top of page

Privacy Statement

of Starge Humán ErÅ‘forrás Tanácsadó ltd

 

 

  1. The Data Controller, Effect of the Statement

 

Data Controller: Starge Humán ErÅ‘forrás Tanácsadó Ltd.

Seat: Markó utca 7., HU-1055 Budapest

E-mail: info@stargeleadership.com

 

Effect: This Privacy Statement (Statement) will take effect on January 3, 2022.

​

Purpose, legal basis of the processing, transfer of personal data, rights of data subjects:

Purpose is the processing:

​

  • Contact the Data Subject

  • Perform executive search for the Data Controller’s Clients

  • Assessments of the relevance of Data Subjects career path and profile, references, conduct interviews, evaluation

  • Present candidates and transfer of the personal data to the Client for its selection

  • Maintain website, ensure the data security, troubleshooting and maintenance

  • Handling eventual complaints and requests

​

Legal basis for the data processing:

  • consent of the data subject

  • legitimate interest of the Data Controller

  • Recipients of the data

  • The Data Controller discloses the information to its Clients, Subcontractors for executive search, IT service providers, legal advisers that need to know, assessment test company

​

Rights of the Data Subject:

  • information, access his/her personal data; rectification, deletion of the data, object or restrict of the processing of the personal data, data portability; filing a complaint with a supervisory authority; withdrawing the consent for the future processing

 

 

​2. The Source of Data

 

The processed data are provided by the Data Subjects, by the contractual partners of the Data Controller, or the databases and websites to which the Data Controller or its employees or subcontractors have access under the conditions applicable to the given database.

 

The Data Controller requests the Data Subjects to provide only accurate, real data and notify any changes without delay. The Data Controller may periodically request and alert the Data Subjects on e-mail to update their data if there is a change.

 

3. Data Processing

​​

Purpose of the data processing : Contact and cooperation, communication with Clients, agents, subcontractors or other partners (together partners)

  • Categories of personal data processed: Business contact information: name, e-mail address, phone number, message, job title or position.

  • Legal basis of the processing : The Data Controller's legitimate economic interest is to keep in touch with the partners' contacts to answer questions and requests flexible, multi-channel communication, facilitate the conclusion of contracts with the partners, and the performance of the concluded contracts. Job title or position of the contact persons allows for consultation with the competent employee, so the Data Controller only contacts and maintains contact with the employee who has the task and competence for the given question.
    (Article 6 (1) () of the GDPR)

  • Data storage period: As long as there is a legitimate interest of the Data Controller, typically until the notification of termination of the contact status received from the organization or the data subject.

 

Purpose of the data processing: Sending marketing materials, advertisements, promoting the activities of the Data Controller

​

  • Categories of personal data processed: name, e-mail address

  • Legal basis of the processing: Consent of the Data Subject (Article 6 (1) (a) of the GDPR)

  • Data storage period: Until the withdrawal of the consent

 

Within the framework of a private employment placement agency activity (registration number: BP/0701/000896-1/2022-1290), the Data Controller carries out a search, vet, perform assessment and introduce senior, executive or other highly qualified candidates to its clients.

 

Executive search

​

Purpose of the data processing : Identify the potential candidates. Search Data Subject's publicly available data to find candidates who might be suitable for and interested in a particular job.

​

  • Categories of personal data processed: name, current and former job title or position, main information of the published CV and professional activities.  

  • Legal basis of the processing: Such information is essential for Data Controller's professional activity. The Data Controller's legitimate interest is to collect the data available on LinkedIn to find potential candidates for a specific position. LinkedIn is a social network that focuses on professional networking and career development therefore the Data Subject may expects that his/her data will be used for this purpose. (Article 6 (1) (f) of the GDPR)

  • Data storage period: As long as the legitimate interest of the Data Controller exists. (See your right to object below)

​

 

Purpose of the data processing: Contact and communicate with the Data Subject. Request information from the Data Subjects whether they are open to a job application

​

  • Categories of personal data processed: name, e-mail address, phone number, message, job title or position

  • Legal basis of the processing: The Data Controller's legitimate interest is to contact and communicate with the potential candidates who have posted their contact information on LinkedIn (Article 6 (1) (f) of the GDPR).

  • Data storage period: As long as the legitimate interest of the Data Controller exists. If the Data Controller collected the Data Subject's consent to process the personal data for screening, interviews and assessments, the data will be stored according to the information provided for that purpose. In lack of Data Subject's answer, no longer than ten days after the date of sending the request for consent.

 

Purpose of the data processing:  Contact and communicaton with the Data Subject to conduct screening, interviews, and executive search assessments. Interviews and assessments for screening of the relevance of Data Subjects career path and profile to evaluate meeting the requirements of the given position. (responsibilities, knowledge, skills and attitudes, aligned with the Client's expectations and values to ensure the suitability of the candidates.)

