• Legal & Privacy

Legal & Privacy

Privacy Notice

BDO Magyarország Vagyonkezelő és Szolgáltató Kft. (H-1103 Budapest, Kőér utca 2/A, C épület,  company registration number: 01-09-865069, tax number: 13627289-4-42), as Controller considers it important to respect and enforce the rights related to the processing of the data of natural person visitors (hereinafter: data subjects) visiting the website www.bdo.hu  and acts in compliance with the legislations and procedural laws and its internal policies in force from time to time.

The goal of the Privacy Notice is to inform the data subjects about the Controller’s data processing activities on the website www.bdo.hu, so the scope of the Notice is limited to data processing occurring via that website(s) and to the data being processed.

The goal of the website is to provide useful information about the activity and services of the BDO Hungary Group.


1. Who Are The Data Subjects?

Data subjects are natural persons who are identified or directly or indirectly identifiable via their data that has been provided or received on the www.bdo.hu website.

The personal scope of the Notice extends to natural persons who inquire or request an offer or submit an offer via www.bdo.hu website; or representatives, contact persons of legal entities; or natural persons who subscribe to the newsletter of the website; as well as to the employees of the Controller who are in charge of operating the www.bdo.hu website.

In case of job applications, data subjects include also those who apply for a job or an internship announced by BDO Hungary.

In connection with the business and consulting contracts concluded by the BDO Group Firms, the privacy notice annexed to the contract concerned applies to the processing of the personal data of the natural person contracting party or the contracting party's official contact persons and representatives.

2. The Controller

With respect to data processing on the website, the Controller is the operator of the www.bdo.hu website.

Company name: BDO Magyarország Vagyonkezelő és Szolgáltató Korlátolt Felelősségű Társaság
Registered seat: H-1103 Budapest, Kőér utca 2/A., C épület
Contact: BDO Office Management
E-mail: [email protected][email protected]
Company registration number: Cg 01-09-865069
Tax number: 13627289-4-42

With respect to the data processing described in this Notice, regarding that the purpose and means of data processing are jointly defined, the joint controllers are the member firms of BDO Hungary:

  • BDO Magyarország Vagyonkezelő és Szolgáltató Kft.
  • BDO Magyarország Adótanácsadó Kft.
  • BDO Magyarország Könyvvizsgáló Kft.
  • BDO Magyarország Könyvelő és Bérszámfejtő Kft.
  • BDO Magyarország IT Megoldások Kft.
  • BDO Magyarország Pénzügyi és Ingatlan Tanácsadó Kft.
  • BDO Legal Jókay Ügyvédi Iroda

(hereinafter together referred to as BDO or, depending on the context, the relevant BDO Group Firm is referred to as BDO Group Firm or Controller).

The joint controllers named above designate BDO Vagyonkezelő és Szolgáltató Kft. as the primary Controller and the entity responsible for the lawfulness and security of data processing. The data subjects can primarily enforce their rights against BDO Vagyonkezelő és Szolgáltató Kft., and BDO Vagyonkezelő és Szolgáltató Kft. will act as the contact point for the data subjects. Data subjects may contact BDO Vagyonkezelő és Szolgáltató Kft. at the contact details provided above.

3. Processing Activity: Sending Newsletters

Before using the newsletter service, the data subject may sign up for the newsletter with their details as specified below.

Scope and target of the processed data:

full  name

identification

e-mail address

sending newsletters

company name

identification

date of subscription

identification

 

The purpose of data processing: The purpose of data processing related to sending newsletters is to provide general or personalized information to the addressee about the latest events and news of the Controller as well as to inform them about current economic events and the legal environment. The purpose of data processing is also to contact companies, as the targets of advertising, for the purpose of direct marketing in the form of an electronic message, unless the data subject objects to data processing. Contact for direct marketing typically means providing information about the events and trainings of the Controller.

Legal basis: The subscription to the newsletter is based on voluntary, prior consent. The legal basis for sending the newsletter may also be in the legitimate interest of the Controller, provided that the newsletter is not specifically targeted at natural persons. Specification of legitimate interest: direct marketing (see the authorization in Section 47 of the Preamble to Regulation (EU) 2016/679 of the European Parliament and of the Council). The Controller ensures the right to object (unsubscribe) at all times (see below), so if the data subject declares that they do not wish to receive promotional messages from the Controller, the Controller will erase their data and will not use it for such purpose.

