Imprint
Services4-IT Korlátolt Felelősségű Társaság
Headquarters: HU 1062 Budapest, Aradi utca 8-10.
Tax number: 24990895-2-42
EU VAT number: HU24990895
Company registration number: 01 09 203846
Managing Director: Erward Arz
Design & Implementation
Axel Loritz imageneering.com
Christian Reimold christianreimold.com
Privacy policy
The names and contact details of the data controller and the data processor:
Data Controller: Services4-IT Korlátolt felelősségű társaság
Headquarters: HU 1062 Budapest, Aradi utca 8-10.
Tax number: 24990895-2-42
EU VAT number: HU24990895
Company registration number: 01 09 203846
Contact: Andreas Berthold
E-mail: hr@services4-it.eu
Phone: +36 70 385 4770
Data protection supervisor:
Gergő Zoltán Balogh
E-mail: zoltan.balogh@services4-it.eu
The data we process:
- Applicant data (e.g. personal data, postal addresses, documents contained in the application and information contained therein such as cover letter/letter of motivation, CV, certificates and other attached documents, personal or qualification data voluntarily provided by applicants for a specific position, contact details (e.g. name, telephone number, e-mail address), training/education information,
- Data from the Internet (e.g. LinkedIn links), reference data voluntarily provided by applicants (e.g. name, e-mail address, telephone number)
- Data received via online forms (e.g. personal data, postal addresses, documents contained in the application/contact and information contained therein, personal or qualification data, contact data (e.g. name, telephone number, e-mail address, company name), training/education information, data from the Internet (e.g. LinkedIn links), reference data voluntarily provided by applicants (e.g. name, e-mail address, telephone number)
- Contact details (e.g. e-mail, telephone number)
- Meta/communication data (e.g. device information, IP addresses): The operating system and browser type used and other information. This data is continuously logged by the system, but is not linked to other data, so that no conclusions can be drawn about the identity of the user from this data.
- Usage data (e.g. websites visited, interest in content, access times)
persons in the data processing process:
- Applicants and proactively contacted persons
- Business and contractual partners
- Interested parties
- Communication partner
- Customers
- Users (e.g. visitors to websites, users of online services)
The framework of data use:
- Recruitment process
- Feedback (e.g. feedback collection via an online form)
- Contacting and communication
- Contract services and contacting
- Managing and responding to inquiries
Relevant legal bases:
The data of Services4-IT GmbH is treated in accordance with the applicable EU regulations as well as national legislation and official statements on the processing of personal data.
- Data Protection Act (Act No. XXXVIII of 2018 on the right to informational self-determination and freedom of information, amending Act No. CXII of 2011 on data protection in connection with the data protection reform of the European Union and amending other relevant laws*)
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)*
Safety measures:
Services4-IT GmbH has and follows the internationally recognized security standards according to ISO/IEC 27001:2014 as well as the provisions of the information security management system in connection with confidential customer data.
The data controller is responsible in particular for the following tasks in connection with information security:
- Denial of access to the data processing system by unauthorized persons,
- Prevention of unauthorized reading, copying, modification or removal of data carriers,
- Prevention of unauthorized entry of personal data into the data processing system as well as unauthorized access, modification or deletion of this data,
- Preventing the use of data processing systems by unauthorized persons using data transmission devices,
- Ensure that authorized persons only access the personal data specified in the access authorization,
- Verifiability and determination to whom the personal data has been transferred or made available,
- Traceability of the entry of personal data into the data processing system as well as the person responsible and the time,
- Prevention of unauthorized access, copying, modification or deletion of personal data during transmission or transport of data carriers.
Services4-IT does not disclose or publish the personal data collected during the use of the website to third parties, unless required by law or the user voluntarily submits an application through the form available on the website and fulfils the conditions established therein. to ensure that this is the case. Services4-IT strives to protect the data from unauthorized access, alteration, disclosure, deletion or destruction, as well as from accidental loss or damage.
Data processing in third countries:
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.
