Preamble

Global Web Solutions Kft. (hereinafter referred to as "Controller", headquarters 8060 Mór, Kert utca 18.) as a (Data) Controller in the processing of personal data acts in accordance with the provisions of the regulation and the applicable laws (regulation No 2016/679 of the European Parliament and the Council of 27 April 2016) on the protection of individuals with regard to the processing of personal data and the free movement of such data.

Global Web Solutions Kft. respects your rights (hereinafter referred to as "Data Subject") to protect your personal data. This information material summarizes, in a compact, simple way, what information we collect, how we can use it, and describes the tools we use, as well as the privacy and enforcement capabilities of the Data Subject.

Detailed rules are laid down in the aforementioned Regulation. For further information, we recommend that the Regulation is to be studied.

Definitions

Personal data - any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Controller – a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Data Processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Recipient - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Third Party - a natural or legal person, public authority, agency or body other than the Data Subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
Consent – consent of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Profiling - means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Personal data breach - means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Authority: National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság), www.naih.hu

1.Designation and contact details of the Controller (service provider)

Name of Controller: Global Web Solutions Kft.

Headquarters: 8060 Mór, Kert utca 18.

Postal address: 8060 Mór, Kert utca 18.

Company registration number: 07-09-025475

Data Protection Officer: Dávid Nemes

E-mail of Data Protection Officer: [email protected]

E-mail of Customer Service: [email protected]

2.Purpose of processing, scope of processed data, duration of processing, and scope of entitled third parties to access data

Purpose of processing

Personal data can only be processed for a specific purpose, to the extent necessary, to exercise a right and to fulfill obligations. At all stages of processing, the purpose of processing must be met, data entry and management must be fair and legitimate. Personal data can only be handled to the extent and for the duration required to achieve the goal. Controller’s internal instructions specified that only the recipients contributing to and needed to achieve the purpose of processing can manage the data.

The Controller manages personal data on the basis of a Data Subject’s legitimate interest in the following cases:

Fast track application: registration and application for job opportunity monitoring and/or job opportunity notification
CV Creation: application for job opportunity monitoring and/or job opportunity notification
Applying for a specific job
Presenting a customized offer
Creating a MatchMaker profile and participating in the MatchMaker Network to earn money with member recommendations
Finding new applicant (via MatchMaker)
Creating and publishing / presenting a corporate profile on the website
Creating and publishing / presenting a supplier profile on the website
Potential partners EDM
Registering Data Subject’s relevant data for service providing.
Operating IT background for service providing.

The Controller manages personal data on the basis of a Data Subject’s explicit and voluntary consent in the following cases:

Sending electronic newsletters
Online system usage: comment, rating, event application
Displaying targeted ads

The provision of data based on a voluntary consent is not a prerequisite for the conclusion of a contract, it is not obligatory for these purposes to provide personal data.

The scope of processed data, the duration of processing, and entitled third parties to access data

Referring to the above, the following data are collected and treated for the designated retention period by reference to the claimed legal basis.

Data PROCESSED by LEGITIMATE INTEREST

Name of data	Retention time
Name, nickname, email, telephone number	Retention time according to the termination of legitimate interest or according to the related statutory provision (Hungarian Civil Code 6:22§), which is 5 years
location
online user ID
work experience
spoken languages
area of expertise
uploaded CV
birth year
Facebook ID
Linkedin ID
billing and payment information
profile image
cookie: IP, browser, information needed to access the service

Data PROCESSED by voluntary CONSENT

Name of Data	Retention time
user name	Retention time until unsubscription
name, email address	Retention time until unsubscription
nickname	Retention time until unsubscription
telephone number	Retention time until unsubscription
profile image	Retention time until unsubscription
cookie: convinience functions	Retention time until unsubscription or according to related legal requirements

About the method of unsubscription Data Subject can find information in Chapter 6 of this material.

Notice on the use of cookies

Controller uses cookies when visiting its site. Cookies are information packages made of letters and numbers that Controller’s website sends to Data Subject’s browser to save certain settings, facilitate the use of the website and help Controller collect some relevant, statistical information about the website visitors.

The acceptance of cookies is mandatory to use Controller’s service detailed in the General Terms and Conditions, which will be done at the time of registration. For marketing purposes beyond the use of the service, Controller kindly asks for Data Subject’s voluntary consent for their use.

Controller informs its users that, in order to measure the attendance of its website family (gwshub.com, sscheroes.com, etc., and all the services available on Controller’s partner sites), monitor visitor behavior, study statistics, and boost the performance of its ads, Controller uses Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing cookies. Please refer to Google’s and Facebook’s privacy policies for further information on their operation and function.

The IP address of visitors to our site is recorded by Google and Facebook. Within 30 days of the visit Google Display Network and Facebook news feed wall will display ads.

3.Automated decision-making, profiling based on personal data

Controller does not do neither manual, nor AI supported automated profiling.

4.Collection, use, and transmission of personal data

When collecting personal data, the Controller complies with applicable legal regulations, restrictions, and ethical standards.

Controller:

Informs Data Subject of Controller’s processing practices as prescribed in a timely manner, before data is processed.
Collects, stores and uses personal data for a specific purpose only. The information collected is always relevant and appropriate to the given purpose.
Makes reasonable steps to ensure that Data Subject’s personal data is entire, accurate, up-to-date and reliable to Data Subject’s intended purpose.
Uses Data Subject’s personal data for promotional purposes only with Data Subject’s explicit consent and provides the opportunity to withdraw consent for, thus prohibit such communication.
Takes reasonable and prudent steps to protect Data Subject’s personal data, including cases when personal data is transmitted to third parties. Data transfers to third parties without Data Subject’s prior express consent will not happen.

