Preamble / Disclaimer:
HILL International Hungary Kft is a Hungarian legal entity. We strived to prepare identical translation but in case of any legal dispute we stipulate the supremacy of the Hungarian version with Hungarian wording. You can find the Hungarian version here: https://www.hill-international.com/files/userdata/countries/Hungary/docs/Adatvedelmi_nyilatkozat_-_2023.pdf
1. General information
We process your personal data in the course of our business activities, e.g. in the context of an application procedure, when using our website or when using our other services as well as in our role as contractor. We treat your personal data confidentially and handle it responsibly. Processing is carried out exclusively in accordance with the provisions of the General Data Protection Regulation (GDPR) and in accordance with the provisions of the applicable local Hungarian data protection law, [’az információs önrendelkezési jogról és az információszabadságról’ szóló a 2011. évi CXII. törvény].
In the following, we would like to inform you about the type, scope and purpose of data processing to enable you to understand how we use your personal data.
2. Data Controller according to the GDPR
Full local company name: HILL International Kft
Company registration number: 01-09-063467
Company street address: Szász Károly utca 2.
Company zip & city: H-1027, Budapest
Company country: Hungary
phone: +36-1-201-2252, +36-20-201-2252
The body responsible for data processing defined in section 4 (cookies used on our website) is
HILL International GmbH
FN 260531 i
phone: +43 1 796 97 98
3. Collection and processing of personal data
3.1 Job application management
Our core activity is professional recruitment, i.e. the placement and filling of open positions on behalf of our clients. In order to present our clients with the most suitable candidate for each position and to be able to offer you the best possible employment opportunity, we process the data that is relevant for filling the position, which you disclose to us as part of your application or which we obtain from third parties (reference providers) or from public sources (social media platforms). The same applies mutatis mutandis if you make use of our career counselling and coaching services.
3.1.1 Applicant data
If relevant to the application process, we process the following personal data:
- Master data: name, date of birth (age), place of birth, gender, academic title(s), marital status;
- contact information: address, telephone number, email address;
- nationality, immigration status (work permit);
- information about your educational background, work history, other qualifications or skills, and your (professional) suitability, including certificates and curriculum vitae;
- information about your interests and requirements with regard to future employment and your personal development;
- salary information and expectations;
- entry date or availability date;
- HILL Competence Analysis (HCA) data; and
- additional information about you provided either by yourself, your references or our clients, if it may be relevant to the application.
3.1.2 Processing purpose
Your applicant data will only be processed for the following purposes:
- Carrying out the application process, in particular to match the job profile with your (professional) suitability, qualifications and interests;
- carrying out career counselling and coaching;
- establishing contact and handling correspondence;
- exercise of rights and obligations towards our clients; and
- storage in our database with the aim of being able to assign your applicant profile to free and suitable job opportunities in the future (keeping record).
3.1.3 Lawfulness of processing
The legal bases for the processing of your applicant data are as follows:
- Performance of a contract (Article 6 para 1 lit b GDPR): By submitting your application, you instruct us to evaluate your application profile and compare it with job profile of the respective job posting. For this purpose, the processing of your applicant data is mandatory.
- Legitimate interests (Article 6 para 1 lit f GDPR): When searching for talents, our primary interest is to be able to fill each open position with the ideal applicant. In order to assert, exercise or defend our legal claims such as those arising from the commission agreements concluded with our clients or in any proceedings under the Federal Equal Treatment Act, we consider ourselves entitled to retain your applicant data even beyond the duration of a specific application procedure. Finally, the storage of your applicant data is also necessary despite the end of an application process in order to be able to fulfill our obligations to our clients, in particular contractual obligations to provide proof or subsequent performance. We are further convinced that storing your applicant data in our systems can also be beneficial for your professional development without you having to fear any disadvantages. This allows us to match your data with the job profiles of future job postings and offer you interesting career prospects.
