Privacy Policy | Manpower Hungary

Manpower Munkaerő Szervezési Kft. and Manpower Business Solutions Kft. (hereinafter "Manpower" or the "Data Controller") is a franchise partner of ManpowerGroup, the world's leading workforce services company, connecting hundreds of thousands of workers and companies around the world every day, providing solutions to address international and local labour market challenges.

Our name and reputation are synonymous with reliability, a principle that permeates everything we do. Our clients trust us with valuable data and we take the trust they put in us seriously.

Manpower is committed to protecting the personal data of its clients, and is committed to respecting its clients' right to information privacy. Manpower treats personal data confidentially and takes all security, technical and organizational measures to ensure the security of the data.

It is Manpower's priority to fully comply with the applicable data protection legislation, in particular Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation; hereinafter "GDPR"), and with the applicable Hungarian legislation, in particular Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

The purpose of this privacy policy (hereinafter referred to as "Policy") is to inform people who come into contact with Manpower, either through its website or through its employees, about how Manpower intends to process their personal data.

Data Controller

The Data Controller is Manpower Munkaerő Szervezési Kft. (1133 Budapest, Váci út 76; company registration number: 01-09-069811). The Data Controller exercises control over personal data, determines the purposes and means of the processing of personal data. Some personal data may also be processed by Manpower Business Solutions Kft. (1133 Budapest, Váci út 76; company registration number: 01-09-887667) as the controller, or may be jointly controlled with the Controller.

In cases where this is specifically provided for in this Policy, Manpower Munkaerőszervezési Kft. and Manpower Business Solutions Kft. will act as joint controllers, given that they jointly determine the purposes and means of the processing.

The purpose of this Policy

This Policy applies

to our job applicants and to persons using our career services (career coaching, career counselling, etc.) (collectively referred to as "Job Applicants") whether you have applied for a specific job posting or registered in our candidate database, including cases where you visit our Facebook page or other social/professional network page (e.g. Instagram, LinkedIn) and apply for a job posting through it,
to our permanent or temporary employees (i.e. persons who are hired or outsourced to one of our principals ("Partner") or in connection with certain assignments, or to persons for whom we provide outplacement or career change services) (collectively, "Permanent and Temporary Employees"),
to users of the website ( www.manpower.hu ), applications listed herein and all related online services provided through them (the "Site") (collectively, "Site Users"), and
representatives and contacts of our business partners, principals and subcontractors (collectively, "Contacts")
to participants in prize draws, contests, or similar promotional activities organized or administered by us (collectively, "Participants")

This Policy does not apply to our employees at our corporate headquarters and country offices who are employees of Manpower and who work directly for Manpower and not directly for any of Manpower's principals.

This Policy describes the types of personal data and personal information we collect, the uses to which we put that data and information, the treatment and protection of the data and information we collect, the length of time we keep it, the parties with whom we share or to whom we transfer it, and the rights that data subjects have in relation to the use of their personal data.

We also explain how you can contact us about our privacy practices and exercise your rights. Our privacy practices may vary in the countries in which we operate, reflecting local practices and legal requirements. Please visit our local Sites for specific local conditions.

Click on any of the links below to jump to the section listed:

I. What information we collect
II. How we use the information we collect
III. How we handle and protect personal information
IV. How long we store the information we collect
V. What information we share
VI. Transfer of data
VII. Specific processing carried out by the Data Controller
VIII. Your rights and choices
IX. Updates to our privacy notice
X. How to contact us

I. What information do we collect?

We may collect personal information about you in a number of ways, such as through our websites and social media channels, at our events, via phone, through job applications, in connection with recruitment and interviews with our clients, and you can also contact us at any time. We will ensure that data protection rules are respected at all times when collecting, processing and storing data.

Depending on the nature of the contact, we may collect various personal data, including but not limited to the following:

contact details (such as name, postal address, email address and telephone number);
username and password when you register on our Sites;
other information that you may provide to us, for example, in the context of job applications or surveys, or through the "Contact Us" feature on our Sites;
when you contact us, the content of any emails (correspondence) or telephone conversations you have with us.

Manpower, as organizer of the prize draw, collects your name and e-mail address if you share it as the Participant of the prize draw. If you become the winner, we will contact you and request additional information required for delivering the prize:- delivery address, telephone number, or information necessary for digital delivery (e.g., for gift cards), as applicable

Processing of data of minors

On behalf of minors under the age of 14 and persons who are otherwise incapacitated, consent may be given by their legal representative in accordance with the provisions of the Civil Code. A minor aged 14 or over but under 16 and a person who is otherwise incapacitated may give consent to data processing with the consent or subsequent consent of his or her legal representative. A minor aged 16 or over may give consent on his or her own initiative, without the need for the consent or subsequent approval of his or her legal representative. The Data Controller is not in a position to verify the eligibility of the person giving the consent or to know the content of the legal representative's declaration, so you or your legal representative shall ensure that the consent is in accordance with the law. When using Manpower's services or Sites, the legal representative will be deemed to have given his or her consent.

Management of special personal data

With the exception of certain rare cases, the Data Controller does not ask you to provide special personal data.

II. How we use the information we collect

Manpower only handles personal data in compliance with the following principles defined in the GDPR:

Personal data:

it must be handled legally and fairly, as well as in a transparent manner for the data subject ("legality, fair procedure and transparency");
it should only be collected for specific, clear and legitimate purposes, and it should not be handled in a way that is incompatible with these purposes; further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose ("purpose limitation");
they must be appropriate and relevant from the point of view of the purposes of data management, and must be limited to what is necessary ("data economy");
they must be accurate and, if necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data management ("accuracy");
it must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may only be stored for a longer period of time if the personal data will be processed for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the appropriate technical and organizational measures prescribed in this regulation to protect the rights and freedoms of the data subjects subject to its implementation ("limited storage");

The Data Controller is responsible for compliance with the principles set out in this point and must be able to demonstrate such compliance ("accountability").