Subject to explicit consent or contractually or legally required transfer, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Use of cookies:
Information on the use of cookies and plugins can be found at the following link: Cookie Policy (EU) | SERVICES 4-iT
Contact information provided voluntarily and its storage period/method: (contact form on the website)
- Types of data processed: name, email address, telephone number, company name and information and/or attachments voluntarily provided during the contact process.
- Purpose: Identification, subsequent contact
- Legal basis: Voluntary consent (GDPR Article 6(1)(a))
- Data subjects: Website User – any natural person who fills in the contact form on the Website and voluntarily provides their personal data.
- Storage period: until deletion at the request of the data subject, but for a maximum of 1 year.
Data used, processed and stored during the recruitment and selection process:
- Types of data processed: Applicant data (e.g. personal data, postal addresses, documents related to the application and information contained therein, such as cover letters, CVs, certificates and other personal data voluntarily provided by the applicant for a specific position or qualification), contact details (e.g. name, contact details, occupation, qualification/training data, reference data and contact details), data for the submission of the application.
Please do not send us CVs, letters of motivation or other attachments that are not relevant to the establishment, performance or termination of the employment relationship. In addition, we ask that you do not share any trade secrets and/or company information of your previous or current workplace with us.
- Purpose: Identification, fulfilment of requirements, initiation and continuation of the selection process, subsequent verification
- Legal basis: Voluntary consent (GDPR Article 6(1)(a)) and legitimate interest (GDPR Article 6(1)(f))
- Data subjects: *Applicants and persons contacted via Active Sourcing.
*Applicant: Any natural person applying for the positions advertised on our website.
*Clarification of the term "active sourcing": "Active sourcing" is a recruitment strategy in which the company proactively seeks out and approaches potential candidates before they explicitly apply for specific positions. This method allows companies to connect directly with talented candidates before they become available in the broader job market.
In "active sourcing", companies typically use various channels and tools such as LinkedIn and/or other social media platforms, online forums, events and conferences, and other professional networks to identify and contact potential candidates.
- Storage period: Until deletion at the request of the data subject, but for a maximum of 1 year. For applications in accordance with the provisions of the German Civil Code (BGB)
- Storage method: The data is installed on servers hosted in the cloud infrastructure of Aruba S.p.A. and Microsoft Azure.
Data Processor and Data Controller System: KENJO
Address: Urbanstraße 71, 10967 Berlin, Germany
Phone number: +49 30 56837072
Sub-processor: Accompio GmbH
Address: Werner-von-Siemens-Ring 12,
85630 Grasbrunn, Germany
Registration number: HRB 160941
Data: Data related to absence
We would like to point out that in the case of sub-processors, there is no profiling and no personal data is processed!
The rights of data subjects in the context of data processing:
- The Data Controller will inform you of the processing of your personal data at any time, free of charge, upon request, and you may at any time request access to your personal data, request their rectification, erasure or restriction of processing, and object to the processing of your personal data.
Examples of the rights of data subjects:
The Data Subject may request the Data Controller to:
- information about the processing of their personal data (before the start of data processing and during data processing),
- access to their personal data (provision of their personal data by the Data Controller),
- rectification or integration of their personal data,
- erasure/forgetting or restriction (blocking) of his/her personal data – except in cases of data processing required by law,
- Right to data portability,
- Right to object to the processing of their personal data.
The right of access (pursuant to Articles 13-14 of the General Data Protection Regulation)
The data subject may request information from the Data Controller in writing about:
- which personal data is processed by it,
- on what legal basis,
- the purpose for which the data is processed,
- from which source the data originates,
- how long the data will be stored,
- whether a processor is used and, if so, the name, address and activity of the processor in connection with the data processing,
- to whom, when and on what legal basis the Data Controller provided access to their personal data or to whom they transferred the personal data,
- about the circumstances, impact, and measures taken to address data breaches.
The Data Controller shall comply with the Data Subject's request in writing to the contact address provided within a maximum of one month.
