Man at Work - Data protection statement

Man at Work Humánszolgáltató és Személyzeti Tanácsadó Kft. (head office: 8272 Óbudavár, Fő út 31.) and MaW Kft. (head office: 1013 Budapest, Pauler utca 18.) – hereinafter jointly: Data controllers – recognise and support the rightful interests of persons to data protection, protect personal rights and respect these when collecting, handling and processing personal data.

In order to ensure that the collection, processing and handling in any way of personal data meets the data protection prescriptions of the effective legislation, particularly Act CXII of 2011 on the Right of Informational Self-determination and on Freedom of Information (hereinafter: Info Act), data controllers conduct the management of personal data in the course of their economic activities in terms of the prescriptions of the following data protection and data management regulations:

1. The legal basis for data management

According to Point a) of § (1) 5 of the Info Act, data management is based on the agreement of the affected person. The person concerned agrees that MaW Kft. conducts data collection services for Man at Work Kft. and that Man at Work Kft. can forward data and provide access to data to MaW Kft. in order to achieve the goals of data management.

Data of data controllers:

MaW Kft.
Man at Work Kft.
cégjegyzékszám: 01-09-189287 cégjegyzékszám: 19-09-504423
Székhely: 1013 Budapest, Pauler utca 18. Székhely: 8272 Óbudavár, Fő út 31.
Képviseli: Kasza Gabriella Képviseli: Ottó Csaba
telefon: (88) 400-453 telefon: (88) 400-453
e-mail: e-mail:





2. Why do we collect and manage data?

Personal data is exclusively collected and managed for the purpose of the company’s own employee leasing activities, to offer job opportunities to those concerned and to enter such work contracts. The personal data managed by the company is directly collected from those concerned, with their agreement, always in harmony with the effective legislation.

The further aims of data collection – among others – are to inform job seekers about job opportunities matching their competences and professional expertise; to continuously keep the data base at their disposal up-to-date, to inform employers about the potential candidates and to perform other administrative tasks.

3. What type of information do we collect?

Data controllers receive, handle and store personal data exclusively related to job applications. Job seekers can send us these data electronically or by post and they are stored in the central data base of Man at Work Kft. The company receives further personal data from the employees when they apply for a job or participate in a job interview.
Other special data is exclusively collected when there is a special reason for this, prescribed by legislation (e.g. it is prescribed by occupational safety regulations) or if the person concerned gives us written permission concerning this.
Please do not include special data in the C.V. uploaded during the online registration.
According to Point 3. of 3. § of the Info Act, special data is personal data related to race, nationality and ethnical minority, political opinion or party membership, religion or other belief, membership in representative associations, sexual life; or data concerning health condition, addictions or criminal record.

4. What data do we manage?

The data controllers handle and store the following data related to job seekers:
• surname
• first name
• gender
• nationality
• date and place of birth
• e-mail address
• telephone number
• address (zip code, settlement, street, house number)
• qualification(s)
• qualification(s) received outside the school system
• duration of work at previous workplaces (place of work, position)
• command of foreign languages, levels
• C.V.s
• motivation letters
• references
• expected salary
• requirements and selection criteria related to the sought position (place of work, sector)
• registration data (user name, password)

5. Who to and how do we forward personal data?

Without the special agreement of the person concerned, the personal and special data put at the company’s disposal as well as information related to your person is only handled internally.
The full application is only forwarded to third parties, i.e. to our clients with the agreement of the person concerned. This agreement may be given by signing the authorisation in the data protection statement on getting in touch with us or following this, after electronic, written or phone negotiations.

You can find the list of our clients here.

6. What security and data protection measures are applied?

The storage and processing of personal data may take place on the data controllers’ premises. Security measures are taken in order to preserve the confidentiality of personal data, and to meet the prescriptions of the effective legislation. These are administrative, IT and physical measures protecting the confidentiality and safety of personal data from unauthorised access, alteration, forwarding, publication, deletion, annihilation, accidental destruction or the inability to access the data due to technical reasons.

7. What is the period of data management?

The personal data of job seekers are only managed to the extent and for the duration of the time necessitated by reaching their goal. Registration can take place on the website or via e-mail. All data and documents of the person concerned are deleted from our data base on the written or electronic request of the person concerned.

8. How can personal data be modified?

Everybody has the opportunity to change, update or delete their personal data. Changing the data in our data base is possible by post – addressed to our customer service offices – or via the phone.

9. How can I delete my data?

By accepting the data protection statement, you agree that your data can only be deleted from the company’s data base on written request. The information is then deleted from the data base within 8 working days of receiving the request. The request shall be posted to the office registering the data or sent to the e-mail address

10. Modifying the data protection statement

The data controllers maintain the right to modify the statement; however, the reviewed statement is always visibly displayed on their homepage.