Purpose of processing

The Data Controller collects and uses the data for the following purposes, among others (as permitted by law):

With respect to Job Applicants:

Providing labour market solutions;
Contacting persons interested in or applying for our job applications and providing services related to the most suitable positions for them;
recruitment;
creating a user account when applying for a specific position;
using AI-assisted tool to support recruitment process, in particular for candidate pre-screening and communication in relation to active job opportunities.

With respect to Permanent and Temporary Employees:

Regarding recruitment, conducting the recruitment and selection process, recommending potential candidates to Partners,
in the case of temporary staffing, creating the employment relationship and making the employee available to the borrowing Partner.

For all parties concerned:

where permitted by law and in accordance with the Data Controller's Cookie and Advertising Policy, sending promotional material, notifications of available positions and other communications;
to the extent permitted by law, to send notices of and manage participation in special events, promotions, programmes, offers, surveys, competitions and market research*;
responding to enquiries and requests from individuals, whether you have contacted us via one of the forms on our website (contact form) or on additional available communication channels;
running, evaluating and improving our business (including developing, analysing and improving our services, managing our communications, conducting data analysis, and performing accounting, auditing and other internal functions);
conducting salary benchmarking, public opinion research, market research, measuring customer satisfaction and evaluating feedback*; and
the protection against, detection of and action to prevent fraud and other illegal activities, claims and other liabilities, where required by sector-specific legislation.

The legal basis for the processing under this point is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR) and your informed consent (Article 6(1)(a) GDPR) for the points marked with *.

Legal basis for processing

Manpower will ensure that all processing is carried out on the appropriate legal basis, which may be, for example, your consent, but also to comply with a legal obligation under the GDPR. Below is a summary of the legal basis on which we process your data.

a) Fulfilment of a contract, preparation of the conclusion of a contract

The legal ground for the fulfilment of a contract is used by Manpower in cases where the data processing is necessary for the conclusion, fulfilment, or termination of the contract.

This legal basis also includes processing prior to the conclusion of the contract which is necessary to take steps at the request of the data subject.

The data processed on this legal basis are typically provided by you at the time of the conclusion of the contract or are generated about you in the course of the fulfillment of the contract.

b) Compliance with legal requirements

Where you enter into a temporary employment relationship with us or we enter into an intermediary contract with you, we are required to process your data for the purposes of making certain notifications to the authorities, such as the tax or social security authorities, etc. In addition, in certain cases, we may be required to transfer your data by an authority or court decision or other regulations.

c) Consent

The Data Controller is entitled to process your personal data also on the basis of your consent, e.g. when creating a user account. Where a legal basis for consent is used, the Data Controller will in any case provide you with its privacy notice prepared in accordance with Articles 13 and 14 of the GDPR.

You have the right to withdraw your consent at any time, however, such withdrawal shall not affect the lawfulness of the processing based on consent prior to the withdrawal. The fact of withdrawal shall not in itself be prejudicial to you.

You may withdraw your consent in any of the following ways:

in writing, by letter, signed in a certified manner (in the case of a non-natural person customer, in accordance with a certified specimen signature);
electronically - after proper identification and authentication;
by telephone by means of an explicit and unequivocal statement (in which case the telephone conversation will be recorded);
in certain predefined cases, by email, with a minimum of an advanced electronic signature

d) Legitimate interest

In addition, personal data may be processed where it is relevant and necessary for a legitimate interest of the Controller. Click here to find out more about these legitimate interests and when we may process information based on them.

The legitimate interest legal ground is used by Manpower where the processing is necessary for the purposes of the legitimate interests pursued by Manpower, a member or a third party related to Manpower, provided that the pursuit of those interests is proportionate to the restriction of your right to the protection of your personal data. In order to determine this, Manpower will in each case carry out a so-called balancing of interests test, the result of which will determine whether the processing may lawfully be carried out on this legal basis.

The processing is based on a legitimate interest, for example:

where the process enables us to improve, modify, personalise or otherwise enhance our services/communications for the benefit of our customers, Job Applicants and employees;
detect and prevent fraud;
improve the security of our network and IT systems;
better understand how people interact with our sites;
direct marketing purposes;
determining the effectiveness of promotional campaigns and advertising.

Where we process data for the above purposes, we will pay particular attention to the processing of your personal data. You have the right to object to such processing. If you wish to exercise this right now, please click here. Please note that if you exercise your right to object, this may affect our ability to provide you with the services that are most beneficial to you.

We may also use the information in other ways, of which we will provide you with specific notice at or before the time of collection.

III. How we process and protect personal data

We process personal data collected by us, including through automated means, for the purposes and for the period of time specified above, in accordance with our internal data retention policy to ensure that personal data is not stored for longer than necessary.

We maintain organizational, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We use the following security measures to ensure the appropriate security and confidentiality of personal information:

Encryption of data sent and received during transmission;
Strict user authentication controls;
A well-established network infrastructure;
Strong security controls;

IV. How long we store the data we collect

The personal data we collect is stored in our systems in a manner that allows the identification of Data subjects for no longer than is necessary considering the purposes for which the data was collected or will be further processed.