The right of access (pursuant to Article 15 of the General Data Protection Regulation)
The data subject has the right to obtain confirmation from the Data Controller as to whether his or her personal data is being processed and, if so, to obtain access to the personal data being processed. The Data Controller shall provide a copy of the personal data that is the subject of the processing – unless this is prevented by other legal provisions. If the data subject has submitted their request electronically, the information must be provided in a widely used electronic format, unless the data subject requests otherwise.
The right to rectification and integration (pursuant to Article 16 of the General Data Protection Regulation)
The Data Subject may request in writing from the Data Controller that the Data Controller amend any of his or her personal data (for example, change the email address or postal address, or request the correction of inaccurate personal data of the Data Controller). Taking into account the purpose of the processing, the data subject has the right to request the completion of incomplete personal data processed by the Data Controller. The Data Controller shall comply with the request within a maximum of one month and shall inform the data subject thereof by means of a letter sent to the contact address provided by him/her.
The right to erasure (pursuant to Article 17 of the General Data Protection Regulation)
The data subject may request in writing from the Data Controller that his or her personal data be erased. The data subject has the right to obtain from the Data Controller the erasure of the personal data concerning him or her without undue delay.
The Data Controller is obliged to erase the data subject's personal data without undue delay if one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
- the data subject has objected to the processing of his or her data in accordance with his or her right to object (see information document section 11/G) and there are no overriding legitimate grounds for the processing,
- the personal data has been unlawfully processed,
- the erasure of the personal data is necessary for compliance with a legal obligation to which the Data Controller is subject, applicable under Union or Member State law.
The right to restriction of processing (pursuant to Article 18 of the General Data Protection Regulation)
The data subject may request in writing that the Data Controller block his/her personal data (with a clear indication of the restriction of processing and separate storage of other data). The blocking takes place as long as the reason given by the data subject requires the storage of the data. For example, the data subject may request the blocking of his/her data if he/she considers that the data controller has processed his/her data unlawfully, but the administrative or judicial proceedings initiated by him/her require that the data controller not erase his/her data. In this case, the Data Controller will store the personal data until the request of the authority or the court and then delete them.
The right to data portability (pursuant to Article 20 of the General Data Protection Regulation)
The data subject may request in writing that the personal data concerning him or her, which he or she has provided to the Data Controller, be given a structured, commonly used machine-readable format and have the right to transmit such data to another Data Controller without hindrance from the original Data Controller, provided that:
- the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation
- or the processing is based on a contract pursuant to Article 6(1)(b) of the General Data Protection Regulation
- and the processing is automated.
The right to object (pursuant to Article 21 of the General Data Protection Regulation)
The data subject may object in writing to the processing of his or her personal data pursuant to Article 6(1)(f) of the General Data Protection Regulation, which is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on these provisions. In this case, the Data Controller may not further process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
The data subject may exercise his/her rights using the following contact details:
E-mail: hr@services4-it.eu
Postal address: HU 1062 Budapest, Aradi utca 8-10.
Phone: +36 70 385 4770
In the event of a violation of the rights provided for by the relevant laws, the data subject may apply to the court. The procedure before the court is governed by Section 22 of the Information Act.
If the Data Controller causes damage as a result of unlawful processing of your data or breach of data security requirements, it is obliged to reimburse it. In the event of a breach of rights relating to the processing of your personal data or an imminent threat of such a breach, you may request an investigation from the National Data Protection Authority ("NAIH"). The detailed provisions governing the NAIH's procedure are set out in Chapter Six of the Information Act.
The contact details of the authority in the event of a complaint (pursuant to Article 77 of the GDPR) are as follows:
National Data Protection and Freedom of Information Authority
Address: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 (1) 391-1400
Website: https://www.naih.hu
E-mail: ugyfelszolgalat@naih.hu
For more information on your rights and the details of a complaint to the Authority, please visit the following website: http://naih.hu/panaszuegyintezes-rendje.html.
In the event of a violation of their rights, the data subject may also apply to the court competent in their place of residence and, among other things, claim damages. The competent courts for your place of residence can be found here: https://birosag.hu/birosag-kereso.