• Legal & Privacy

Legal & Privacy

BDO Magyarország Vagyonkezelő és Szolgáltató Kft. Building C., 2/A. Kőér Street, 1103 Budapest,Registration number: 01-09-865069 Tax ID No.: 13627289-4-42,), as Controller considers it important to respect and enforce the rights related to processing of the www.bdo.hu website’s Data Subject natural person visitors (hereinafter: Data Subjects) and acts in compliance with up-to-date legislations and procedural laws and its internal policies in force. 

The goal of the Data Protection Policy is to inform the Data Subjects about the Controller’s processing activities on www.bdo.hu website, so the scope of the policy extends exclusively to processing occuring via that website(s) and to the data, which have been handled during processing.

The goal of the website is to provide useful information about the activity and services of BDO Magyarország group.


1. WHO ARE THE DATA SUBJECTS?

Data Subject is that natural person who is identified or - directly or indirectly - is identifiable via his or her data that has been provided or received on the www.bdo.hu website.

The personal scope of the Policy extends to the natural persons who inquire or request an offer or submit an offer via www.bdo.hu website; who are the representatives, the contact persons of persons other than a natural person; those natural persons who subscribe to the newsletter of the website; furthermore, to the employees of the Controller who are in charge of operating the www.bdo.hu website.

2. THE CONTROLLER

The Controller is the operator of the www.bdo.hu website.

Company name: BDO Magyarország Vagyonkezelő és Szolgáltató Korlátolt Felelősségű Társaság
Registered seat: Building C., 2/A. Kőér Street, 1103 Budapest

Contact: Department of Marketing - and PR
E-mail: office@bdo.hu
Registration number: Cg 01-09-865069
Tax ID No.: 13627289-4-42

BDO MAGYARORSZÁG

BDO Magyarország Vagyonkezelő és Szolgáltató Kft. is the contractual party of BDO International Ltd. (hereinafter: ‘BDOI’), which is a guarantee-based limited liability company, operating in the United Kingdom and the leading company of the BDO Network.

BDOI and the companies that operate under the protected ‘BDO’ brand name are separate legal persons and are the subsidiaries of the international BDO Network. They are not liable for each others’ actions and failures to act; furthermore, the member companies are not the agents of BDOI and have no ownership in each others’ company.

‘BDO Magyaroszág’ is the summary name of the following companies: BDO Magyarország Vagyonkezelő és Szolgáltató Kft., BDO Magyarország Adótanácsadó Kft., BDO Magyarország Corporate Finance Kft., BDO Magyarország Hotel és Ingatlan Szolgáltató Kft., BDO Magyarország Könyvvizsgáló Kft., BDO Magyarország Könyvelő és Bérszámfejtő Kft., BDO Magyarország HR Személyzeti Tanácsadó Kft., BDO Magyarország IT Megoldások Kft., all of them are the members of the BDO Network.

BDO Magyarország shall forward data to a member company of the BDO Network that operates in a non-EU member state if the member company, which has contractual relationship with the client, has signed the standard contractual clauses accepted by the EU and the appropriate data security is fulfilled.

The services are provided by BDO Magyarország companies, which are separate legal entities. The target of this Data Protection Policy is that the companies of BDO Magyarország inform the data subjects about the personal processing activities that are performed during providing services.

BDO Magyarország companies consider it important to respect and enforce the data subject natural person’s rights related to processing and while processing the date they act in compliance with up-to-date legislations and procedural laws and their in-force internal policies. 

Regarding the processing of personal data, each of the BDO Magyarország companies are Controllers but they may also perform mutual processing in order to provide more comprehensive services and to ensure higher technology level processing and data security. As Controllers and Processors they shall ensure the availability of the technical and organisational processes, which are expected in this industry in order to process the personal data securely and in compliance with the legislations in force. The information technology systems, that record the data of the clients of BDO Magyarország are operated by BDO Magyarország Vagyonkezelő és Szolgáltató Kft., and have 27001 certificate (ISO/IEC 27001 Information Security Management System).