Data subjects: Every natural person who intends to receive information about the news and events of BDO as Controller or the BDO Hungary Group, so they subscribe to the newsletter service by giving their personal data. In the case of electronic direct marketing communications not specifically targeted at natural persons, if the data processing is based on the legitimate interest of the Controller, then, in addition to the persons subscribing to the newsletter service, data subjects may also include persons who have contacted the Controller or attended the Controller's previous training courses or business events. In the case of data processing based on a legitimate interest, data subjects may include persons whose contact details have been provided for contact purposes on a publicly accessible website with professional relevance.

Who are the data processors: The newsletter is sent exclusively by employees of the Marketing and PR Department using the Online Marketing newsletter software.

How long will data be processed: The Controller will process the personal data recorded for this purpose until the data subject unsubscribes from the newsletter list or confirms it. The Controller will review the newsletter list in every three years and ask for confirmation from the subscribers after three years. The data of data subjects who do not confirm the subscription will be deleted from the database of the Controller.

Duration of data processing: The data processing lasts until deletion by request of the data subject or if the data subject does not renew their consent.

Unsubscription: The data subject may unsubscribe from the newsletter anytime, by using the unsubscription request at the bottom of the e-mails or sending a request to the e-mail address [email protected] or by post to the address H-1103 Budapest, Kőér utca 2/A, C épület.

4. Processing Activity: One-Time Request for Information or Offer

In connection with a request for information or offer, where it concerns a specific business line, the relevant BDO Group Firm will be deemed to be the Controller.

The purpose of data processing: The purpose of data processing is to provide appropriate information to the data subject and to keep contact. The Controller makes it possible for the data subjects to request information or an offer about the services from the Controller via the website or the central e-mail address by providing the following data.

Legal basis: The request for information is based on voluntary consent.

Scope of the data subjects: All natural persons who get in contact with the Controller and ask for information or for an offer from the Controller while giving their personal data.

Scope and purpose of the processed data:

full  name

identification

e-mail address

liaising

company name

identification

phone number

liaising

comment / content of the question

responding

 

Who are the data processors: The data will be processed by the Controller’s employees only to the extent necessary to perform their tasks.

The personal data will be processed primarily by the Controller or if it outsources the task in order to get the question answered by an expert, the personal data will be forwarded to an employee working at BDO Group Firm with expertise in the given field.

The Controller will not forward the data to any other third party.

In the case of joint processing, the BDO Group Firms, as Controllers, shall follow the procedure defined here. The activity and the process affected by processing are the following:

a. The data, which has been provided to the Controller on the website, are forwarded via e-mail. E-mails, in which information or an offer is requested, may be sent to the central e-mail address displayed on the website. The incoming requests for information are received by the Controller who shares the data with the BDO Group Firm in order to provide a competent response to the request for information or offer.

b. The Controller answers the data subject’s question and sends it to them, preferably using the same channel via which the request has arrived, unless the data subject indicates otherwise.

c. In accordance with the purpose of data processing, the data subject gives their voluntarily consent that if they have provided their contact details during requesting information, the Controllers may get in contact with them using those contact details so that the data subject can explain their question or receive the answer.

Duration of data processing: The data processing lasts until the one-time information request or offer has been closed. If the BDO Group Firm establishes a business relationship with the person requesting an offer, then the personal data will be processed in accordance with the privacy notice attached to the contracts. If requesting or/and providing information has a legal effect or if the data subject and the controllers are similarly and significantly affected, the Controller and the joint controllers will process the data until the expiry of the period of limitation.

5. Processing Activity: Processing of the Data of Applicants for Job Positions or Internship Programs

Controller: If the candidate has applied to BDO for a specific position, the Controller is only BDO Magyarország Vagyonkezelő és Szolgáltató Kft. and the BDO Group Firm announcing the position. In this case, BDO will transfer the personal data of the data subject to another BDO Group Firm only if the data subject has given their prior consent.