For the processing of personal data by the Controller, the following Data Processor(s) will be used for the indicated activities:

Data Processor	Company reg. numb. / VAT numb.	Data processing activity
Tárhely.eu	01-09-909968	Operating an IT background to provide service
Google	368047	Measuring visitor numbers, data storage
Facebook		Measuring visitor numbers, behaviour monitoring
Mailchimp		sending newsletters
Accounting office		invoicing

5.Access, modification, correction, and portability of personal data

Access

Data Subject has the right to receive feedback from Data Controller as to whether Data Subject’s personal data is being processed and, if such processing is in progress, has the right to have access to his or her personal data and the following information:

purposes of processing;
categories of personal data concerned;
categories of recipients or recipients with whom or which personal data was communicated or will be communicated.

Modification, correction

Data Subject is entitled to request the Controller to correct any of his or her inaccurate personal data without undue delay. Taking into account the purpose of the data handling, Data Subject is entitled to request the supplementation of incomplete personal data, including by means of a supplementary statement.

Portability

Data Subject has the right to receive the personal data previously provided to Controller in a commonly used, machine-readable format and is entitled to transmit this data to another Controller without being obstructed by the Controller, who was given access to these personal data in the first place, if:

processing is based on a voluntary contribution or on a contract where Data Subject is one of the parties; and
processing is carried out in an automated manner.

6.The deletion, limitation and right to object

Deletion

(1) Data Subject has the right to terminate Data Subject’s personal data on Data Subject’s request without any undue delay by Controller and Controller is obliged to delete personal data relating to the subject without undue delay if one of the following reasons exists:

personal data is no longer required for the purpose from which they have been collected or otherwise handled;
Data Subject withdraws the voluntary consent given to Controller through the contact opportunity provided by Controller and there is no other legal basis for processing;
Data Subject has been concerned with data handling for reasons related to Data Subject’s own situation or Data Subject objects to data processing because of direct business information management, and there is no priority legitimate reason for data processing;
personal data has been unlawfully handled;
personal data is to be deleted in order to comply with legal obligations imposed on the Controller in the European Union or Member States' law;
the collection of personal data was directly related to the provision of information society services specifically to children.

(2) If the Controller has disclosed personal data and is required to cancel it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, to take into account the available technology and implementation costs in order to inform the Controllers handling the data, that Data Subject has requested from them to delete any referring links, duplications or copies of such personal data.

(3) Paragraphs (1) and (2) shall not apply where data processing is required:

to exercise the right to freedom of expression and information;
to fulfill an obligation under EU or Member State law for the processing of personal data, which is applicable to the Controller, based on public interest or to carry out tasks in accordance with exercising public authority;
based on public interest in the fields of workplace health or public health;
for purposes of public interest archiving, for scientific and historical research purposes or for statistical purposes, where the law referred to in paragraph 1 is likely to render impossible or seriously jeopardize this data processing; or
to file, enforce or protect legal claims.

Limitation

(1) Data Subject has the right to request Controller to limit the processing of data on request if one of the following is true:

Data Subject dispute the accuracy of the personal data; in this case, the limitation concerns the period of time where Controller can verify the accuracy of personal data;
data processing is unlawful, and Data Subject opposes the deletion of data and instead requests their use to be limited;
Controller no longer needs personal data for data processing, but Data Subject requires them to submit, enforce, or protect legal claims; or
Data Subject has objected to data handling for reasons related to Data Subject’s own situation; in this case, the restriction applies to the duration of determining whether the rightful reasons of Controller have priority over Data Subject’s legitimate grounds.

(2) If the processing of data is restricted under paragraph 1, such personal data may only be used with the consent of the Data Subject concerned or with the submission, enforcement or protection of legal or other rights of the natural or legal person, or in an important public interest of the EU or a Member State.

(3) Controller shall inform Data Subject in advance the dissolution of limitation of the previously limited processing of data requested by Data Subject pursuant to paragraph (1).

Objection

Data Subject is entitled to object to the handling of Data Subject’s personal data for any reason relating to Data Subject’s own situation if the Controller carries out a task in the exercise of a public authority license or processing is necessary to enforce the legitimate interests of the Controller or a third party including profiling based on those provisions. In this case, Controller may not process personal data unless Controller proves that processing is justified by legitimate reasons of enforceability that prevail over the interests, rights and freedoms of the Data Subject, or for the submission, enforcement or protection of legal claims related.

If Data Subject’s personal data is handled for direct marketing, Data Subject is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it relates to direct marketing.

If Data Subject objects the handling of personal data for direct business acquisition, personal data may no longer be processed for that purpose.

7.Data Subject’s Enforcement Opportunities

In the event of violation of Data Subjects personality rights and in the cases specified in the Regulation, Data Subject may request the assistance of the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information

Postal address: 1530 Budapest, Pf .: 5.

Address: Szilágyi Erzsébet fasor 22 / c., 1125 Budapest, Hungary

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

Web: naih.hu

E-mail: [email protected]

8.Changes in this Information material

The Controller reserves the right to modify or update this "Information" at any time, without prior notice, and publish the updated version on its websites. Any modification applies only to personal data collected after the publication of the revised version.

Please check this "Information" regularly to review the changes or to know how the changes affect you.

Last update: May 11. 2018.