Silurus Software Llc.

Privacy Policy

The identity and contact details of the data controller

Silurus Software Ltd. 

Tax no.: 25858666-2-41; Seat: 1025 Budapest, Szemlőhegy utca 14. A. ép. (hereinafter: “Data Controller”)

Represented by:

The scope of processed personal data
The purpose of data processing
The legal basis for data processing
The name and contact details of the data subject (email address, phone number)
Contacting and maintaining communication with the data subject
The European Parliament and Council (EU) Regulation 2016/679 (GDPR) Article 6(1)(b) states that data processing is lawful if it is necessary for the performance of a contract to which the data subject is a party.
Data uploaded to the LinkedIn platform (work experience, education, language skills), and other personal data provided in the résumé.
Understanding the candidate’s experience, language skills, and education.
GDPR Article 6(1)(b) states that data processing is lawful if it is necessary for the performance of a contract to which the data subject is a party.
Personal data included in the résumé.
Understanding the candidate’s knowledge and experience
GDPR Article 6(1)(a), the data subject’s consent.
Notes taken during the introductory conversation (the candidate’s salary expectations, experience, interests, and expectations).
Understanding the candidate’s salary expectations, experience, and other expectations.
GDPR Article 6(1)(f), the data controller’s legitimate interest. The data controller is entitled to know the applicants’ salary expectations and practical experience. The data controller has conducted a legitimate interest assessment (LIA) to balance the interests of both the data subject and the controller.
The name of the data subject, mother’s name, place and date of birth, tax identification number, address, social security number, start date and duration of employment, salary.
Conclusion of an employment contract between the data controller and the data subject.
GDPR Article 6(1)(b) allows data processing when it is necessary for the performance of a contract to which the data subject is a party.
The name of the data subject, mother’s name, place and date of birth, tax identification number, address, start date of insurance relationship, insurance relationship code, termination of the insurance relationship, duration of any suspension of the insurance, weekly working hours, and FEOR number. Other personal data required for payroll: number of the employee’s children, name and account number of the designated bank account holder, relevant health/social data.
The lawful operation of the data controller (fulfillment of reporting obligations to the National Tax and Customs Administration (NAV) and other authorities).
GDPR Article 6(1)(c) allows data processing when it is necessary for compliance with a legal obligation to which the data controller is subject.

The transfer of personal data, the recipients of the transfer

The data controller forwards applicants’ CVs to its clients. The data subject is informed of the fact and the recipient of the data transfer prior to any transfer of data.

The payroll administrator (data processor) acting on behalf of the data controller:

  • PGY Consulting Financial and Accounting Services Limited Liability Company; 13162670-2-13; 2330 Dunaharaszti, Gólya Street 4, Building A.

The duration of personal data storage, or the criteria for determining this duration

  • The data controller is required to retain the employee’s documents and data related to their social security relationship for five years after the employee reaches the applicable retirement age, in accordance with Section 99/A (1) of Act LXXXI of 1997.
  • The data controller retains the other personal data of the employees concerned for 10 years following the termination of the employment relationship.
  • The data controller retains the personal data of unsuccessful candidates for 8 years.

The right to lodge a complaint with a supervisory authority

The data subject may submit a complaint to the National Authority for Data Protection and Freedom of Information (NAIH)

  • 1363 Budapest, Pf. 9.
  • 1055 Budapest, Falk Miksa Street 9-11
  • Website: naih.hu

The source of personal data

The data controller obtains personal data from

  • the data subject and
  • from LinkedIn under the FP4P auto provisioning cap contract for SILURUS SOFTWARE KFT.

Additionally, it acquires data through the following recruitment agencies:

  • Moana Software Magyarország Kft., 12709407-2-41, 1025 Budapest, Zöldlomb Street 32-34/b. 4th floor 16.
  • Human Consulting Kft., 13660006-2-42, 1161 Budapest, Csömöri Road 70.
  • Real Options Kft., 29030350-2-43, 1183 Budapest, Móricz Zsigmond Street 25, Building A.
    STYLERS Kft., 22910323-2-41, 1138 Budapest, Madarász Viktor Street 47-49, Building 1, 2nd floor.