 

3. PROCESSING ACTIVITY: SENDING NEWSLETTER

 

Before using the service, the Data Subject may subscribe to newsletter with his or her details as specified below.

 

Scope and target of the processed data:

 

full  name

identification

e-mail address

sending newsletters

company name

identification

date of subscription

identification

 

 

The purpose of processing: The purpose of processing related to sending newsletter is to provide general or personalized information to the addressee about the most up-to-date events and news of the Controller, furthermore, to inform him or her about the current economic events and legal environment.

 

Legal basis: The subscription to newsletter is based on voluntary, prior consent. 

 

Data subjects: every natural person who intends to receive information about the news and events of BDO as Controller or BDO Magyarország group, so he or she subscribes to the newsletter service by giving his or her personal data.

 

 

Who are the data processors: The newsletter is sent exclusively by the Department of Marketing and PR colleagues by using ... newsletter software.

 

How long are the data processed: The Controller shall process the personal data that have been recorded for this purpose until the Data Subject unsubscribes from the list or confirms it. The Controller shall review the newsletter list in every three-year and ask for confirmation from the subscribers. The data of that Data Subject who does not confirm the subscription shall be deleted from the database of the Controller.

 

The period of processing: until deleting, by the request of the data subject or if the Data Subject does not confirm the subscription.

 

Unsubscription: The Data Subject may unsuscribe from the newsletter anytime, by using the request at the bottom of the e-mails or sending a request to the e-mail address info@bdo.hu or postal address Building C., 2/A. Kőér Street, 1103 Budapest.

 

 

4. PROCESSING ACTIVITY: ONE-TIME INFORMATION OR INQUIRY

 

The purpose of processing: to provide appropriate information to the data subject and to keep contact. The Controller makes it possible for the Data Subjects to request information or offer about the services from the Controller via the website or the central e-mail address, by providing the following data.

 

Legal basis: The request for information is based on voluntary consent.

 

Scope of the data subjects: All the natural persons who get in contact with the Controller and ask for information or for an offer from the Controller while giving his or her personal data.

 

Scope and target of the processed data:

 

full  name

identification

e-mail address

keeping contact

company name

identification

phone number

keeping contact

comment / content of the question

response

 

Who are the data processors: The data shall be processed by the Controller’s colleagues only to the extent necessary to perform their tasks.

Basically, the Controller processes the personal data or if it outsources the task in order to receive the answer from an expert, the personal data shall be forwarded to a colleague working at a BDO Magyarország company that has expertise in the given field.

The Controller shall not forward the data to other third party.

In the case of mutual processing the members of BDO Magyarország companies, as Controllers, shall follow the procedure defined here.

BDO Magyarország companies and the subsidiaries of the Controller: BDO Magyarország Adótanácsadó Kft., BDO Magyarország  Corporate Finance Kft., BDO Magyarország Hotel és Ingatlan Szolgáltató Kft., BDO Magyarország Könyvvizsgáló Kft., BDO Magyarország Könyvelő és Bérszámfejtő Kft., BDO Magyarország HR Személyzeti Tanácsadó Kft., BDO Magyarország IT Megoldások Kft.

The activity and the process affected by processing are the following:

 

a. The data, which have been provided to the Controller on the website are forwarded via e-mail. E-mails, which request information or offer may be sent to the central e-mail address displayed on the website. The incoming requests for information are received by the Controller, who shares the data with the company that belongs to BDO Magyarország group in order to provide professional answer to the request for information or offer.

b. The Controller answers the Data Subject’s question and sends it to him or her, preferably using the same route where the request has arrived, unless otherwise indicated by the Data Subject.

c. The Data Subject, in accordance with the goal of processing, voluntarily consent that if he or she has given his or her availability during requesting information, the Controllers shall get in contact with him or her using that availability in order that he or she specifies the question or receives the answer.

 

Duration of data processing: until achieving the target. If legal effect is connected to requesting or/and providing information or if the Data Subject and the Controllers are similarly, significantly affected, the Controller and the mutual Controllers process the data within the current period of limitation. In the case of the Controller(s)’ warranted interest the data shall be stored for a longer period, until the warranted interest exists. The Controller shall inform the Data Subject about this.