 

  • Categories of personal data processed:

    • information provided by the Data Subject for contact and communication purposes name, e-mail address postal address, phone number

    • CV and cover letter information, professional experience, current and former employers, foreign languages, language skills, education background, studies, diplomas, certifications, special knowledge, nationality, photo, place of work, references, interview notes, expected salary, type of driving license, job expectations, conclusions drawn from the information as motivation, personality traits, professional strengths

  • Legal basis of the processing

    • Consent of the Data Subject (Article 6 (1) (a) of the GDPR)

  • Data storage period

    • Until the Client's selection process for the position is closed or the contract for executive search concluded by the Data Controller with the Client is terminated (which is earlier)

 

Purpose of the data processing: Check and evaluate the references provided by the Data Subject

​

  • Categories of personal data processedName, position, telephone or e-mail address, opinion of the reference provider person

  • Legal basis of the processing: The Data Controller's legitimate interest is to collect the information from the reference providers to verify the reference and use it for the Data Subject's evaluation for its executive search activity.
    (Article 6 (1)(f) of the GDPR)

  • Data storage period: Until the Client's selection process for the position is closed or the contract for executive search concluded by the Data Controller with the Client is terminated (which is earlier)

 

Purpose of the data processing: Evaluation of personality assessment tests conducted by a third party services provider as independent Data Controller for the executive search

​

  • Categories of personal data processed: assessment, the summary of the result of the tests

  • Legal basis of the processing: Consent of the Data Subject (Article 6 (1) (a) of the GDPR)

  • Data storage periodUntil Client's selection process for the position is closed or the contract for executive search concluded by the Data Controller with the Client is terminated (which is earlier). In case of warranty is undertaken by the Data Controller in the contract with its Client until the expiration of the warranty period. (maximum six months from the signing of the employment contract)

 

Purpose of the data processing: Presenting candidates and transfer of the personal data by the Data Controller to the Client for its selection process

​

  • Categories of personal data processedname, e-mail address, postal address, phone number, information collected for the former executive search process: assessment of the eligibility and selection conditions for a particular executive search: professional experience, employers, foreign languages, language skills, education background, studies, diplomas, certifications, special knowledge, nationality, photo, place of work, references, former expected salary, type of driving license, job expectations, cover letter data, conclusions drawn from the information as motivation, personality traits, professional strengths

  • Legal basis of the processingConsent of the Data Subject (Article 6 (1) (a) of the GDPR)

  • Data storage period: Until Client's selection process for the position is closed or the contract for executive search concluded by the Data Controller with the Client is terminated (which is earlier). In case of warranty is undertaken by the Data Controller in the contract with its Client until the expiration of the warranty period. (maximum six months from the signing of the employment contract)

 

Purpose of the data processing: Feedback on the effectiveness of the Data Controller's performance

​

  • Categories of personal data processed: Information about the acceptance or rejection of the candidate by the Client, the reason for the rejection

  • Legal basis of the processing: The Data Controller's legitimate interest receiving information on the selection decision of the Client, as feedback on the effectiveness of its activities and use such information for its process and business development.
    Article 6 (1) (f) of the GDPR)

  • Data storage period: No longer than three years

 

Purpose of the data processing: Handling Client warranty claims

​

  • Categories of personal data processed: data collected for screening, interviews and assessments or other executive search purposes as necessary for a potential warranty claim

  • Legal basis of the processing: It is the legitimate interest of the Data Controller to use the data for defence against legal claims arising from the Client contract related to candidates who have entered into an employment contract but their contract terminated within the warranty period (Article 6 (f) (a) of the GDPR)

  • Data storage period: Until the end of the warranty period undertaken by the Data Controller's in the Client contract (maximum six months from the signing of the employment contract).

 

Purpose of the data processing: Store and use personal information of the former executive search process and the updated information to contact, communicate and conduct screening, interviews and assessments for the future executive searches

​

  • Categories of personal data processed

    • information provided by the Data Subject for the former executive search process; name, e-mail address, postal address, phone number, assessment of the eligibility and selection conditions, professional experience, employers, foreign languages, language skills, education background, studies, diplomas, certifications, special knowledge, nationality, photo, place of work, references, expected salary, type of driving license, job expectations, cover letter data, conclusions drawn from the information as motivation, professional strengths, personality traits, acceptance or rejection of the candidate by the Client

    • Updated information provided by the Data Subject

  • Legal basis of the processing: Consent of the Data Subject (Article 6 (1) (a) of the GDPR)

  • Data storage period: No longer than three years. Within this period, until the Data Subject withdraws the consent or is an obligation to delete the information according to the GDPR

 

Purpose of the data processing: Proof of fulfilment of the Data Controller's contractual obligation

​

  • Categories of personal data processed: Name and position of the candidate on the certificate of completion.

