Silurus Software Llc.

Privacy Policy

Definitions

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

The identity and contact details of the data controller

Silurus Software Ltd. 

Tax no.: 25858666-2-41; Seat: 1025 Budapest, Szemlőhegy utca 14. A. ép. (hereinafter: “Data Controller”)

Represented by:

The scope of processed personal data
The purpose of data processing
The legal basis for data processing
The name and contact details of the data subject (email address, phone number)
Contacting and maintaining communication with the data subject
The European Parliament and Council (EU) Regulation 2016/679 (GDPR) Article 6(1)(b) states that data processing is lawful if it is necessary for the performance of a contract to which the data subject is a party.
Data uploaded to the LinkedIn platform (work experience, education, language skills), and other personal data provided in the résumé.
Understanding the candidate’s experience, language skills, and education.
GDPR Article 6(1)(b) states that data processing is lawful if it is necessary for the performance of a contract to which the data subject is a party.
Personal data included in the résumé.
Understanding the candidate’s knowledge and experience
GDPR Article 6(1)(a), the data subject’s consent.
Notes taken during the introductory conversation (the candidate’s salary expectations, experience, interests, and expectations).
Understanding the candidate’s salary expectations, experience, and other expectations.
GDPR Article 6(1)(f), the data controller’s legitimate interest. The data controller is entitled to know the applicants’ salary expectations and practical experience. The data controller has conducted a legitimate interest assessment (LIA) to balance the interests of both the data subject and the controller.
The name of the data subject, mother’s name, place and date of birth, tax identification number, address, social security number, start date and duration of employment, salary.
Conclusion of an employment contract between the data controller and the data subject.
GDPR Article 6(1)(b) allows data processing when it is necessary for the performance of a contract to which the data subject is a party.
The name of the data subject, mother’s name, place and date of birth, tax identification number, address, start date of insurance relationship, insurance relationship code, termination of the insurance relationship, duration of any suspension of the insurance, weekly working hours, and FEOR number. Other personal data required for payroll: number of the employee’s children, name and account number of the designated bank account holder, relevant health/social data.
The lawful operation of the data controller (fulfillment of reporting obligations to the National Tax and Customs Administration (NAV) and other authorities).
GDPR Article 6(1)(c) allows data processing when it is necessary for compliance with a legal obligation to which the data controller is subject.
The name and e-mail address of the data subject
Sending newsletters (informing of opening positions and other news).
GDPR Article 6 (1) (a), the data subject’s consent, Article 6 (1) (f), processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Preamble 47: The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller (…) The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.
The name, corporate email address, professional experience, and position of the data subject.
Providing information to existing and potential clients, candidates, and other interested parties on the website. (Other marketing activities and presenting the management.)
GDPR Article 6(1)(a): the consent of the data subject.

The transfer of personal data, the recipients of the transfer

  1. The data controller forwards applicants’ CVs to its clients. The data subject is informed of the fact and the recipient of the data transfer prior to any transfer of data.
  2. The payroll administrator (data processor) acting on behalf of the data controller: PGY Consulting Financial and Accounting Services Limited Liability Company; 13162670-2-13; 2330 Dunaharaszti, Gólya Street 4, Building A.
  3. Regarding the Singapore project, Silurus Software Kft. and Silurus Singapore LLP (UEN: T24LL1036D, 1C Ridley Park, #04-02, Tanglin Park, Singapore (248469), represented by András Török, Managing Director) act as joint data controllers.

The duration of personal data storage, or the criteria for determining this duration

  • The data controller is required to retain the employee’s documents and data related to their social security relationship for five years after the employee reaches the applicable retirement age, in accordance with Section 99/A (1) of Act LXXXI of 1997.
  • The data controller retains the other personal data of the employees concerned for 10 years following the termination of the employment relationship.
  • The data controller retains the personal data of unsuccessful candidates for 8 years.

The right to lodge a complaint with a supervisory authority

The data subject may submit a complaint to the National Authority for Data Protection and Freedom of Information (NAIH)

  • 1363 Budapest, Pf. 9.
  • 1055 Budapest, Falk Miksa Street 9-11
  • Website: naih.hu

The source of personal data

The data controller obtains personal data from

  • the data subject and
  • from LinkedIn under the FP4P auto provisioning cap contract for SILURUS SOFTWARE KFT.