This specific period is determined taking into account the following:

The need to continue to store the personal data collected in order to provide the user with the services agreed with him/her;
To protect the legitimate interests of the Data Controller as described in the purposes;
The existence of specific legal obligations that require the processing of the data and the related storage for a specified period of time.

We retain your application data for a period of two (2) years from your last activity or from the date on which your consent was last provided or renewed.

Screening transcripts generated during AI-assisted screening are retained for 12 months. Audit logs are retained for 24 months.

V. What information we share

Your personal information is protected and will not be disclosed. We may share your personal information with subcontractors who provide services on our behalf and under our instructions. We may share your Personal Information with (i) our subsidiaries and affiliates; (ii) if you are a job seeker, with clients (principals) who have engaged us to fill a specific position for which you have applied, for the purpose of evaluating your application and progressing the recruitment process; (iii) clients who may have relevant employment opportunities, where appropriate and in accordance with your preferences and (iv) with our other partners, such as recruitment consultants and subcontractors, for the purpose of finding you a job.

In addition, we may transfer or disclose certain personal information about you (i) if required to do so by law or legal process; (ii) to law enforcement or other government officials pursuant to a lawful request for discovery; and (iii) where necessary for the purposes of the legitimate interests pursued by us, such as preventing physical harm, financial loss, fraud, or other illegal activities, provided that such interests are not overridden by your fundamental rights and freedoms. We also reserve the right to disclose personal information we have about you in the event of a sale or transfer of all or part of our business or assets (including in the event of reorganization, liquidation or winding up).

The Data Controller will only transfer the recorded data to the authorities or courts in accordance with the statutory provisions on data protection in the absence of other evidence in court or other official proceedings pursuant to Sections 261, 308 (1) to (2) of the Hungarian Code of Criminal Procedures and other obligations contained in the CCP, and pursuant to Sections 267 and 268 (2) of the Code of Civil Procedure.

VI. Transmission of data

Personal data provided by you or collected about you will be transferred to our domestic and international clients, our Partners and other members of Manpower on the basis of our contractual obligations.

Your personal data is afforded the same protection in the Member States of the European Union.

Where we transfer your data to countries outside the European Union or to international organisations, we will ensure that it is adequately protected on the basis of a European Commission adequacy decision or where the controller or processor has provided adequate safeguards with respect to the processing of personal data and where there are enforceable rights and effective remedies available to data subjects. Such safeguards may include in particular: a) legally binding and enforceable instruments between public authorities or bodies; b) binding corporate rules; c) general data protection clauses adopted by the European Commission.

VII. Certain processing carried out by the Data Controller

Manpower may process your personal data in accordance with the provisions of the GDPR and the and with the applicable Hungarian legislation.

1. Processing in connection with registration in a candidate database

Data subjects may register on the Manpower website to the Manpower's candidate database. At that time, data subjects may provide their Personal Data and upload documents containing their Personal Data in connection with the application on the Website, whereby the data subjects register in the Data Controller's database. The Data subject's Personal Data will also be uploaded to the database if the data subject consents to it in respect of the data provided by telephone, e-mail, in person or via social media.

A Job Applicant may register in the database in one of two ways; through a general registration, where their data will be processed in connection with all possible vacancies, or by applying for a specific vacancy only, in which case their personal data will be processed only in connection with that specific vacancy.

Details of the processing can be read below.

Purpose of processing

To facilitate the inclusion of candidates in the database, to facilitate the recruitment and selection process, to conduct the recruitment and selection process, to recommend suitable jobs to candidates and ultimately to fill the job. The purpose of AI-assisted candidate screening and messaging is to facilitate and streamline the pre-screening of candidates for open positions. AI tools are used to support Manpower’s recruiters; however, final recruitment decisions are not based solely on automated processing; human oversight is ensured in all cases.

In addition to the activities listed above, if you are a Job Applicant and you create a registration account or apply for a job, we will use your data for the following purposes (as permitted by law):

Providing you with job opportunities and work;
Providing HR services to you;
provide additional services to you: training, career counselling and career change services;
assessing your suitability as a Job Applicant and your qualifications for particular positions; and

Conducting data analysis, such as (i) analysing our applicant and employee base; (ii) assessing individual performance and skills, including job-related skills ratings; (iii) identifying skills gaps; (iv) using information to match individuals with available opportunities; and (v) analysing data from the acquisition channel (trends in recruitment practices).

Scope of data processed

Title, first name, surname, e-mail address, telephone number, street address, postal code, city, country, CV and the data contained therein (in Hungarian or in a foreign language), cover letter and the data contained therein, data concerning own vehicle (yes, no), salary requirements, qualifications, special knowledge, data concerning job-related skills, other personal data voluntarily provided by the Data subject.

AI tool processes identification data (name, email address, telephone number), application data (CV, cover letter and data contained therein), information provided during screening interactions (e.g. responses, text transcripts), recruitment process data (e.g. recruiter notes, pipeline status, evaluation outcomes) on the basis of the consent provided by the Data subject.

Legal basis for processing

consent of the data subject (Article 6(1)(a) GDPR)

By registering, you consent to the recording of your personal data in the database of the Data Controller and to participate in the recruitment and selection process of the Data Controller.

legitimate interest of the Controller or a third party (Article 6(1)(f) GDPR)

Where the processing of personal data is necessary to take steps at the request of the Job Applicant prior to entering into an employment contract, the Data Controller processes such data on the basis of Article 6(1)(b) GDPR (pre-contractual measures).

In such cases, the personal data will be processed for the duration of the recruitment process and will be deleted once the specific vacancy has been filled, unless further retention is justified on another legal basis (e.g. consent or legal obligation)

The Data Controller does not request or intend to collect special categories of personal data (as defined in Article 9 GDPR).