- Consent (Article 6 para 1 lit a GDPR): For the retention of your applicant data for a period exceeding 12 months from the end of the application process, we will obtain your express consent by means of the so-called double opt-in procedure (keeping record).
3.1.4 Data retention and deletion
We only store your applicant data for as long as is necessary to achieve the purpose of the processing. Your applicant data will be deleted or anonymized 3 months after the end of the application process. This does not include storage for record-keeping purposes. In this case, the data will be deleted or anonymized within a maximum of 12 years after you have given your express consent. Furthermore, we will delete or anonymize your applicant data immediately upon your first request, unless this conflicts with legal obligations such as tax and company law retention obligations or in individual cases with our legitimate interests – for example, in the assertion, exercise or defense of legal claims. We also delete your data if the aim (offering job opportunities) becomes no longer relevant, ie. because of retirement age, permanently moving abroad, death, … etc.
3.2 Direct approaches and headhunting
In order to live up to our own expectation of always filling each vacancy with the most suitable candidate, we use social media platforms such as LinkedIn, Xing or profession.hu as sources of information. By means of direct approaches (Active Sourcing, Target Sourcing) or headhunting, we contact candidates who appear to be particularly qualified for a vacant position based on the information in their public social media profile. In the course of this process, your personal data is stored in our database.
3.2.1 Candidate data
If relevant to direct approaches and headhunting, we process the following personal data:
- Master data: name
- Contact information: telephone number, email address;
- photograph (if provided, but not required);
- information on educational and professional background;
- language skills;
- link to social media profile; and
- additional information that you provide about yourself in the course of the direct approach, provided that this information may be relevant for filling the position.
3.2.2 Processing purpose
Your candidate data will only be processed for the following purposes:
- Identification of suitable candidates to fill open positions;
- establishing contact and handling correspondence;
- avoidance of multiple direct approaches; and
- exercise of rights and obligations towards our clients.
3.2.3 Lawfulness of processing
The legal bases for the processing of your candidate data are as follows:
- Legitimate interests (Article 6 para 1 lit f GDPR): When searching for talents, our primary interest is to be able to fill every open position with the ideal candidate. With the help of the information publicly available on social media platforms, people who have not actively applied for a vacant position can also be included in the recruitment process, which increases the probability of actually finding the most suitable candidate. Your advantage lies in the free placement of attractive job offers and professional development opportunities. Since the information on social media profiles is information that you yourself have made public, we assume a diminished interest in the confidentiality of this data. In order to assert, exercise or defend our legal claims such as those arising from the commission agreements concluded with our clients or in any proceedings under the Federal Equal Treatment Act, we consider ourselves entitled to retain your candidate data even beyond the duration of a specific application procedure. Finally, the storage of your candidate data is also necessary despite the end of an application process in order to be able to fulfill our obligations to our clients, in particular contractual obligations to provide proof or subsequent performance.
3.2.4 Data retention and deletion
We only store your candidate data for as long as is necessary to achieve the purpose of the processing. Your candidate data will be deleted 12 years after the end of the application process. In the event that you participate in an application process as a result of our direct approach as an applicant, point 3.1.4 applies.
3.3 Client management and order processing
The processing of your personal data is mandatory for the initiation of a business relationship, for the processing of a specific order in the talent search process, for the performance of career counselling and coaching or for the use of our other services. This applies regardless of whether you order our services from our employees or via our online shop. We also store your personal data beyond the duration of a specific order, e.g. to facilitate future cooperation, to fulfill our legal retention obligations and for quality and verification purposes.
3.3.1 Client data
If relevant to the client management and order processing, we process the following personal data:
- Master data: name, date of birth (age), gender, academic title(s), company VAT number;
- contact details: address, telephone number and email address (company or private);
- information about the order;
- position in the company;
- bank details; and
- additional information that you provide in the course of initiating and processing your order, provided that this information is relevant to our business relationship.