11. Information concerning the rights of those concerned and concerning legal remedies.

Those affected have the right to object to the management of their data and to request the termination of data management and the deletion of the managed data.
The persons concerned can request the data controllers for information concerning the management or modification of their personal data.
On request, the data controllers give information concerning the data of the affected person they manage, the processed data of the person and the source of such data, the aim of data management, its legal basis, duration, the name and address of the data processor, the activities related to data management, furthermore, if the personal data of the person affected are forwarded, the legal basis and the addressee of the data. On the written request of the person concerned, the data controllers shall send clear, written information in the shortest possible time after submitting the request, but within 30 days at the latest. Giving information is free of charge, if the person requesting information has not yet submitted a request for information to data controllers in the same year. In other cases, there may be a charge for granting the request. The fee can also be defined in the contract between the parties. The paid fee shall be refunded if the data has been illegally managed or the request for information has led to the correction.
Data controllers can only refuse informing the person concerned in cases defined by Point (1) of 9. § and 19. § of the Info Act.
If the person concerned is denied information, data controllers shall inform the person affected about which prescriptions of effective legislation served as the legal basis for the refusal. In the case of refusal to give information, data controllers inform the person concerned about the opportunity for legal remedy at court and the option to turn to the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter: Authority).
If the personal data is not correct, and the correct personal data is at the data controllers’ disposal, they correct the personal data.
The personal data shall be deleted if their management is illegal; the person concerned requests it based on Point c) 14. § c) of the Info Act; the data is incomplete or incorrect – and this cannot be legally remedied – providing that deletion is not excluded by legislation; the aim of data management has ceased, the deadline prescribed by law for the storage of personal data had expired; or it has been ordered by court or by the Authority.
Data controllers block personal data instead of deleting them if requested by the person concerned or if it can be presumed – based on the information at their disposal – that deletion would violate the legitimate interest of the person concerned. The personal data blocked in this way can only be managed as long as the data management aim excluding deletion of the personal data exists.
Data controllers mark the personal data they manage if the person concerned has doubts regarding their correctness or accuracy but the incorrectness or inaccuracy of the personal data cannot be clearly established. The person concerned as well as all those who have been forwarded the personal data for the purpose of data management have to be notified about corrections, blocking, marking and deletion. Notification is not necessary if it does not violate the legitimate interests of the person concerned in terms of the aim of the data management. If the data controllers do not fulfil the request of the person affected concerning correction, blocking or deletion, they shall inform the person concerned about the factual and legal grounds for rejecting the request for correction, blocking or deletion in writing within 30 days of receiving the request. If a request concerning correction, blocking or deletion is rejected, data controllers inform the person concerned about their opportunity for legal remedy and about the option to turn to the Authority.

The person concerned can object to the management of their personal data
• if managing or forwarding the personal data is exclusively necessary in order to fulfil legal requirements concerning the data controllers or for the validation of the legitimate interest of the data controller, data importer or third party, excepting the case of mandatory data management;
• if the personal data are used or forwarded for the purpose of direct marketing, general public opinion survey or scientific research;
• and in other cases defined by legislation.

Data controllers examine the objection in the shortest possible time after submitting the request but within 15 days at the latest, make a decision concerning its justification and inform the applicant about the decision in writing.

If the data controllers establish the justification of the applicant’s claim, data management – also including further data collection and data forwarding – is terminated, the data are blocked and all those are informed about the objection and the measures taken based on this objection who had received the objected personal data and who shall take action in order to grant the right to object. If the person concerned does not agree with the decision of the data controllers, or if the data controllers do not keep the deadline of 15 days, the person concerned can turn to court within 30 days of being informed about the decision or within 30 days of the last day of the deadline in the manner detailed in the Info Act.

If the data importer does not receive the data necessary to exercise their rights – owing to the objection of the person concerned – the data importer can take the data controller to court in order to receive the data within 15 days of receiving notification from data controllers concerning the justification of the objection. Data importers can even take the person concerned to court.

If data controllers fail to perform their notification obligation, the data importer can request information about the circumstances of the failure in data importing from data controllers, who shall reply within 8 days of receiving the request of the data importer for information. If information is requested in this way, the data importer can take the data controllers to court within 15 days of receiving information but within 15 days from the deadline for the information obligation at the latest.

Data controllers cannot delete the data of the person concerned if data management is prescribed by law. The data, however, cannot be forwarded to the data importer if the data controllers agree with the objection or the court has ascertained the justification of the objection. The data importer can take the data controllers to court if the rights of the person concerned are violated or in the cases of objection to the management of personal data as defined above. Such cases are given priority by the court.

Data controllers shall prove that data management happens in harmony with the legislation. In cases according to (5) and (6) of 21. §, the data importer shall prove the legality of data forwarding.

The trial shall be processed by tribunal. The person concerned may choose to file a suit at the tribunal of their permanent residence or place of stay. A person who does not have legal capacity can also be a party to the legal proceedings. The Authority can intervene in the court proceedings to guarantee the success of the person concerned in the legal proceedings.

If the court accepts the application, the data controllers are obliged to give information, correct, block or delete the data, to annihilate the decision made via automated data processing, to consider the right to objection of the person concerned and to submit the data –detailed by 21. § of the Info Act – requested by the data importer.

If the court rejects the claim of the data importer in cases defined by 21. § of the Info Act, data controllers shall delete the personal data of the person concerned within 3 days of receiving the court ruling. The data controllers shall also delete the data if the data importer does not turn to court within the deadline prescribed by (5) and (6) of 21. § of the Info Act.

The court can rule the publication of its decision as well as the data identifying the Data controller if this is required by the interests of data protection and the rights granted by law of a large number of persons concerned.

14 May 2015

Man at Work Kft. - NAIH-73314/2014.
MaW Kft. - NAIH-85575/2015.
(Private employee placement registration number: 1237/2001.)
(Employee lease registration number: 3440/2001.)
(Data protection registration number: NAIH-73314/2014.; NAIH-85575/2015.)

<< Vissza