If an applicant nevertheless provides such data, the Data Controller will, as a rule, not process or take such data into account for recruitment purposes and will take reasonable steps to delete or anonymise it without undue delay.

Exceptionally, where the processing of such data is necessary and permitted by applicable law (e.g. for the establishment, exercise or defence of legal claims or compliance with employment law obligations), the Data Controller will process such data only on an appropriate legal basis under Article 9 GDPR.

Duration of processing

If you register as a Job Applicant, your personal data will be kept for two years (24 months) from the date of your last activity in your profile, if your registration is confirmed, or until the termination or cancellation of your registration.

If you do not confirm your registration, your personal data will be deleted after 14 (fourteen) days.

In the case of processing based on legitimate interest, until you have given your consent but no longer than 30 days.

Source of data

The source of the personal data is primarily the data subject directly.

However, in certain cases, we may also obtain personal data from other sources, such as:

publicly available sources (e.g. professional networking platforms);
our clients (principals) in the context of recruitment processes or assignments;
business partners or references provided by the data subject.

Such data may include information relevant to the recruitment process, performance of assignments, or compliance with contractual or workplace obligations (e.g. feedback on professional experience, performance, or work-related conduct).

In all cases, the Data Controller ensures that such data is processed in accordance with applicable data protection laws and only where necessary for the relevant purpose.

Data transfers, Joint controllers

The Candidate Database and the Personal Data contained therein will be jointly managed by the members of the Manpower Companies and affiliated companies, and will therefore be Joint Controllers for the purposes of the processing activities. The purpose of the joint processing is to enable Manpower to find the most suitable position and employment for the Data subject. The Joint Controllers will have access to the entire database.

The Joint Controllers will define in an agreement between them the division of responsibilities for the fulfilment of their obligations under the GDPR. The essential elements of the agreement are detailed in this section.

The Data Controllers have jointly prepared a Data Processing Notice for the information of the data subject pursuant to Articles 13 and 14 of the GDPR. This notice also contains the name and contact details of the Data Protection Officer of the Joint Controllers as the contact person for the Data subject.

The Joint Controllers ensure the exercise of the data subject's rights (under Articles 12-22 GDPR) jointly by ensuring that, where the data subject's request relates specifically to the processing of a data by one of the Controllers (e.g. a data subject request by that Controller), that Controller acts towards the data subject in relation to the specific case.

The Data subject may address his or her request to any of the controllers, may exercise his or her rights under the GDPR in relation to any of them, and the Joint Controllers shall cooperate with each other in this context in accordance with the provisions of the GDPR.

Liability of the Joint Controllers

The Joint Controllers are liable for any damage caused by a breach of the provisions of the GDPR.

Joint Controllers are exempted from liability if they can prove that they are not in any way responsible for the event giving rise to the damage.

The Joint Controllers shall be jointly and severally liable to the data subject, i.e. the data subject may assert a claim against any of them and the performance by any of them shall reduce the liability of the other parties to the data subject to the extent of the performance.

No data are transferred to processors in connection with the processing.

2. Recruitment and selection process in the case of temporary employment and recruitment agencies

The Data Controller shall also process data in relation to the recruitment and selection process in the context of its recruitment and placement services.

During the recruitment and selection process, the Data Controller assists Job Applicants in finding the most suitable job and helps its Partners to find and place the most suitable candidate.

As part of this process, the Data Controller will interview potential Job Applicants, carry out the necessary tests (personality tests or professional tests) and determine which Job Applicants may be the most suitable for the advertised position.

The Data Controller will inform Job Applicants of open positions via the contact details below:

e.g. website, e-mail, telephone, Facebook, etc.

Purpose of data processing

To recruit and recommend candidates for the advertised position.

Scope of data processed

During the recruitment and selection process, in addition to the registration in the candidate database, the Data Controller processes the following data:

Data recorded during the interview (e.g. position applied for by the candidate, professional experience, personality, professional knowledge, language skills, highest educational qualification, current/last job, position, salary requirements, results of professional or personality tests.

Legal basis for processing

consent of the data subject (Article 6(1)(a) GDPR)

legitimate interest of the Controller or a third party (Article 6(1)(f) GDPR)

The Data Controller may also carry out a so-called "name matching" procedure in the course of its recruitment or placement process, during which it may transmit the name and date of birth of the candidate to the Partner. The purpose of the "name-matching" procedure is to identify whether the Partner already has information of its own on the Job Applicant.

The Data Controller will not ask you to provide any specific personal data. If the Job Applicant does provide specific personal data during the registration process, based on his/her own choice (e.g. data concerning religious or philosophical beliefs, health data, biometric data), the Data Controller will process it only to the extent that it is relevant for the establishment, performance or termination of the employment relationship; all other data will be disregarded in the decision-making process (Article 6(1)(a) GDPR and Article 9(2)(a), (b) and (h) GDPR).

Duration of data processing

Manpower will only retain the data until you are notified of the outcome of your application, unless you enter into an employment relationship with Manpower. Manpower will not use this data for any other purpose, unless the applicant explicitly requests that his/her application be processed for other purposes, for the purpose of participating in a possible new application procedure.

Source of data

he source of the personal data is primarily the data subject directly.

However, in certain cases, we may also obtain personal data from other sources, such as:

publicly available sources (e.g. professional networking platforms);
our clients (principals) in the context of recruitment processes or assignments;
business partners or references provided by the data subject.

In all cases, the Data Controller ensures that such data is processed in accordance with applicable data protection laws and only where necessary for the relevant purpose.