3.3.2 Processing purpose
Your client data will only be processed for the following purposes:
- Order processing, client management, exercise of (post-)contractual rights and obligations;
- establishing contact and handling correspondence; and
- storage in our database with the aim of having your client data available in case of future cooperation (keeping record).
3.3.3 Lawfulness of processing
The legal bases for the processing of your client data are as follows:
- Performance of a contract (Article 6 para 1 lit b GDPR): In order to process your order and to ensure targeted communication, the processing of your client data is mandatory.
- Legitimate interests (Article 6 para 1 lit f GDPR): We are pleased to say that we generally maintain long-term business relationships with our clients. We therefore take the liberty of keeping a record of your client data beyond a specific order in order to be able to act quickly and efficiently in your interest in the event of a new order. We are also interested in quality assurance and in avoiding evidentiary difficulties in the event of legal disputes.
- Legal obligation (Article 6 para 1 lit c GDPR): In order to fulfill our legal retention obligations – for example, according to the Hungarian Tax Authority – we are obliged to store certain client data, especially related to invoicing and financial fulfillment.
3.3.4 Data retention and deletion
We only store your client data for as long as is necessary to achieve the purpose of the processing. For quality assurance purposes and to avoid any evidentiary difficulties in connection with our service provision, we delete your customer data after 1 years from the completion of a specific order. Finally, we are legally required to retain documents and records relevant to accounting and commercial transactions (e.g. invoices, receipts, etc.) for a period of 7 years. Furthermore, we will delete your client data immediately upon your first request, unless this conflicts with legal obligations such as tax and company law retention obligations or in individual cases with our legitimate interests – for example, in the assertion, exercise or defense of legal claims.
3.4 HILL Competence Analysis (HCA) and 360° feedback
If you commission us to carry out the HCA or 360 degree feedback – for example as an applicant in an application process or as part of a career counselling or coaching –, the processing of your personal data is required for this. The HCA is a standardized, scientifically based, psychological analysis procedure that queries your personality, skills and interests in order to better match you to a specific job profile or find employment that is tailored to you. We would like to emphasize at this point that there are no per se positive or negative characteristics within the framework of HCA. Your characteristics are only evaluated by comparing them with the respective job profile. The 360 feedback is simpler, only collecting numerical answers, aggregating and averaging.
22.214.171.124 HCA data
If relevant to the performance of the HCA, we process the following personal data:
- Master data: name, date of birth (age), place of birth, gender, academic title(s);
- contact information: address;
- educational background, management experience and sales experience (in years); and
- information about your personality, characteristics, skills and interests, primarily with regard to your (future) professional environment.
126.96.36.199 360 data
We process the following personal data:
- Master data: name and the relation to the assessed person
- contact information: e-mail address
- in case of the assessed person we keep also the numerical results
3.4.2 Processing purpose
Your HCA and 360 data will only be processed for the following purposes:
- Establishing contact and handling correspondence;
- performance of the analysis procedure; and
- if the HCA is completed as part of an application process, to compare the results of the analysis with the relevant job profile in order to fill the vacant position with the most suitable applicant.
3.4.3 Lawfulness of processing
Data processing in the context of the HCA qualifies as "profiling" within the meaning of Article 4 para 4 of the GDPR; however, it does not constitute a case of application of “automated individual decision-making” pursuant to Article 22 of the GDPR. If the HCA is completed as part of an application process, please note that you will not be subjected to a decision based solely on your analysis result in this process. Rather, in the sense of human influence and taking into account a wide variety of other factors, the potential employer decides personally in each individual case to what extent you are eligible for the open position and the application process is continued with you. The legal bases for the processing are as follows:
- The consent of the individual to the collection, handling, storage, processing and transfer of their personal data, as defined in GDPR art.6 , sec 1, letter A .
- Performance of a contract (Article 6 para 1 lit b GDPR): By participating in the HCA or 360 you authorize us to evaluate and process your data for the purposes stated above. Without the appropriate data processing it is not possible to perform the HCA or 360.