The data subjects have the possibility to submit their applications (CV, cover letter, etc.) electronically to the e-mail address provided on the website in Hungarian and foreign language for job positions announced on the website and they may also provide their personal data. The data subjects may send their applications to the postal address, too.

Legal basis: The legal basis of data processing is the candidate’s consent. Please note that you are not obliged to give your consent. However, if you do not consent to data processing, we will not be able to process your job application. You may withdraw your consent at any time without giving reasons if you have given your consent, but such withdrawal shall not affect the lawfulness of the data processing operations conducted prior to such withdrawal.

Please be advised that by submitting your application you agree to the data processing by BDO Hungary as set out in this Notice.

Scope of the data subjects: All natural persons who apply for a job application or internship announced by the Controller.

Scope and purpose of the processed data:

full  name

identification

place and date of birth

identification

name of position applied for

it is necessary for

the identification of the application

sensitive data, for example

health data

sensitive data is processed only if it is necessary for the evaluation of fitness for the position

experience - name of the previous workplace

and the period that was spent there

it is used for the evaluation of fitness for the position

experience - description of position

it is used for the evaluation of fitness for the position

education

it is used for deciding about fulfilling the position

 

foreign language skills

level of foreign language skills

it is used for the evaluation of fitness for the position

the data of the attached CV, which are relevant from the point of view of entering into, performing and termination legal relationship

it is used for the evaluation of fitness for the position

 

attached cover letter

it is used for the evaluation of fitness for the position, only its relevant data

In your CV and cover letter, please, do not provide any information that is not relevant for the establishment of the employment relationship!

a public profile of a social media site (e.g. LinkedIn) if the information provided here is relevant to the position applied for.

application with a Facebook profile: basic Facebook information, contact details, job and studies, as long as they are public information on the profile page.

will be used to assess fitness for the position, and only the relevant data

requested wage

will be used to assess fitness for the position

after applying for the job, indicating the consent to data processing for 2 years, if the data subject is not recruited

it is necessary for the legal basis of data processing in the case the applicant is not selected

 

The general purpose of data processing:

The primary purpose of the processing of personal data is for BDO to assess the professional suitability of the candidate for the advertised position or, if the candidate specifically agrees to it, for other job positions as well as to directly contact the applicant to make offers for cooperative employment based on the skills and interests of the applicant.

The specific purpose of data processing carried out until the evaluation of the application is to assess the professional fitness of the candidate for the advertised position.

The specific purpose of post-application data processing is for BDO to directly contact the applicant for the purpose of announcing additional job opportunities, provided that the data subject has consented thereto.

The activity and the process affected by data processing are the following:

The data subject shall forward their data to the Controller, which does not need to be done exclusively electronically. The Controller shall forward the job application to a colleague at the HR Department in charge of recruitment to carry out the expert assessment. During the recruitment process applications are compared with the job position to be filled and the other conditions of establishing employment or other legal relationship, and on the basis of this comparison, the most appropriate candidates will be invited to a personal interview.

The recruitment process continues with the personal interview and if appropriate, with taking a test.

The recruitment is closed with signing a contract with the most appropriate data subject provided that the data of not-selected data subjects will be processed by the Controller if the data subjects have given their specific consent thereto and they have requested it separately and demonstrably.

The Controller will inform the applicant data subjects about the result of the recruitment and request their consent to process their data for 2 years after the application, for the same or similar job positions that fit to the data subject’s competence, if the data subject has not given such consent prior to that. The Controller will attach these consents to the relevant data and store them.

The data subject acknowledges that they can provide a reference person only with the consent of such reference person. The data subject acknowledges that, in this case, a colleague of the relevant BDO Group Firm may contact such person in order to check the data subject’s professional experience.

Duration of data processing:

  • If the application was unsuccessful, the period of retention for the application may not exceed 90 days after the decision.
  • The data will be retained and used by BDO for two years in order to contact the candidate to recommend upcoming job positions if the candidate has specifically consented to this, or the data subject has not applied for a specific job.
  • If the applicant has registered on BDO's online career portal, BDO will process their personal data until their consent is withdrawn (registration is cancelled).
  • If the consent given by the applicant is communicated only orally (e.g. the applicant applies for an advertised position by telephone) and BDO does not obtain confirmation of the consent from the applicant in writing or electronically, the duration of data processing and use is up to 90 days after which BDO will delete the data.
  • In the case of an application for a job position at a BDO Group Firm, if the application was successful, BDO will continue to process the data required for the establishment and maintenance of the employment from the data provided at the time of application according to the separate privacy notice to be provided to its employees.