Transmission of data, Joint controllers

If the Job Applicant is selected by the Data Controller, the Partner may have access to the Job Applicant's Personal Data.

In the case of temporary employment, the Borrowing Employer may have access to the candidate's Personal Data on the basis of an agreement between the Data Controller and the Borrowing Employer.

The recruitment agency may access the Personal Data on the basis of a data transfer agreement with the Data Controller relating to the recruitment agency.

The companies of the Manpower Group of Companies jointly process Personal Data during the recruitment and selection process and are therefore considered as joint controllers of all the data as defined above.

The purpose of the joint processing is to enable the Manpower Group to find the most suitable position and employment for the Data subject.

The Data Controllers have jointly prepared their information notice for the data subject pursuant to Articles 13 and 14 of the GDPR. This notice also contains the name and contact details of the Data Protection Officer of the Joint Controllers as the contact person for the Data subject.

The Joint Controllers jointly ensure the exercise of the data subject's rights (under Articles 12-22 GDPR) by ensuring that, where the data subject's request relates specifically to the processing of a data by one of the Controllers (e.g. a data subject request by that Controller), that Controller acts towards the data subject in relation to the specific case.

The data subject may address his or her request to any of the controllers, may exercise his or her rights under the GDPR in relation to any of them, and the Joint Controllers shall cooperate with each other in this context in accordance with the provisions of the GDPR.

Liability of the Joint Controllers

The Joint Controllers shall be liable for any damage caused by a breach of the provisions of the GDPR.

The Joint Controllers shall be exempted from liability if they prove that they are not in any way responsible for the event giving rise to the damage.

No data are transferred to processors in connection with the processing.

In the framework of the name matching procedure, the Data Controller may transmit the Job Applicant's data (name, date of birth, e-mail address) to the Partner in order to identify whether he/she is already in the Partner's database. If he/she is not in the Database, but may be a potential candidate for the position, the Data Controller will transmit his/her CV, cover letter (if any) and the profile he/she has prepared to the Partner.

3. Recruitment and selection process for own employees

The Data Controller also carries out its own recruitment, in the context of which it recruits its own employees to fill the advertised position(s).

The processing carried out by the Data Controller is the same as described in point 2, but in this case the Personal Data of the Job Applicant will not be transferred to the Partners.

4. Data processing in the context of temporary agency work

The Data Controller also provides labour leasing services to its Partners, for which it also performs data processing. Temporary employment is the activity whereby the lender (the Data Controller) temporarily assigns an employee who is in an employment relationship with it for the purpose of temporary employment to the borrower for work for consideration (Section 214 (1) a) of the Labour Code).

The Data Controller performs recruitment and selection services for its Partners in the context of its temporary employment services (for details of the processing see point 2), and also processes data for the purposes of the temporary employment itself, including the establishment, maintenance and termination of the employment relationship. In this process, the Data Controller acts as the temporary employment agency. In particular, the Data Controller processes data in relation to the creation, maintenance (in particular payroll, payment of wages, bonuses, recording of working time, provision of occupational health services) and termination of the employment relationship with respect to the temporary agency work. The Data Controller's Partner also processes data relating to the day-to-day work of the employee, e.g. in relation to participation in training, training, performance appraisal, employee monitoring. For details of the processing carried out by the Data Controller's Partner, please refer to the Partner's Privacy Notice.

Purpose of processing

In the case of temporary agency work, the purpose of the processing is to enable the Data Controller to lend employees who are in an employment relationship with the Data Controller to the Partners, i.e. the borrowing employers, and to enable the Data Controller to fulfil its obligations as an employer and to fulfil its obligations under the employment contract.

Given that in the case of temporary agency work, an employment relationship is established between the Data Controller and the Data subject, the Data Controller must process all the Personal Data referred to below which is necessary for the establishment, maintenance and termination of the employment relationship, including, but not limited to, the processing of Personal Data by the Data Controller:

payroll, payroll planning, payroll accounting, deductions;
investigating an accident at work, payment of benefits;
calculation of leave, working time allowance;
claiming cash benefits and leave;
checking compliance with immigration rules, applying for permits;
establishing employment, completing NAV returns;
working time allowance, termination restrictions;
recording working time, payroll;
evaluating employee performance, setting targets and career paths, and ensuring that all of the above is properly documented and tracked;
improving and protecting the security of workers, premises, systems and equipment
monitoring compliance with internal policies and procedures;
processing payments

Scope of data processed

title, surname, first name, surname, name at birth, place and date of birth, mother's name at birth, type of identification document (e.g. ID card, passport, etc.) number) and number, social security number, tax identification number, nationality, registered place of residence, place of stay (postal address), bank account number, marital status, number of dependent children, e-mail address, telephone number, photograph, data on studies, data on jobs, data on knowledge of foreign languages, information on disability, other information typically included in a CV, such as references/opinions from third parties, certificates, diplomas, awards, prizes and other documents and information contained therein, other information typically required for payroll and insurance purposes, such as social security record book, certificates and other documents issued by previous employees, certificates issued by the Labour Office, decisions issued by the National Institute for Rehabilitation and Social Expertise (ORSZI), decisions issued by the pension insurance company.

In addition, for workers with reduced capacity for work: personal identification data; social security number; degree of change in capacity for work; degree of health condition; degree of impairment; fact of disability; copies of documents proving the above.