Additionally, it acquires data through the following recruitment agencies:

  • Moana Software Magyarország Kft., 12709407-2-41, 1025 Budapest, Zöldlomb Street 32-34/b. 4th floor 16.
  • Human Consulting Kft., 13660006-2-42, 1161 Budapest, Csömöri Road 70.
  • Real Options Kft., 29030350-2-43, 1183 Budapest, Móricz Zsigmond Street 25, Building A.
    STYLERS Kft., 22910323-2-41, 1138 Budapest, Madarász Viktor Street 47-49, Building 1, 2nd floor.

Information about the data subject's rights

From the data controller, the data subject has the right to

  • access to their personal data,
  • rectification,
  • deletion, or
  • restriction of its processing, and
  • may object to the processing of such personal data. Additionally, the data subject
  • has the right to data portability

The right of access by the data subject

The data subject may request confirmation from the data controller on whether their personal data is being processed. If so, they can access the following information:

  • The purposes of processin
  • Types of personal data processed
  • Recipients of the data, including international transfers
  • Planned retention period or criteria for determining it
  • Data subject rights (rectification, erasure, restriction, objection)
  • Right to lodge a complaint with a supervisory authority
  • Source of data if not obtained from the data subject
  • Existence of automated decision-making, including profiling, and its consequences

If data is transferred internationally, the data subject can request details of the safeguards in place.

They can also request a copy of their personal data, with potential administrative fees for additional copies. The request must not infringe on others’ rights and freedoms.

The Right to Rectification

The data subject may request that the data controller correct inaccurate personal data concerning them without undue delay. Considering the purposes of the data processing, the data subject may also request the completion of incomplete personal data, for instance, by submitting a supplementary statement.

A törléshez való jog („az elfeledtetéshez való jog”)

The data subject can request the data controller to erase their personal data without delay if:

  • The data is no longer necessary.
  • Consent is withdrawn, and no other legal basis exists.
  • The data subject objects, and there are no overriding legitimate grounds.
  • The data was processed unlawfully.
  • The data must be deleted to comply with a legal obligation.
  • The data was collected in connection with information society services.

Erasure is not required if data is needed for

  • freedom of expression,
  • legal obligations,
  • public interest,
  • health,
  • research, or
  • legal claims.

The Right to Restriction of Processing

The data subject can request the restriction of data processing if:

  • They contest the accuracy of the data (for the time needed to verify it).
  • The processing is unlawful, but they prefer restriction over deletion.
  • The controller no longer needs the data, but the data subject requires it for legal claims.
  • The data subject has objected, pending the establishment of overriding legitimate grounds.

If the processing is restricted, the data may only be stored unless the data subject consents, or the data is needed for legal claims, the protection of others’ rights, or for important public interest reasons.
Notification of Lifting: The data controller will inform the data subject in advance if the restriction on data processing is lifted.

Notification Obligation Regarding Rectification, Erasure, or Restriction of Processing

The data controller is obliged to notify all recipients with whom the personal data has been shared about any rectification, erasure, or restriction of processing, except when this proves impossible or would require disproportionate effort. Upon the data subject’s request, the data controller will inform them about these recipients.

The Right to Data Portability

  • Right to Data Portability: The data subject may request to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format. Additionally, they may request that these data be transmitted to another data controller, if
    • The processing is based on consent or a contract, and
    • the processing is carried out by automated means.
  • Direct Transmission of Data: The data subject may request the direct transmission of their data from one data controller to another, if technically feasible.
  • Restrictions: The right to data portability must not infringe on the right to erasure (Article 17) and does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • Rights of Others: The right to data portability must not adversely affect the rights and freedoms of others.

The Right to Object

  • Objection to the Processing of Personal Data: The data subject may object at any time to the processing of their personal data when it is based on Article 6(1)(e) or (f), including profiling. The data controller may continue processing only if they can demonstrate compelling legitimate grounds that override the data subject’s rights or are related to legal claims.
  • Objection to Direct Marketing: The data subject may object to the processing of their personal data for direct marketing purposes, including profiling, at any time. In this case, the data can no longer be processed for this purpose.
  • Notification of the Right: The data subject must be informed of their right to object clearly and separately from any other information at the first point of contact.
  • Automated Tools: The data subject may exercise their right to object through automated means when using information society services.
  • Scientific and Historical Research: The data subject may object to the processing of personal data for scientific and historical research or statistical purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

Rights Related to Consent

  • Consent can be withdrawn at any time, and such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.