The source of data: directly from the data subject. The personal data of the data subject may also be collected by BDO through an employment agency or through the job portal used by BDO, in which case the data will be collected by BDO in accordance with the privacy notice of the employment agency or the relevant job portal.

Automatic decision making, profiling: not conducted during data processing.

The Controller reminds data subjects that if they do not provide data or provide incomplete data, it may refuse to provide the service (processing).

Data transmission: No personal data is transmitted by the Controller to any third parties. If the data subject applies for an internship, the data of the selected candidate will be transmitted to the selected cooperative or other employer with the consent of the data subject.

Data processing relating to professional job interviews:

The Controller will conduct a professional job interview with the selected data subjects at a mutually agreed time. Participation in the interview is based on voluntary consent. Data subject is any natural person who wishes to apply for a job position or internship program announced by the Controller. 

Scope and purpose of the processed data:

the date previously provided (see above)

identification, liaising

the job position applied for

identification

Controller’s opinion and comments

will be used to assess fitness for the position

professional competencies demonstrated during the interview

will be used to assess fitness for the position

language skills demonstrated during the interview

will be used to assess fitness for the position

wage requested by the candidate

will be used to assess fitness for the position

notice period of the candidate

will be used to assess fitness for the position

possible starting date of employment

will be used to assess fitness for the position

 

Duration of data processing: If the application was unsuccessful, up to 90 days after the decision. If the candidate has specifically consented to this, or the data subject has not applied for a specific job, the data will be retained and used by BDO for two years in order to contact the candidate to recommend upcoming job positions.

Competency tests and competency examinations:

The competency test is performed with the voluntary consent of the data subject during a professional job interview or at a different time.

Scope of the processed data:

name        

identification

phone number, email

liaising

date

necessary to determine the date of the competency test

test result

will be used to assess fitness for the position

 

The purpose of data processing: to assess the professional skills (competencies) required for the position.

Process: The Controller will describe in detail the test or aptitude examination selected for the given position to the best of its knowledge in advance, together with the manner, essence, purpose, circumstances, process and the results that may be attained by the data subject. The controller will request a voluntary express prior written consent from the data subjects to participate in the aptitude examination or test. The results of the aptitude examination and test will be evaluated by the Controller’s employee entrusted with this task, and also reported in detail and fully to the data subjects. In the knowledge of the results, the data subject may decide to request the Controller to delete their test results and other data. We do not use the tests to collect any information about the applicant other than the assessment of their professional competence, and the tests we use are not suitable for gathering such information.

Duration of data processing: If the application was unsuccessful, up to 90 days after the decision. If the candidate has specifically consented to this, or the data subject has not applied for a specific job, the data will be retained and used by BDO for two years in order to contact the candidate to recommend upcoming job positions.

6. References and Links

The website of the Controller may contain links to websites, which are not operated by the Controller; they only serve to inform the visitors. The Controller does not have any influence on the content and safety of websites that are operated by partner companies, so it shall not be liable for them.

7. Website Traffic Data

"Google Analytics" The www.bdo.hu website uses Google Analytics, the web analysis service of Google Inc. (‘Google’). Google Analytics uses so called ‘cookies’, i.e. text files that are placed on your computer and make it possible to monitor your website usage. 

The information that has been generated by a cookie (including IP address) is forwarded to a Google server in the USA and it is stored there. Google uses this information to evaluate the usage of the website and to generate reports about the website activity for the website operator. They also use it for the purpose of providing services that are connected to websites and internet usage.

Under no circumstances will Google merge your IP address with other data. You can prevent the installation of cookies by setting up your browser program; nevertheless we would like to call your attention that in some situations you will not be able to access all the functions of our website. The code-set shall not collect, store and forward personal data. You can find further information about the code-set at http://support.google.com.

