Privacy brief

On the processing of curricula vitae received by UpScale IT Kft.

Dear Applicant,

thank you for honoring us with your confidence by sending us your job application and curriculum vitae. Before we start the evaluation process, please read our Privacy Brief.

1. Data of the controller

Name of the controller: UpScale IT Kft.
Registered seat: 1138 Budapest, Váci út 135-139. “C” épület 1. emelet

2. Purpose of the processing

The purpose of the data processing is the processing and registration of job applications and curricula vitae sent us for openings and for registration in the electronic database, for the purpose of recruitment and selection.

3. Legislative context of the processing

The processing, storing, recording and transferring of the personal data specified in this privacy brief shall be carried on the basis of and in accordance with Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: ‘the Privacy Act’) and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter: ‘GDPR’).

The legal basis for processing: the processing is legal based on point b) (the decision on the application is considered a necessary prior step to entering into the labor contract) and point f) (the decision on the job application is in the interest of both the controller and the data subject) of Article 6 (1) of GDPR.

If your job application is refused but you wish your CV or job application to remain in our system for a further one year allowing us to contact you regarding future positions and possibilities, you need to grant your consent thereto in a separate declaration. Should you wish to grant your consent, please send us the following text in your response letter:

„I hereby grant my consent to Upscale IT Kft. to process my curriculum vitae and job application for a further 1 year after the end of the evaluation process in accordance with the privacy brief sent to me and to keep me informed on any future openings or possibilities to apply for any other working relationships, using the contact details provided by me. ”

„Signature” (please type your full name at the end of the email)

4. Scope of the processed data and period of processing

UpScale IT Kft. shall process, record and store the data in job applications, CVs, cover letters and other documents sent to us, as personal data, at latest until the decision on the position applied for, or for a further 1 year if consent is granted. After this, the processed data shall be automatically destructed, deleted. In case of a successful application, UpScale IT Kft.’s document called Privacy Brief for Employees shall apply to you from the commencement of the employment, which will be personally handed over to you upon signing the labor contract.

The controller hereby informs you that the controller may inspect any public data of the applicants disclosed in social media based on the CVs sent to the controller, contact former employees to check references, request a certificate of good conduct and make records of the applicant in the evaluation process, which are also considered personal data of the applicant.

The processed data shall be used exclusively in the recruitment and selection process or for deciding whether the applicant concerned would be fit for another opening.

5. Access to the data

The job applications and CVs will only be processed by the employees of UpScale IT Kft. entitled to do so. UpScale IT Kft. will not, save in cases allowed by the law, forward the job applications and CVs to any third parties for statistical or any other purposes, publicly disclose them, and will provide information on the evaluation of the job applications and CVs only upon the request of and to the data subject.

6. Security of processing

UpScale IT Kft. gives high priority to ensuring the secure storing and safeguarding of the job applications and CVs. The controller protects the electronic database with passwords and setting eligibility levels for access against unauthorized access, alteration, disclosure, deletion or destruction.

7. Rights related to the data processing and remedies

You, as data subject, may request information on the processing of your personal data in accordance with Article 13 of GDPR; you have the right, in accordance with Article 15, to access the personal data and the information listed in the Article; in accordance with Article 16, you haves the right to obtain the rectification of your personal data; in accordance with Article 17, you have a right to erasure, or right to restriction of processing in accordance with Article 18; may object to processing your personal data in accordance with Article 21; and in cases listed in Article 20 you have the right to data portability. These rights are not absolute rights, the requests of the data subjects are possible to be complied with only in the cases the criteria listed in the aforementioned provisions of law are met. You shall send your requests to exercise your rights to the email address You shall receive an answer for such requests from the controller in 1 month.

In accordance with Section 22 of the Privacy Act, in the event of any infringement of his or her rights, the data subject may turn to court action against the controller and, in accordance with paragraph (1) of Section 52, he or she may request an investigation from the National Authority for Data Protection and Freedom of Information alleging an infringement relating to his or her personal data, or if there is imminent danger of such infringement. The action shall be heard by the competent tribunal. If so requested by the data subject, the action may be brought before the tribunal in whose jurisdiction the data subject’s home address or temporary residence is located.

Applicable from 01.02.2019 (date of last modification: 23.01.2023.)