  • Legal basis of the processing: Fulfilment of the legal retention obligation applicable to tax and accounting documents
    (Article 6 (1) (c) of the GDPR)

  • Data storage period: Until eight years according to Act C of 2000 on Accounting

 

Purpose of the data processing: Satisfaction measurement regarding the services of the Data Controller, development and improvement of the services

  • Categories of personal data processed: name of the person who completes the questionnaire, e-mail address, opinion

  • Legal basis of the processing: Data Controller's legitimate interest. The Data Controller's legitimate interest is to receive feedback on its services and use it to further develop and improve the quality of its services. (Article 6 (1) (f) of the GDPR).

  • Data storage period: Maximum of one year from the processing of the evaluation result

 

Purpose of the data processing: Handling complaints and requests of the Data Subject Use the data in eventual contractual or other dispute and legal proceedings (except warranty claims) arising from contracts concluded with the clients or subcontractors for defence

  • Categories of personal data processed: Name, address, e-mail address, the content of the complaint/request, and the answer, relevant information included in the performance-related documents

  • Legal basis of the processing: Data Controller's legitimate interest to handle the candidates' and contractual partners' complaints and legal dispute (Article 6 (1) (f) of the GDPR)

  • Data storage period: One year if there are no ongoing legal proceedings. In case complaint until closing it. (including the duration of the associated legal proceedings).

 

 

 

Purpose of the data processing: Maintain website, development, ensure data security, troubleshooting and maintenance

  • Categories of personal data processed: IP address, access logs, log files, error logs, browser ID, backup, security software-generated statistics

  • Legal basis of the processing: The Data Controller's legitimate interest is to maintain a secure, properly functioning website, develop the functions or design and ensure the data security(Article 6 (1) (f) of the GDPR).

  • Data storage period: The system stores logs and statistics for 30 days


Information about the cookies can be found in the Cookie Statement on the Data Controller's website.

 

 

Are you required to provide personal information?

​

The Data Subject is not obliged to provide his /her data for executive search and/or transfer candidates data by the Data Controller to the Client. Without the data, the Data Controller cannot perform the executive search conducted for its Client.

 

4. Joint Controllers
 

4.1     Subcontractors
 

If the Data Controller uses a sub-contractor as Data Controller to support its activity, with whom it qualifies as a joint data controller, the following applies:
 

  • The purpose of the Parties jointly determined is to find a candidate and evaluate his/her suitability for the specific position for the potential employer (the Client). The Parties agree on the necessary information, main processing activity and the data retention period.
     

  • Each data controller shall notify the Data Subject of the other data controller's data on a case-by-case basis.
     

  • The joint data processing period lasts until the transfer of the information by the Subcontractor to the Data Controller, in case of warranty, until the expiration of the warranty period.
     

  • Requests related to the processing of personal data, i.e. requests of Data Subjects, may also be submitted to each controller. The Data Subjects may exercise their rights under the GDPR in respect of and against each of the controllers.
     

  • Each Data Controller independently ensures the organizational and security measures for the data processing
     

4.2  Clients

​

  • If the Client and the Data Controller qualifies as a joint data controller, the following applies:
     

    • The purpose of the Parties jointly determined is to find a candidate and evaluate his/her suitability for the specific position. The Parties agree on the necessary information, main processing activity and the data retention period.
       

    • Each Party shall inform the Data Subject of the joint processing on its website or by any other appropriate means. Each data controller shall notify the Data Subject of the other data controller's data on a case-by-case basis.
       

    • Requests related to the processing of personal data, i.e. requests of Data Subjects, may also be submitted to each controller. The Data Subjects may exercise their rights under the GDPR in respect of and against each of the controllers.
       

    • The organizational and security measures for the data processing are independently ensured by each Data Controller.
       

    • Joint data processing lasts until the transfer of the information about the candidate to the Client. The joint processing shall not cover the data processing, where the Data Controller does not processes the personal data for its Agreement with the Client.

 

5. Transfer of personal data, recipients, data processors
 

Data Controller's employees shall only have access to the information that their job function requires. (need-to-know basis)
 

To whom will the Data Controller transfer the personal data (including access)? (the recipients)
 

It may transfer the personal data to its Client.
 

The Data Controller may use Subcontractors as Data Processors. Data Processors perform their activity on behalf of the Data Controller.
 

The Data Controller shall notify the Data Subject of the name of its Client and the Subcontractors involved in the data processing on a case-by-case basis

​

6. Recipients

 

To whom the Data Controller may transfer the personal data (recipients)?

- Clients

- Subpcontractors for executive search

- IT service provider, web developer if it provides maintenance:

- Cloud service application providers (software as service) (WIX, IkiruPeople, Microsoft Ireland Operations, Ltd)

- Accounting and payroll service provider

- Advisers that need to know

 

7. Information on the transfer of personal data to a third country

 

If the Data Controller transfers personal data into a third country, the EU General Terms and Conditions (EU GTC)​

https://eur-lex.europa.eu/legal-content/HU/TXT/HTML/?uri=CELEX:32021D0914&from=EN shall apply.