Legal basis for processing

performance of a contract (processing of Personal Data is necessary for the conclusion of an employment contract and for taking steps at the request of the employee prior to the conclusion of the contract) (Article 6(1)(f) GDPR)

The Data Controller processes personal data on the basis of the legal basis of the performance of a contract for the establishment, maintenance and termination of the employment relationship.

legal obligation (processing of Personal Data is necessary for compliance with a legal obligation to which the Controller is subject, or, in the case of joint processing, to which other joint controllers are subject) (Article 6(1)(c) GDPR)

The Controller processes Personal Data in specific cases on the basis of a legal obligation in relation to the employment relationship. The processing of data is based on a legal obligation in relation to the establishment, maintenance and termination of the employment relationship, the payment of wages, payroll planning, payroll accounting, the payment of deductions, the calculation of leave, the granting of working time off, the application for cash benefits and leave, the verification of compliance with immigration rules, the application for permits, the fulfilment of the obligation to notify the NAV.

legitimate interest of the Controller or the Borrower (Article 6(1)(f) GDPR)

The purpose of the processing with regard to workers with reduced working capacity: to verify and prove the employment of a person with reduced working capacity and the benefits to the Employer in connection with the employment of persons with reduced working capacity on the basis of the applicable legislation in force, in particular with regard to the following.

Source of data

The source of the personal data is primarily the data subject directly.

However, in certain cases, we may also obtain personal data from other sources, such as:

publicly available sources (e.g. professional networking platforms);
our clients (principals) in the context of recruitment processes or assignments;
business partners or references provided by the data subject.

In all cases, the Data Controller ensures that such data is processed in accordance with applicable data protection laws and only where necessary for the relevant purpose.

Transfer of data, Joint controllers

The Data Controller is legally obliged to transfer employee data to public authorities (e.g. NAV, MÁK, ONYF).

In the case of temporary agency work, the Data Controller may also transfer personal data to the employer of the temporary agency.

For temporary agency work, the Data Controller and the borrowing employer (Partner) act as joint data controllers. On the basis of the joint processing agreement, the Joint Controllers shall jointly process the personal data related to temporary agency work and shall jointly determine the purposes and means of the processing. The purpose of the joint processing is to ensure the maintenance of the employment relationship and to facilitate mutual and unhindered communication between the controllers in order to achieve more efficient temporary agency work. The purpose of joint processing is also to comply with legal requirements.

The Joint Controllers shall define in an agreement between them the division of responsibilities for the fulfilment of their obligations under the GDPR. The essential elements of the agreement are detailed in this section.

The Data Controllers have jointly prepared their privacy notice for the information of the data subject pursuant to Articles 13 and 14 of the GDPR. This notice also contains the name and contact details of the Data Protection Officer of the Joint Controllers as the contact person for the Data subject.

Liability of the Joint Controllers

The Joint Controllers are liable for any damage caused by a breach of the provisions of the GDPR.

Joint Controllers are exempted from liability if they can prove that they are not in any way responsible for the event giving rise to the damage.

No data are transferred to processors in connection with the processing.

The Data Controller shall process the data for the following period of time with regard to the hiring of personnel.

5. Processing of data in the context of employment mediation

Labour mediation aims at facilitating the meeting of job seekers and job providers for the purpose of establishing an employment relationship, including the mediation of Hungarian citizens abroad and foreign citizens in Hungary (Government Decree No. 118/2001 (30.VI.), § 2 (1) a)).

In other words, the Data Controller carries out the recruitment and selection activities for the Partners connected to the Data Controller, as described in section 2. If a potential candidate is found, the Data Controller will forward the personal data to the Partner.

At the end of the successful placement process (when the person placed by the Data Controller is hired), the Partner will send the Data Controller a confirmation of completion, which may include personal data.

Details of the processing are set out in the table below.

Purpose of processing

Where the processing of personal data is necessary to take steps at the request of the data subject for the purposes of recruitment or labour mediation and the potential establishment of an employment relationship, the Data Controller processes such data on the basis of Article 6(1)(b) GDPR (pre-contractual measures).

Scope of data processed

the name of the Data subject; the job title; the start date of employment; the salary of the Data subject

Legal basis for processing

Performance of a contract - processing is necessary for the performance of a contract to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into a contract" (Article 6(1)(b) GDPR)

Source of data

The source of the personal data is primarily the data subject directly.

However, in certain cases, we may also obtain personal data from other sources, such as:

publicly available sources (e.g. professional networking platforms);
our clients (principals) in the context of recruitment processes or assignments;
business partners or references provided by the data subject.

Such data may include information relevant to the recruitment process, performance of assignments, or compliance with contractual or worplace obligations (e.g. feedback on professional experience, performance, or work-related conduct).

In all cases, the Data Controller ensures that such data is processed in accordance with applicable data protection laws and only where necessary for the relevant purpose.

Duration of data processing

Where the document relates to (or is used to support) a tax liability or a tax credit, the retention period is until the expiry of the tax assessment right (usually 6 years after the end of the tax year). Within this period, if the document is also a strict accounting document, the retention period is 8 years, unlike the previous period.

Transfers, Joint controllers

There is no data transfer for this process

6. Data processing in relation to direct marketing

The Controller may process the Personal Data of Data subjects in accordance with its direct marketing activities as described below.

The Data Controller wishes to regularly inform its customers or prospective customers about its services and offers by means of direct enquiries, offers or newsletters. In the newsletter, depending on the type of newsletter, the subscribing customer or prospective customer will be informed at regular intervals (e.g. daily, weekly, monthly) about new services, offers and other useful information of the Data Controller. The newsletters may also contain advertising messages.

Purpose of processing

The primary purpose of the processing is to send advertisements, newsletters, offers and other enquiries to customers and prospective customers, in order to inform customers and prospective customers about new services of the Data Controller and thereby to acquire (new) active customers for the Data Controller.