Information about the data subject's rights

From the data controller, the data subject has the right to

  • access to their personal data,
  • rectification,
  • deletion, or
  • restriction of its processing, and
  • may object to the processing of such personal data. Additionally, the data subject
  • has the right to data portability

The right of access by the data subject

The data subject may request confirmation from the data controller on whether their personal data is being processed. If so, they can access the following information:

  • The purposes of processin
  • Types of personal data processed
  • Recipients of the data, including international transfers
  • Planned retention period or criteria for determining it
  • Data subject rights (rectification, erasure, restriction, objection)
  • Right to lodge a complaint with a supervisory authority
  • Source of data if not obtained from the data subject
  • Existence of automated decision-making, including profiling, and its consequences

If data is transferred internationally, the data subject can request details of the safeguards in place.

They can also request a copy of their personal data, with potential administrative fees for additional copies. The request must not infringe on others’ rights and freedoms.

The Right to Rectification

The data subject may request that the data controller correct inaccurate personal data concerning them without undue delay. Considering the purposes of the data processing, the data subject may also request the completion of incomplete personal data, for instance, by submitting a supplementary statement.

A törléshez való jog („az elfeledtetéshez való jog”)

The data subject can request the data controller to erase their personal data without delay if:

  • The data is no longer necessary.
  • Consent is withdrawn, and no other legal basis exists.
  • The data subject objects, and there are no overriding legitimate grounds.
  • The data was processed unlawfully.
  • The data must be deleted to comply with a legal obligation.
  • The data was collected in connection with information society services.

Erasure is not required if data is needed for

  • freedom of expression,
  • legal obligations,
  • public interest,
  • health,
  • research, or
  • legal claims.

The Right to Restriction of Processing

The data subject can request the restriction of data processing if:

  • They contest the accuracy of the data (for the time needed to verify it).
  • The processing is unlawful, but they prefer restriction over deletion.
  • The controller no longer needs the data, but the data subject requires it for legal claims.
  • The data subject has objected, pending the establishment of overriding legitimate grounds.

If the processing is restricted, the data may only be stored unless the data subject consents, or the data is needed for legal claims, the protection of others’ rights, or for important public interest reasons.
Notification of Lifting: The data controller will inform the data subject in advance if the restriction on data processing is lifted.

Notification Obligation Regarding Rectification, Erasure, or Restriction of Processing

The data controller is obliged to notify all recipients with whom the personal data has been shared about any rectification, erasure, or restriction of processing, except when this proves impossible or would require disproportionate effort. Upon the data subject’s request, the data controller will inform them about these recipients.

The Right to Data Portability

  • Right to Data Portability: The data subject may request to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format. Additionally, they may request that these data be transmitted to another data controller, if
    • The processing is based on consent or a contract, and
    • the processing is carried out by automated means.
  • Direct Transmission of Data: The data subject may request the direct transmission of their data from one data controller to another, if technically feasible.
  • Restrictions: The right to data portability must not infringe on the right to erasure (Article 17) and does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • Rights of Others: The right to data portability must not adversely affect the rights and freedoms of others.

The Right to Object

  • Objection to the Processing of Personal Data: The data subject may object at any time to the processing of their personal data when it is based on Article 6(1)(e) or (f), including profiling. The data controller may continue processing only if they can demonstrate compelling legitimate grounds that override the data subject’s rights or are related to legal claims.
  • Objection to Direct Marketing: The data subject may object to the processing of their personal data for direct marketing purposes, including profiling, at any time. In this case, the data can no longer be processed for this purpose.
  • Notification of the Right: The data subject must be informed of their right to object clearly and separately from any other information at the first point of contact.
  • Automated Tools: The data subject may exercise their right to object through automated means when using information society services.
  • Scientific and Historical Research: The data subject may object to the processing of personal data for scientific and historical research or statistical purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

Rights Related to Consent

  • Consent can be withdrawn at any time, and such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.