Privacy statement
BDO Magyarország Vagyonkezelő és Szolgáltató Kft. (registered office: 1103 Budapest, Kőér utca 2/A. C. building, Company registration number: 01 09 865069, Tax number: 13627289-4-42), as Data Controller, considers it important to respect and enforce the rights of natural persons (hereinafter referred to as: data subjects) visiting the www.bdo.hu website in relation to data processing and acts in accordance with the applicable substantive and procedural legal regulations and its internal policies when processing personal data.
The purpose of this Privacy Notice is to inform data subjects about the data processing activities carried out by the Data Controller through the www.bdo.hu website; therefore, this Notice applies exclusively to data processing performed via the aforementioned website(s) and the categories of data processed therein.
The purpose of the website is to provide useful information about the activities and services of the BDO Hungary group of companies.
1. Who are the data subjects?
A data subject is any natural person who, based on data provided or received through the www.bdo.hu website, is identified or identifiable—directly or indirectly.
This Privacy Notice applies to natural persons who inquire through the www.bdo.hu website, request or send offers, the representatives and contact persons of legal entities, natural persons subscribing to newsletters on the site, job applicants, and employees of the Data Controller entrusted with the operation of the www.bdo.hu website.
Regarding job applications, a data subject is also anyone who applies for a job or internship position advertised by BDO Hungary.
In the case of business and consultancy contracts concluded by BDO Group Companies, the data processing of personal data of natural persons who are contracting parties or business contacts and representatives of the contracting party is governed by the data processing notice annexed to the given contract.
2. The Data Controller
For data processing related to the website, the Data Controller is the operator of the www.bdo.hu website.
Company name: BDO Magyarország Vagyonkezelő és Szolgáltató Korlátolt Felelősségű Társaság
Registered office: 1103 Budapest, Kőér utca 2/A
Contact: BDO Office Management
Email: office@bdo.hu; adatvedelem@bdolegal.hu
Company registration number: Cg.01-09-865069
Tax number: 13627289-4-42
For the additional data processing activities described in this notice—given that the purpose and means of data processing are determined jointly—the joint controllers are the following BDO Hungary group companies:
BDO Magyarország Compliance Szolgáltatások Kft.
BDO Magyarország Könyvvizsgáló Kft.
BDO Magyarország Digitális Szolgáltatások Kft.
BDO Magyarország ESG Tanácsadó Kft.
BDO Legal Jókay Ügyvédi Iroda
BDO Magyarország Pénzügyi Tanácsadó Zrt.
BDO Magyarország FDI Tanácsadó Kft.
BDO Magyarország Vagyonkezelő Kft.
(jointly hereinafter referred to as “BDO”, or depending on the context, the relevant BDO group company: “BDO Group Company”, or “Data Controller”)
The jointly named controllers designate BDO Vagyonkezelő és Szolgáltató Kft. as the primary controller, and responsible for the lawfulness and security of data processing. Data subjects may primarily exercise their rights against BDO Vagyonkezelő és Szolgáltató Kft., which also acts as the point of contact for data subjects. Data subjects may contact BDO Vagyonkezelő és Szolgáltató Kft. via the contact details provided above.
3. Data Processing Activity: Sending Newsletters
Before using the newsletter service, the data subject may subscribe by providing the following data.
Categories and purpose of processed data:
Full name | identification |
Email address | newsletter distribution |
Company name | identification |
Date of subscription | identification |
Purpose of data processing:
The purpose of the data processing related to electronic newsletter distribution is to provide the recipient business with comprehensive, general or personalized information about BDO’s latest events, training sessions, news, and updates regarding current economic events and the regulatory environment. The purpose is also to contact businesses directly for marketing purposes via electronic messages, unless the data subject objects. Direct marketing typically includes information about the Controller’s events and training.
Legal basis:
Subscription to the newsletter is voluntary and based on prior consent. Furthermore, the legal basis for newsletter distribution may also be the legitimate interest of the Controller if the newsletter does not specifically target natural persons. Legitimate interest: direct marketing (based on the authorization provided in Recital 47 of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)). The Controller always provides the option to object (unsubscribe), and if the data subject indicates that they do not wish to receive marketing communications, their data will be deleted and will no longer be used for that purpose upon receipt of the request.