​

The applicable module of the EU SCC will be determined by the role of the data importer and exporter (Controller and/or Processor) under the circumstances of each case.They are responsible for the appropriate obligations under the applicable module.

​

Rights of the Data Subjects

 

Access

 

The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the processing related information:

 

Rectification of inaccurate data

 

The Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

Deletion

 

The Data Subject may request the deletion of his or her personal data for one of the following reasons exists:

  •  the Data Controller no longer needs the personal data for the purpose for which they were collected or otherwise processed;

  • the data processing is based on the Data Subject's consent, but the data subject has withdrawn it, and there is no other legal basis for the data processing;

  • the data processing is based on the legitimate interest of the Data Controller or a third party, but the Data Subject has objected to the data processing, and there is no overriding legitimate reason for the data processing;

  • personal data was processed unlawfully by the Data Controller;

  •  the deletion of personal data is necessary to fulfil a legal obligation.
     

Objection

 

The Data Subject may at any time object to the processing of data for his or her own legitimate interests or for the legitimate interests of a third party, if the legal basis is a legitimate interest. In this case, the Data Controller may not further process the personal data, unless it proves that the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or protection of legal claims. This means that the Data Controller conducts a legitimate interest test in order to prove that the interest in data processing is so important that it precedes the importance of protecting the interests, rights and freedoms of the Data Subject. This right does not apply if the processing of the personal data is necessary to take pre-contractual steps or to fulfil a contract that has already been concluded.

 

​Restriction

​

The Data Subject may request that the Data Controller to restrict the processing of his or her personal data if one of the following circumstances is met:

 

  • The Data Subject disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data;

  • The processing is illegal, but the Data Subject opposes the deletion of the data and instead requests that its use be restricted;

  • Personal data are no longer required for the purpose for which they were processed, but the Data Subject may request their storage in order to present, enforce or protect his or her rights;

  • The Data Subject protested against the data processing; in this case, the restriction shall apply for the period until it is established that the legitimate reasons of the Data Controller take precedence.

 

If the processing is restricted, such personal data may be processed in a manner other than storage only if:

  • the data subject consents, or

  • necessary to bring, assert or defend a legal action, or - necessary to protect the rights of another person,

  • or necessary in the overriding public interest.

 

The Data Controller shall inform the Data Subject in advance of the lifting of the restriction on data management.

The Data Controller shall inform the Data Subject whose personal data have been transmitted, unless this would be impossible or disproportionate.

 

Data Portability

 

In the case of consent-based or contract-based automated data processing, the Data Subject may request that the Data Subject's data relating to him or her be transferred to another data controller and/or that the Data Subject receive personal data in a widely used machine-readable format.

​

Withdraw the consent

If the processing is based on the Data Subject's consent, the Data Subjects has the right to withdraw their consent at any time. The Data Subject may send a withdrawal message to the contact details of the Data Controller in this Statement. (first section)

 

8. Information about automated decision making and profiling

 

The Data Controller does not use decision-making or profiling based on an automated processing if it has legal effect. It does not decide based on solely automated processing. Substantial human intervention will take place in all cases.

 

9. Complaint handling, legal remedy

 

Data Subject's questions, requests, and complaints related to data processing can be sent to the Data Controller at the address indicated at the beginning of this Statement. The Data Subject shall also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

National Data Protection and Freedom of Information Authority in Hungary: 1055 Budapest, Falk Miksa utca 9-11. 3., Postal address: 1363 Budapest, Pf .: 9. 4.

Data Subject may also apply to the relevant court if he or she believes that the Data Controller or the Data Processor is processing the personal data in violation of the law.

 

10. Data Security

 

The Data Controller protects the confidentiality and security of the data with technical and organizational measures.

​

 
Legal Notice

 

Information, posts and other content available on this website is provided without any warranties or representations, express or implied. Starge makes every effort to keep content up-to-date and accurate, however, we make no warranties or representations about the accuracy of the site content. Starge shall not be liable for any direct or indirect damages arising out of use or misuse of any content provided here.

All content provided here is the property of Starge Kft. or its content suppliers and partners and is protected by relevant local and international copyright laws.

 

Starge is committed to provide equal employment opportunity for all applicants regardless of gender, age or minority group. We comply with all applicable laws and policies prohibiting discrimination and promote diversity in work place.

 

Our service is provided by:

 

STARGE Humán ErÅ‘forrás Tanácsadó Kft.

1055 Budapest Markó utca 7.

Legal Representative: Eva Gombas

Company registration No.: 01-09-394666

Tax No.: 27557457-2-41

 

Contact: info@stargeleadership.com

bottom of page