8. Rights of the Data Subjects

  • The data subject has the right to request information on the details of data processing set out in Articles 13 and 14 of the Regulation. The data subject’s information request will be satisfied by BDO in accordance with this Privacy Notice.
  • The data subject has the right to access the data processed by DBO about them (the data subject has the right to request information whether their personal data is being processed. If that is the case, they may request the controller to provide access to their personal data and the information listed in Article 15 of the Regulation). The data subject may request a copy of the personal data processed. The first copy will be free, for any further copies, BDO may charge a reasonable fee based on its administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information will be provided in an electronic form, via a secure channel with password protection.
  • The data subject has the right to request the rectification of any inaccurate data.
  • The data subject has the right to request BDO to erase the personal data concerning the data subject without undue delay, in case any of the following reasons apply:
    • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
    • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
    • the personal data has been unlawfully processed;
    • the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Data erasure may not be requested if the data processing is necessary to ensure compliance with a legal obligation to process personal data under Union or Member State law applicable to the Controller.

  • In certain cases, the data will not be deleted by BDO, but it will limit data processing to storage only. This may occur if (i) the data subject contests the accuracy of the personal data, (ii) the processing is unlawful and the data subject does not request the erasure of the personal data but only the restriction of its use, (iii) the purpose of the processing no longer exists but the data subject requests the processing in order to exercise some of their rights, (iv) the data subject has objected to processing but BDO needs to determine whether the legitimate grounds of BDO override the legitimate interests of the data subject.
  • The data subject has the right to receive the data processed by BDO and request its transfer to another controller (right to data portability). The data subject has the right to receive the data provided by them in a structured, widely used, machine-readable format or to transfer the same to another controller, as well as to request the direct transfer of their data to another controller.
  • If the processing is based on the data subject's consent, the data subject may withdraw their consent at any time, without giving reasons. The withdrawal of consent does not affect the lawfulness of processing that was carried out before such withdrawal.
  • The data subject may object to the processing of their data,

a) if it based on a legitimate interest; in this case the processing of personal data may not continue unless there are legitimate and compelling grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims,

b) if it is for direct marketing or related thereto; in that case, the data processing may no longer be continued for that purpose.

  • Remedies
    • Should you have any complaints concerning your personal data, please contact BDO first at one of the contact details provided in this Notice in order to get your complaint resolved amicably as soon as possible.
  • Data Protection Authority procedure

You can also turn to the data protection authority at the below addresses and initiate an inspection if you believe that there has been a breach in connection with the processing of your personal data, or that such breach is threatening:

Name: Hungarian National Authority for Data Protection and Freedom of Information

Registered seat: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c

Mailing address: H-1530 Budapest, Pf.: 5.

Telephone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: [email protected]

Website: http://www.naih.hu

  • Right to judicial remedy

If their rights have been violated, the data subject may turn to a court that has jurisdiction according to the data subject’s home or place of residence regardless of whether a complaint has been submitted. The court will act in the case with urgency.

 9.  How Can You Exercise Your Rights?

If you would like to turn to us to exercise any of your rights above, please contact us at the contact details provided above.

If you express your wish to exercise your rights, we will inform you about the action taken on your request without undue delay and, in any case, within one month of receipt of the request, at the latest. This period may be extended by two months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay in any case. If you have submitted your request electronically, we will also respond electronically, unless you expressly request that we reply in a different manner.

If we believe that we do not need to take action on your request, we will inform you without undue delay and, in any case, within one month of receipt of your request, at the latest, of our reasons for not taking action and on your right to file a complaint with the data protection authority as well as to seek judicial remedy.

10. Data Security

BDO shall take care of data safety. For this purpose, BDO has made all the technical and organisational measures that are necessary to enforce governed legislations, data and security rules.

BDO has made every reasonable effort to protect the data against unauthorized access (the protection of software and hardware devices), changing, forwarding, disclosing, deleting or terminating (regular back-up, virus protection), accidental destruction and damage; furthermore, to protect the data against becoming inaccessible due to technical changes.

11. Other Information

BDO does not perform profiling or make decisions based on automated data processing. BDO does not transfer the data subject's data to another controller located outside the EU.

12. Modification

BDO reserves the right to modify this Notice. The amended and consolidated text of the Policy will be published on the website www.bdo.hu.

Best regards,

BDO Hungary