The purpose of the processing is also to.

a) to carry out market research, customer satisfaction surveys, the purpose of which is to enable the Authority to assess the satisfaction of its customers with the service provided to them, and to provide them with the best possible quality of service.
b) customer relationship management;
c) ensuring quality and efficient customer service;
d) maintaining contact.

Scope of data processed

Full name; email address; email status (active or inactive); country and city; records of emails sent, opened, and clicked; date of import; company name; and, where applicable, telephone number.

Legal basis for processing

The processing of Personal Data is based on the Data subject's consent (Article 6(1)(a) GDPR) and legitimate interest (Article 6(1)(f) GDPR). Consent may be withdrawn by the Data subject at any time. Withdrawal of consent does not affect the lawfulness of the processing prior to its withdrawal.

Duration of processing

The Data Controller shall process the data until the Data subject's consent is withdrawn, but no later than two years after the consent was given. Where processing is based on legitimate interest, personal data is retained for no longer than two years following the last meaningful interaction (e.g., multiple emails opened, email clicks, or other engagement). If no such interaction occurs within this period, the data is deleted or anonymized, unless another legal basis applies.

Source of data

We obtained your contact details either through your direct interaction with us (for example by signing up on our website or engaging our services) or from publicly available sources where business contact information is made accessible.

Data transfers, Joint controllers

The Personal Data processed in connection with the newsletter will be transferred to the members of the Manpower Group of Companies, who will act as Joint Data Controllers.

The Joint Controllers shall determine in an agreement between them the allocation of their responsibilities for the fulfilment of their obligations under the GDPR. The essential elements of the agreement are detailed in this section.

Liability of the Joint Controllers

The Joint Controllers shall be liable for any damage caused by a breach of the provisions of the GDPR.

The Joint Controllers shall be exempted from liability if they prove that they are not in any way responsible for the event giving rise to the damage.

No data are transferred to processors in connection with the processing.

7. Processing of data relating to enquiries concerning the Company

Purpose of processing

To respond to requests for information and service information about the company received by Manpower by telephone, email, postal mail or even in person or via social networking sites (e.g. Facebook, LinkedIn).

Scope of data processed

First name, last name, email address, phone number, company name, industry, and message content (as entered).

Legal basis for processing

Duration of processing

The personal data will be processed for 1 year after you have replied.

Source of data

The data source is the data subject directly.

Transmission of data, Joint controllers

There is no data transfer in relation to the process

8. Processing by contact persons

The Data Controller processes data relating to its contractual partners (hereinafter referred to as "Supplier"), the Supplier or, in the case of a non-natural person Supplier, the Supplier's employees, other intermediaries, authorised signatories or contact persons involved in the performance of the Supplier's contractual obligations, for the following purposes:

Purpose of processing

The purpose of the personal data processing is the performance of the contract between the Data Controller and the Partner. In particular, it is necessary to ensure effective communication between the Data Controller and the Partner and to carry out the negotiations relating to the contract, which is an essential part of the performance of the contract and is strictly necessary for the performance of the contract.

Furthermore, the purpose of the processing is to enable the Data Controller to enforce its economic and legal interests in the event of any disputes arising in connection with the contract.

In addition, the purpose of the processing is also the conclusion, possible modification and termination of the contract with regard to the persons entitled to register the company.

Scope of data processed

Name, company e-mail address, company telephone number, position, possible signature.

Legal basis for processing

Duration of processing

We process the personal data of our business partners' contact persons until the purpose of the processing has been achieved, which, unless otherwise specified, is until the end of the period of enforcement of claims following the performance of the contract - currently five years under the Hungarian Civil Code - or, in the case of claims within this period, until its final conclusion.

Source of data

Personal data may be received from the Data Controller's Suppliers who are not natural persons and, where applicable, also from the Data subject himself/herself.

Duration of processing

The Data Controller shall process personal data until the purpose of the processing is fulfilled, but no later than the expiry of the limitation period of civil law (5 years in general) following the termination of the contract with the Supplier in relation to which the Data subject acted as a contact person.

In the event that the contact person ceases to be a contact person during the duration of the contract, the Data Controller will no longer contact that contact person, except in the event of a dispute.

If personal data are included in an accounting document, the Data Controller shall keep the documents, and thus the personal data contained therein, for 8 years pursuant to Article 169 of Act C of 2000 on Accounting.

Data transfers, Joint controllers

The Data Controller may transfer contact details to public authorities or courts in the event of a request by a public authority or a court.

The Supplier, which is not a natural person, is itself responsible as a data controller for ensuring that Data subjects are adequately informed in advance of the intention to transfer to the Data Controller (as the recipient of the transfer and as another data controller), the scope of the personal data concerned by the transfer and the purposes of the transfer.

In the case of a Supplier who is not a natural person, the Supplier shall provide the information to the Data subjects and confirm this to the Data Controller.

9. Processing of data relating to Cookies

When you visit our Sites, we may collect certain information through automated means such as cookies, web beacons and web server logs. Information collected in this manner may include, but is not limited to, IP address, unique device identifier, browser characteristics, device characteristics, operating system, language preferences, referring web addresses, information about actions taken on our Sites, the date and time of your visit to our Sites, and other usage statistics.

For more information about the processing of data in relation to Cookies, please refer to the Cookie Policy of the Data Controller, which can be accessed via the link below:

https://www.manpower.hu/legal_documents/cookies

10. Organization and management of contests and prize draws

For the purposes of this prize draw, Manpower (“Organizer”) acts as the data controller of your personal data.

What data do we collect?

You may choose to provide your name and e‑mail address in order to participate in the prize draw. Providing your personal data is entirely voluntary.

