1530 Budapest, Pf.: 5.
• Phone: +36 (1) 391-1400
• Fax: +36 (1) 391-1410
• Website: http://naih.hu

Furthermore, for non-Hungarian citizens within the EU, legal remedies can be made at the territorially competent, member state authority (in all cases, the relevant supervisory authority).

How to Exercise Your Above Rights?

Please write to us at info@centura.hu from the email address that is involved in the data processing (received an invitation to take the test or we sent your access data to this address). Please refer to one of the points in the legal remedy section regarding which you request our cooperation.

Information on the Procedure in Case of a Data Protection Incident, on the Part of the Data Controller

1. Notification of a Data Protection Incident to the Supervisory Authority

The data controller shall, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the competent supervisory authority of the data protection incident, unless the data protection incident is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification is not made within 72 hours, it shall be accompanied by reasons for the delay. The data processor shall notify the data controller of the data protection incident without undue delay after becoming aware of it.

2. Information to the Data Subject About the Data Protection Incident

When the data protection incident is likely to result in a high risk to the rights and freedoms of natural persons, the data controller shall communicate the data protection incident to the data subject without undue delay. The communication to the data subject shall describe in clear and plain language the nature of the data protection incident and state the legally prescribed information and measures.

Cookie Handling

When you visit the Centura Ltd. website (centura.hu, centura.eu), you also provide us with certain personal data.

Your personal data (i.e., data that can be associated with your person) can be processed by us in two ways: on the one hand, technical data (cookies) related to the computer, browser program, internet address, and visited pages you use in connection with maintaining the internet connection are automatically generated in our computer system, and on the other hand, you can also provide your name, contact information or other data if you participate in the completion of a questionnaire or test through the website. The processing of your personal data is only to the extent necessary for the use of the website's services and in accordance with your instructions, while fully complying with the applicable legal provisions. Centura Ltd. does not transfer your data processed in connection with your visit to our website, except for the automatically generated technical data related to the website traffic statistics, which are generated at the physical operator of the internet server. Only our own employees have access to your data processed in connection with your visit to our website, to the extent necessary to perform their duties or to provide the service you have requested, to answer your questions and comments.

If you wish to ask a question or share your opinion with us, you can use the form on our contact page or write directly to info@centura.hu.

When you visit our website, small data files, so-called cookies, are stored on your computer. These files allow the website to "remember" certain information about you, such as your preferred language or other settings. This can make your next visit easier and the site more useful to you. Cookies play an important role. Without them, using the web would be a much more frustrating experience. We use cookies for several purposes. We use them, for example, to count how many visitors we receive on a page, to help you sign up for our services, and to protect your data. You can delete or block cookies. In this case, some features of the website may not work properly. Information about cookies is generally not used to personally identify you, and the data about your browsing habits is under our control. These cookies are used solely for the purposes described here. You can find more information about cookies here: https://support.google.com/accounts/answer/61416?hl=hu

Valid from May 1, 2018 until withdrawal or modification.