- Legitimate interests (Article 6 para 1 lit f GDPR): When searching for talents, our primary interest is to be able to fill each open position with the ideal applicant. We are convinced that you, as an applicant, will also benefit significantly from the HCA or 360 in the application process, because it will help you find job that suits you best. Finally, we have an interest in the ongoing improvement and further development of our HCA or 360, which is why we store your HCA or 360 data in anonymized form – i.e., detached from your identity – in our systems.
3.4.4 Data retention and deletion
We only store your HCA or 360 data for as long as is necessary to achieve the purpose of the processing. The storage of your HCA or 360 data in the context of an application process or career counselling is carried out in accordance with point 3.1.4.
4. Cookies and local storage
Cookies are small packages of data that are exchanged between your browser and our web server whenever you visit our website. They do not cause any damage and are used solely to recognize website visitors. Cookies can only store information provided by your browser, e.g. information that you have entered into your browser or that is available on the website. Cookies cannot execute code and cannot be used to access your terminal device.
The next time you access our website using the same device, the information stored in the cookies can then either be sent back to us (“first-party cookie”) or to a web application of third party to whom the cookie belongs (“third-party cookie”). The information that is stored and sent back allows each web application to recognize that you have already accessed and visited the website using the browser on your device.
By calling up Cookie Settings, you will find an overview of all cookies used on our website. You can give your consent for and view detailed information about each cookie (e.g. about purpose and retention period). In addition, you can prevent cookies from being stored by setting your browser accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our website.
On our website, we also use so-called local storage functions (also called "local data"). This means that data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser - as long as you do not delete the cache or data is stored within the session storage. If you do not wish plug-ins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may also result in functional restrictions.
4.1.1 Cookie data
Depending on the settings you have chosen, we process the following cookies in the course of your visit to our website:
- IP address;
- date, time and frequency of your accesses;
- technical settings of your browser, and
- other information about your usage behavior.
4.1.2 Processing purpose
Depending on the settings you have chosen, your cookie data will only be processed for the following purposes:
- Technically necessary cookies: These cookies are necessary to ensure the technical operation and basic functions of our website. These types of cookies are used, for example, to maintain your settings while you navigate our website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart).
- Statistics cookies: These cookies help us to understand how visitors interact with our website by collecting and analyzing information on an anonymous basis only. In this way we gain valuable insights to optimize both the website and our products and services.
- Marketing cookies: We use these cookies to analyze your usage behavior on our website. This information is used to provide you targeted promotional and marketing activities on our website.
4.1.3 Lawfullness of processing
The legal basis for the processing of your cookie data is as follows:
- Consent (Article 6 para 1 lit a GDPR): For the processing of your cookie data for the above-mentioned purposes, we will obtain your express consent when you access our website for the first time. The only exceptions to this are those cookies that are absolutely necessary for the use of our website and the services offered there.
4.1.4 Data retention and deletion
Depending on the storage period, we divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when the browser is closed. No information remains on your device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will react accordingly. The lifespan of a persistent cookie is determined by the provider of the cookie. For detailed information, please call up Cookie Settings.
5. Transfer of personal data to third parties
We will disclose your personal data to third parties only if this is necessary to fulfill the purpose of the processing or to comply with our legal or other obligations such as official requests or court decisions. This includes in particular the disclosure to the following recipients:
- our clients who have commissioned us to fill a vacant position;
- HILL International GmbH, FN 260531 i, as processor of job applications via our website within the meaning of Article 28 of the GDPR;
- our IT Service provider for server hosting. (No literal transfer only theoretical possibility of accessing data.) www.netpeople.hu, nGroup Kft., Cím: 1134 Budapest, Lehel utca 9. A ép. II/3.
6. Transfer of personal data to third countries
As far as recipients in third countries are concerned, the following information is provided:
- Within the scope of the services of our website, data might be transferred to the US. For detailed information, please call up Cookie Settings.