All personal data is collected directly from you.

Legal basis for processing

The Organizer processes your personal data for the following purposes:

1. Voluntary participation in the prize draw and contacting the winner

Data: name and e‑mail address
Legal basis: consent (Art. 6(1)(a) GDPR)

2. Contacting the winner and delivery of the prize to the winner

If you become the winner, we will contact you and request additional information required for delivering the prize.

Data: delivery address, telephone number, or information necessary for digital delivery (e.g., for gift cards), as applicable
Legal basis: performance of a contract (Art. 6(1)(b) GDPR)

How will your data be used?

Your personal data will be used exclusively for the following purposes:

registering Participants in the prize draw
contacting the winner
delivering the prize

We do not engage in automated decision‑making or profiling.

Who will have access to your data?

Access to your name and e‑mail address is limited to authorised employees of the Organizer and the Organizer’s affiliated companies involved in administering the prize draw.

These affiliated companies act as data processors and provide administrative and operational support strictly in accordance with the Organizer’s instructions.

Your data will not be shared with third parties except the IT service provider supporting the data collection system and the delivery service responsible for prize distribution, as applicable.

Personal data is not transferred outside the EU/EEA.

How long do we keep your data?

Personal data of Participants is retained until the prize draw has been completed and the winner has been contacted, after which it is deleted without undue delay.

We may retain limited information necessary to demonstrate the lawful conduct of the prize draw and the selection of the winner, where required. In such cases, personal data of Participants may be included in this documentation and will be retained only for the period required by law.

Personal data of the winner (name, surname, and place of residence) is retained only for as long as necessary to comply with applicable legal obligations.

VIII. Your rights and choices

You may exercise the following rights in relation to the processing of your personal data:

Right of access: you have the right to obtain confirmation as to whether we are processing your personal data and to access information about our processing of your personal data in order to verify that your personal data is processed in accordance with the law. Upon request, we will provide you with a copy of the data processed.
Right to rectification.
Right to erasure ("right to be forgotten"): You have the right to request that, in certain circumstances, we delete personal data relating to you and no longer process it. These circumstances include, for example: i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed ii) if the processing was based on your consent and you withdraw your consent iii) the processing is for direct marketing purposes or iv) the personal data have been unlawfully processed. However, exceptions to the right to erasure also apply. These general exceptions are when the processing of personal data is necessary: i) for the exercise of your rights of expression and information; ii) to comply with a legal obligation; or iii) for the establishment, exercise or defence of legal claims.
In such circumstances, you may request the data subject to a restriction of your personal data: (i) the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; (ii) the processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use; (iii) the data subject contests the accuracy of the personal data, in which case the restriction shall be for the period of time necessary to allow the controller to verify the accuracy of the personal data; or (iv) the data subject has objected to the processing; in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override those of the data subject. If the processing is subject to restriction, such personal data, except for storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the European Union or of a Member State.
Right to data portability: you have the right to receive the personal data that you have originally provided and which relate to you in a structured, commonly used, machine-readable format, or to request the transfer of the data to another controller, if the processing is based on the data subject's consent or on the performance of a contract on a legal basis and is automated.
Right to object: Where the legal basis for the processing of your personal data is not your consent, but the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, including profiling based on the aforementioned provisions. In this case, the processing of your personal data will only continue in exceptional circumstances. In addition, where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling. If you object to the processing of your personal data for direct marketing purposes, your personal data may no longer be processed for these purposes.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to withdraw consent. If you withdraw your consent, we will stop processing your data unless the processing is permitted or required by applicable laws and regulations. In no case will the withdrawal of your consent affect the lawfulness of the processing that took place with your consent prior to the withdrawal.

You are informed that, in exercising the above rights, Manpower is obliged to provide you with information in writing, in an intelligible form, on your request for rectification, blocking or erasure without undue delay, but no later than one (1) month from the date of the request. If we do not take action on your request, we will inform you without delay, but no later than one (1) month, of the reasons for not taking action on your request for rectification, erasure or blocking and of the possibility to seek judicial remedy and to lodge a complaint with the National Authority for Data Protection and Freedom of Information.

In the course of processing your request, we will notify you and all those to whom we have previously transferred your personal data for processing purposes of the rectification, blocking and erasure.

If you have a complaint about Manpower's data processing practices, we encourage you to contact Manpower at one of the addresses provided before pursuing a dispute through the legal process.

Right of redress: To remedy a breach of your rights in relation to the protection of your personal data, or if there is an imminent threat of such a breach, you may apply to a court or the National Authority for Data Protection and Freedom of Information.

Contact details of the National Authority for Data Protection and Freedom of Information:

9-11 Falk Miksa Street, 1055 Budapest.

Postal address: 1363 Budapest, Pf. 9.

Phone number: +36 (1) 391-1400

E-mail address: [email protected]

Website: www.naih.hu

(1.1.1.1.1.) 1.1.1. You may also bring the action before the court of the place of your residence or domicile.

If the Data Controller causes damage to another person by unlawful processing of his/her data or by violating the requirements of data security, he/she shall compensate for such damage. If the Data Controller or another data controller infringes your right to privacy by unlawfully processing your data or by breaching data security requirements, you may claim damages from the Data Controller.

If you require further information about the processing of your personal data, please see the "How to contact us" section below.

IX. Updates to our Privacy Notice

We may periodically revise, amend and update this Privacy Notice (including any supplements) to reflect changes in our privacy practices and legal requirements.

We will notify you of any significant changes by posting a prominent notice on our Sites, indicating the most recent update at the top of each statement.