 

 

 

5. PROCESSING ACTIVITY: PROCESSING OF JOB APPLICANTS

 

The Data Subjects have the possibility to submit their applications (CV, cover letter, a.s.o.) electronically, via e-mail in Hungarian and foreign language for job applications, which are published on the website and they may also provide their personal data. The Data Subjects may send their applications to the postal address, too.

 

Legal basis: The application for job application is based on voluntary consent.

 

Scope of the data subjects: All the natural persons who apply for job application, which has been announced by the Controller.

 

Scope and target of the processed data:

 

full  name

identification

place and date of birth

identification

name of position applied for

it is necessary for

the identification of the application

special data, for example

health data

special data is processed if it is necessary for the evaluation of fulfilling the position

experience - name of the previous workplace

and the period that was spent there

it is used for the evaluation of fulfilling the position

experience - description of position

it is used for the evaluation of fulfilling the position

education

it is used for deciding about fulfilling the position

 

foreign language knowledge

foreign language

knowledge and level of knowledge

it is used for

the evaluation of fulfilling the position

the data of the attached CV, which are relevant

from the point of view of entering into, performing and termination legal relationship

it is used for

the evaluation of fulfilling the position

 

attached cover letter

it is used for the evaluation of fulfilling the position, only its

relevant data

after applying for the job,

indicating the consent for data handling

for 2 years,

if the Data Subject is refused

it is necessary for

the legal basis of processing

in the case of not selecting the applicant

 

The goal of processing: applying for job application and keeping contact.

 

The activity and the process affected by processing are the following:

 

The Data Subject shall forward his or her data to the Controller, which does not happen exclusively electronically.  The Controller shall forward the job application to the colleague of BDO Magyarország HR Személyzeti Tanácsadó Kft. that is part of BDO Magyarország group in order to carry out expert evaluation. During the recruitment process he or she shall compare the applications with the position that needs to be filled and the other conditions of establishing employment or other legal relationship and on the basis of this comparism he or she shall invite the most appropriate candidates to personal interview.

 

The recruitment process shall continue with the personal interview and if appropriate, with filling out a test.

 

The recruitment shall finish with drawing up a contract with the most appropriate Data Subject with a remark that the data of the not-selected Data Subjects shall be handled by the Controller if the Data Subjects have given their consent to that and they have requested it separately and proven way.

The Controller shall inform the applicant Data Subjects about the result of the recruitment and requests their consent to handle the data for 2 years after the application, for the same or similar job application that fits to the Data Subject’s competence, if the Data Subject has not given such consent prior to that. The Controller shall attach these consents to the data and stores them.

 

The Data Subject shall note that if he or she has referred to a reference person, the colleague of BDO Magyarország HR Személyzeti Tanácsadó Kft. may contact this person in order to check the Data Subject’s professional experience.

 

Duration of processing: until achieving the goal or the expiration of 2 years after application or the Data Subject’s request for cancellation. The method of processing: it happens electronically and/or paper-based, manually.

 

The source of data: directly from the Data Subject.

 

Automatic decision making, profile creation: it does not happen during processing.

 

The Controller calls the attention that if the Data Subjects do not provide data or provide incomplete data, it may refuse to provide the service (processing).

 

 

6. PROCESSING ACTIVITY: APPLICATION TO TRAINING

Processing that relates to the application to the adult educations and trainings of BDO Akadémia that can be found on the http://www.bdo.hu/hu-hu/szakmai-kepzesek website. The trainings are organised by the colleagues of BDO Magyarország HR Személyzeti Tanácsadó Kft. and the data are handled by them.

The legal basis of processing: The application to education and training, and taking part in them are based on voluntary consent.

Scope of the data subjects: Every natural person who by providing his or her data, wishes to take part in the educations and trainings, which are organised by the Controller.