Scope of data subjects:
All natural persons who wish to regularly receive updates about the BDO Group’s news and events by subscribing to the newsletter through the provision of personal data. In the case of newsletters not specifically addressed to natural persons and based on the Controller’s legitimate interest, data subjects may also include individuals who have had business or professional contact with any of the Controllers, or participated in previous trainings or business-related events. Furthermore, data subjects may include individuals whose contact details are published on publicly accessible websites for professional purposes.
Who processes the data:
Newsletters are exclusively sent by the staff of the Marketing and PR department using the Online Marketing newsletter software.
Duration of data processing:
The Controller processes the personal data collected for this purpose only until the data subject unsubscribes or does not provide reconfirmation. The Controller reviews the newsletter list every three years and requests renewed consent for continued newsletter distribution. If the data subject does not provide renewed consent, their data will be deleted from the database.
Retention period: until deletion upon the data subject’s request or until no further consent is provided.
Unsubscribing:
The data subject may unsubscribe from the newsletter at any time using the unsubscribe link at the bottom of the electronic messages, by sending a cancellation request to info@bdo.hu, or by post to 1103 Budapest, Kőér utca 2/A. C. building.
4. Data processing activity: One-time request for information or offer
In case of a request for information or offer, if it concerns a specific business line, the appropriate BDO Member Company shall qualify as the data controller.
Purpose of data processing: to provide appropriate information to the data subject and maintain contact. The Data Controller enables data subjects to request information or an offer related to service provision from the Data Controller by providing the data specified below via the website or central email address.
Legal basis: The request for information is based on voluntary consent.
Scope of data subjects: Every natural person who contacts the Data Controller and requests information or an offer from the Data Controller by providing personal data.
Scope and purpose of processed data:
Full name | Identification |
Email address | Contact |
Company name | Identificatio |
Phone number | Contact |
Content of remark/question | Response |
Who processes the data: The data may be processed exclusively by the employees of the Data Controller, to the extent strictly necessary for performing their duties.
The personal data are principally processed by the Data Controller, or in case the task is outsourced in order to have the question answered by an expert, the data are forwarded to an expert employee of the relevant BDO Member Company.
The Data Controller does not forward the data to any other third party.
In the case of joint data processing, the BDO Member Companies, as data controllers, follow the procedure defined here. The activity and process affected by data processing is the following:
a. The data provided via the website reach the Data Controller via email. Emails requesting information or an offer may also arrive at the central email address provided on the website. These incoming inquiries are received by the Data Controller, who, in case of professional questions, shares the data with the relevant BDO Member Company in order to respond with expert information or an offer.
b. The Data Controller answers the question of the data subject and sends it to them – preferably in the same manner as the request was submitted, unless the data subject specifies otherwise.
c. The data subject, in line with the purpose of data processing, voluntarily consents that if they have provided their contact details during the request for information, the data controllers may contact them via those details to clarify the question or to provide the response.
Duration of data processing: until the closure of the one-time request for information or offer. If a BDO Member Company establishes a business relationship with the person requesting the offer, then the privacy notice attached to the contract shall apply to the further processing of personal data. In the event that the request for or provision of information has legal effect or significantly affects the data subject or the data controllers similarly, the Data Controller and joint data controllers will retain the data until the expiration of the applicable statute of limitations.
5. Data Processing Activity: Job Applications and Internships
Data Controller:
If the applicant applies to BDO with regard to a specific position, then the data controller is exclusively BDO Magyarország Vagyonkezelő és Szolgáltató Kft. together with the given BDO Member Firm advertising the position. In this case, the personal data of the data subject will only be forwarded by BDO to another BDO Member Firm if the data subject has given prior consent to this.
Data subjects have the opportunity to electronically submit their application materials (CV, motivation letter, etc.) in Hungarian and foreign languages for job advertisements published on the website, via the email address provided there, and to provide their personal data. Data subjects may also send their application to the postal address.
Legal basis:
The legal basis of the data processing is the applicant's consent. Please note that you are not obliged to provide your consent. However, if you do not consent to the data processing, we will not be able to evaluate your job application. If you have given your consent, you may withdraw it at any time without justification, but the withdrawal does not affect the lawfulness of data processing carried out before the withdrawal.
Please note that by submitting your application, you consent to data processing by BDO Magyarország in accordance with this notice.
Scope of data subjects:
All natural persons applying for a job application or internship program announced by the Data Controller.