6.1 Data transfer to the US / Discontinuation of the Privacy Shield
We would like to expressly point out that as of July 16, 2020, due to a legal dispute between a private individual and the Irish supervisory authority, the so-called "Privacy Shield", an adequacy decision of the EU Commission according to Article 45 GDPR, which confirmed an adequate level of data protection for the US under certain circumstances, is no longer valid with immediate effect.
The standard contractual clauses adopted by the Commission in 2010 (2010/87/EU of 05.02.2010), Article 46 paragraph 2 lit. c GDPR, are still valid, but a level of protection for personal data must be ensured which is equivalent to the level in the European Union. Therefore, not only the contractual relationships with our service providers are relevant, but also the possibility of access to the data by U.S. authorities and the legal system of the U.S. (legislation and jurisdiction, administrative practice of authorities). The standard contractual clauses cannot bind authorities in the US and therefore do not yet provide adequate protection in cases in which the authorities are authorized under the law in the US to intervene in the rights of the data subjects without additional measures by us and our service provider.
Insofar as US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and cannot be accessed by US authorities. Furthermore, we carefully examine European alternatives to US tools used. However, this is a process that does not happen overnight, as it also involves technical and economic consequences for us. Only if the use of European tools and / or the immediate switch off of the US tools is impossible for us for technical and / or economic reasons, US service providers are currently still used.
6.2 Risks in connection with data transfer to the US
Risks for you as a user are at any rate the powers of the US secret services and the legal situation in the US, which, in the opinion of the European Court of Justice, no longer ensure an adequate level of data protection. Among other things, this concerns the following points:
- Section 702 of the Foreign Intelligence Surveillance Act (FISA) does not provide for any restrictions on the surveillance measures of the secret services or guarantees for non-US citizens.
- Presidential Policy Directive 28 (PPD-28) does not provide effective remedies for those affected against actions by U.S. authorities and does not provide barriers to ensuring proportionate measures.
- The ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; he cannot issue binding orders to the U.S. secret services.
7. Rights of the data subjects
You yourself decide on the use of your personal data. To exercise your rights in accordance with the following points, you are welcome to contact us using the contact details provided in section 2. For general questions on the subject of data protection, you can reach us at firstname.lastname@example.org.
7.1 Right to withdraw consent
7.2 Right to be informed
You have the right to obtain information about whether personal data relating to you is being processed and more detailed information about this data. This more detailed information relates, among other things, to the processing purposes, categories of data, potential recipients or the retention period.
7.3 Right to rectification
You have the right to request the rectification of inaccurate personal data concerning you. If the data processed by us is not correct, we will update it immediately and inform you about it.
7.4 Right to erasure
If you no longer wish your personal data to be processed by us, we kindly ask you to inform us about this. We will of course delete the data immediately and inform you of this. If there are compelling legal reasons for deletion, we will notify you immediately.
7.5 Right to restrict processing
You have the right to request us to restrict the processing of your personal data in the following cases:
- in the case of a request for rectification under point 7.3, if you so wish;
- if you are of the opinion that the data processing is unlawful, but oppose the erasure of the data;
- if you need the data in connection with legal claims; or
- if you have objected to the processing in accordance with point 7.7.
7.6 Right to data portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format and to have the personal data transmitted directly from us to another data controller.
7.7 Right to object
You have the right to object to the processing of your personal data. Please address yout objection to Zsolt Fazekas, Managing Director at email@example.com
7.8 Right of appeal
You have the right to complain to a data protection authority if you believe that the processing of your personal data violates applicable law, in particular the GDPR. As a rule, you can contact the data protection authority at your usual place of residence or workplace or at the headquarters of our company.
The responsible data protection authority in Hungary is:
Nemzeti Adatvédelmi és Információszabadság Hatóság
Cím: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Telefon: +36 (1) 391-1400
Fax: +36 (1) 391-1410