Scope and target of the processed data during application:

name

identification

e-mail address

contact

address

necessary data for invoicing

phone number

contact

payment method

necessary data for invoicing

invoicing address (name, country, postal code, city, street, number, additional data)

necessary data for invoicing

date of application

it is necessary for completion and retrieving

 

The purpose of processing: to make the application possible, to identify the Data Subject and his or her entitlements and to keep contact.

The activity and the process affected by processing are the following: the Data Subject shall indicate his or her intention to take part in the education, training via ways or methods, which have been made available for him or her by the Controller, in particular, placing order via e-mail or phone, by giving his or her data defined above and forwards the data to the colleague of BDO Magyarország who is in charge of education. He or she shall record the expression of interest into the electronic database system that has been provided for this purpose and/or record it on a paper format. The Controller may set a condition on participating in the education, training (for example: paying fee).

The period of processing: in the case if identification and contact data it lasts until the prescription of the rights and liabilities arising from the validation of these rights and liabilities, for which the personal data are handled by the Controller, with reference to those data that are recorded onto accounting documents and the document supports the accounting procedure, in compliance with the legislation, the period of processing is minimum 8 years.

The method of processing: it happens electronically and/or paper-based, manually.

The source of data: directly from the Data Subject.

 

6. References and links

 

The website of the Controller may contain links to websites, which are not operated by the Controller, their goal is to inform the visitors. The Controller does not have any influance on the content and safety of websites that are operated by partner companies, so it shall not be liable for them.

 

7. Website visiting data

"Google Analytics" The www.bdo.hu website uses Google Analytics, which is the web control service of Google Inc. (‘Google’). The Google Analytics uses so called ‘Cookies’, which are text files that are placed on your computer and which make it possible to monitor your website usage. 

The information that has been generated by a Cookie (including IP address) is forwarded to a server of Google in the USA and it is stored there. Google uses this information to evaluate the usage of the website and to prepare reports about the website activity for the website operator; furthermore, it uses it for the purpose to provide services, which are connected to websites and internet usage.

Under no circumstances will Google connect your IP address with other data. You can ban to install Cookie by setting Browser Software, nevertheless we would like to call your attention that in some cases you will not be able to use all the functions of our website. The code-set shall not collect, store and forward personal data. You can find further information about the code-set on http://support.google.com website.

8. Rights of the Data Subject

 

According to the  Act CXII. on Informational Self-determination and Freedom of Information and the Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) the rights of the Data Subject in connection with the above processings are the following: the right of information, the right of rectification, the right of erasure, the ‘right to be forgotten’, the right to restriction of processing, the right to object, the right of appeal to a judicial body and the right to lodge a complaint with an authority.         

The Data Subjects may request information and exercise their rights by sending statement to the Controller’s availabilities. The Controller shall examine the statement within maximum 30 days of receipt, answer it and make the necessary steps in compliance with the policy and the legislation.

 

You shall seek legal redress from the Hungarian National Authority for Data Protection and Freedom of Information.

Address: 22/c. Szilágyi Erzsébet fasor, 1125 Budapest

Telefon: +36 (1) 391-1400

Fax: +36 (1) 391-1410

www: http://www.naih.hu

e-mail: ugyfelszolgalat@naih.hu

 

The Data Subject may refer to court in the case of breaching his or her rights. The Court acts in the case as a matter of urgency.

 

9. Data security

 

The Controller and its subsidiaries shall take care of data safety. For this purpose, they have made all the technical and organisational measures that are necessary to enforce governed legislations, data and security rules.

The Controller has made every reasonable effort to protect the data against unauthorized access (the protection of software and hardware devices), changing, forwarding, disclosing, deleting or terminating (regular back-up, virus protection), accidental destruction and damage; furthermore, to protect the data against becoming inaccessible due to technical changes.

 

 

 

10. Legal background, modification

 

The goal of this Policy is that the Controller shall comply with the provisions of in-force legislations about data protection, in particular, but not exclusively to the provisions of Act on Informational Self-determination and Freedom of Information and GDPR.

The Controller reserves the right to modify this Policy. The modified, consolidated version of the Policy is published on the www.bdo.hu website.