Scope and purpose of processed data:
Full name | for identification |
Place and date of birth | for identification |
Title of the applied position | necessary to identify the application |
Special data, e.g., health data | special data will only be processed if necessary to assess the suitability for the position |
Experience – name of previous workplace and time spent there | used to assess suitability for the position |
Experience – description of position | used to assess suitability for the position |
Educational qualification | used to assess suitability for the position |
Foreign language knowledge | used to assess suitability for the position |
Attached CV’s other data relevant to the establishment, performance, or termination of the legal relationship | used to assess suitability for the position |
Attached motivation letter | used to assess suitability for the position, relevant data only Please do not include in your CV or motivation letter any data that is not relevant to the establishment of the employment relationship! |
Public profile of social networking sites (e.g., LinkedIn), if the data included there provides relevant information in regard to the applied position Application via Facebook profile: basic data appearing on the Facebook profile, contact details, workplace and studies, if these are public on the profile page – used to assess suitability for the position, relevant data only | used to assess suitability for the position |
Salary expectation | used to assess suitability for the position |
Indication of consent to data processing for 2 years following the application, if the applicant is not hired | required to establish the legal basis for further data processing in case of non-selection |
General purpose of data processing:
The fundamental purpose of the processing of personal data is the assessment of the applicant’s professional suitability in connection with the advertised position, and – if the applicant gives separate consent – in connection with further job opportunities, and for the purpose of direct contact by BDO to make offers related to cooperative employment based on the applicant's capabilities and interests.
Specific purpose of data processing until the evaluation of the application:
The assessment of the applicant’s professional suitability in connection with the advertised position.
Specific purpose of data processing after the evaluation of the application:
Direct contact by BDO for the purpose of communicating further job opportunities, provided the data subject has given consent for this.
Activity and process affected by data processing:
The data subject sends their data to the Data Controller, which is done not exclusively by electronic submission. The Data Controller forwards the job application to the HR department staff member responsible for selection for the purpose of expert evaluation. During the selection process, the applications are compared to the position to be filled and the conditions for establishing the employment/other legal relationship, and based on the comparison, the most suitable candidates are invited for a personal interview.
The selection process continues with a personal interview and, if applicable, with the completion of a test.
The selection ends with the conclusion of a contract with the most suitable data subject, with the note that the Data Controller may only continue to process the data of non-selected data subjects if they have given separate, provable consent for this.
The Data Controller informs the applicant data subjects of the result of the selection and requests consent for the further processing of their data for a period of 2 years following the application for the purpose of applying for the same, similar, or a position matching the data subject's competencies, if such consent has not been previously given by the data subject. The Data Controller links and stores such consents to the data.
The data subject acknowledges that if they provide a reference person during the job application, this may only be done with the consent of the reference person. The data subject acknowledges that in this case, the staff member of the relevant BDO Member Firm may contact the designated person for the purpose of verifying the data subject's professional experience.
- Duration of data processing:
The retention period of the application, if the application was unsuccessful, is a maximum of 90 days following the decision.
If the applicant has given separate consent for this, or the data subject did not apply for a specific job, BDO retains the data for two years and uses it in order to establish contact with the applicant regarding further job opportunities. - If the applicant registered on BDO’s online career portal, BDO will process the personal data until the withdrawal of the consent (until the deletion of the registration).
- If the consent provided by the applicant is only verbal (e.g., the applicant applies for a posted job by phone), and BDO does not obtain written or electronic confirmation of consent from the applicant, then the duration of data processing and use is a maximum of 90 days from the recording of the data, after which BDO deletes the data.
- In the case of an application announced for an employment relationship to be established with a BDO Member Firm, if the application is successful, BDO continues to process, from among the data provided during application, the data necessary for the establishment and maintenance of the employment relationship, in accordance with the separate notice to be given to employees.
Source of data: directly from the data subject.
BDO may also obtain the personal data of the data subject via a recruitment agency or through a job portal used by BDO; in such cases, the acquisition of the data by BDO is in accordance with the privacy notice of the recruitment agency or the relevant job portal.
Automated decision-making, profiling:
This does not occur in connection with data processing.
The Data Controller draws attention to the fact that if the data subjects do not provide the requested data or do so incompletely, the Data Controller may refuse to provide the service (data processing).
Data transfer:
The Data Controller does not transfer personal data to third parties. If the data subject applies for internship employment, the data of the selected data subject will be transferred to the chosen cooperative or other employer with the data subject’s consent.
Data processing related to professional job interviews:
The Data Controller conducts a professional job interview with the selected data subjects at a mutually convenient time. Participation in the interview is based on voluntary consent.
Data subject: any natural person who wishes to apply for a job application or internship position advertised by the Data Controller.
Scope and purpose of the processed data:
previously provided data (see above) | identification, contact |
position applied for | identification |
opinion and remarks of the Data Controller | used for assessing the fulfillment of the position |
professional competencies demonstrated during the interview | used for assessing the fulfillment of the position |
language proficiency level demonstrated during the interview | used for assessing the fulfillment of the position |
salary expectation provided by the data subject | used for assessing the fulfillment of the position |
notice period of the data subject | used for assessing the fulfillment of the position |
possible starting date of employment | used for assessing the fulfillment of the position |
Duration of data processing: if the application was unsuccessful, up to 90 days after the decision. If the applicant has given separate consent, or if the data subject did not apply for a specific job, then BDO retains and uses the data for two years in order to contact the applicant regarding further job opportunities.
Suitability tests and assessments:
Competence assessment is carried out with the voluntary consent of the data subject, during the professional job interview or at another time.
Scope of the processed data:
name | identification |
phone number, email | contact |
time and date | necessary to determine the time of the suitability assessment |
test result | assessment of the abilities required for the given position |
Purpose of data processing: assessment of professional suitability (competencies) required for the position.
Process: The Data Controller, to the best of their professional knowledge, introduces in detail the selected test or the suitability assessment for the given position in advance — its method of execution, essence, purpose, circumstances, operation, and what results the data subject can achieve. The Data Controller requests the explicit, prior, written voluntary consent of the data subjects for participating in the suitability assessment or test. The results of the suitability assessment or test are evaluated by the Employee appointed by the Data Controller for this task and are shared in detail and comprehensively with the data subjects. The data subject may decide, after learning the results, to request the deletion of the test result and other data by the Data Controller. The tests are not used to collect information about the applicant beyond the assessment of professional suitability, and the tests used by us are not suitable for obtaining such information.
Duration of data processing: if the application was unsuccessful, up to 90 days after the decision. If the applicant has given separate consent, or if the data subject did not apply for a specific job, then BDO retains and uses the data for two years in order to contact the applicant regarding further job opportunities.
6. References and Links
The Data Controller’s website may also contain links that point to pages which are not operated by the Data Controller and serve only to inform visitors. The Data Controller has no influence over the content and security of websites operated by partner companies, and therefore bears no responsibility for them.
7. Website Visit Data
“Google Analytics”
The www.bdo.hu website uses Google Analytics, which is a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files stored on your computer and which enable the analysis of your use of the website.
The information created by the cookie (including the IP address) is transmitted to and stored on one of Google’s servers in the USA. Google uses this information to evaluate the use of the website, to compile reports about website activity for the website operator, and to provide other services related to website and internet usage.
Under no circumstances will Google link your IP address with other data held by Google. You can disable the installation of cookies by setting your browser software accordingly; however, we would like to draw your attention to the fact that in some cases you may not be able to use all the functions of the websites. The code set does not collect, store, or transmit personal data. You can find more information about the use and functioning of the code set at http://support.google.com.
8. Rights of Data Subjects
- The data subject has the right to request information about the characteristics of data processing as defined in Articles 13 and 14 of the Regulation.
- The data subject’s right to information is fulfilled by BDO according to this Privacy Notice.The data subject has the right to access the data processed by BDO concerning them (the data subject may request information as to whether their personal data is being processed, and if such processing is taking place, they are entitled to access the personal data and the information specified in Article 15 of the Regulation). The data subject may request a copy of the personal data being processed. The first copy is free of charge, for additional copies BDO may charge a reasonable fee based on administrative costs. If the request was submitted electronically by the data subject, the information will be provided in electronic format, via a secure channel, password protected, unless the data subject requests otherwise.
- The data subject has the right to request the correction of inaccurate data.
- The data subject is entitled to request that BDO delete their personal data without undue delay if any of the following reasons apply:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data must be erased to comply with a legal obligation under Union or Member State law applicable to the data controller.
Deletion of data cannot be initiated if the processing is necessary for compliance with a legal obligation applicable to the data controller under Union or Member State law.
In certain cases, BDO does not delete the data but limits the processing exclusively to storage. This may occur if:
the data subject contests the accuracy of the personal data;
the processing is unlawful, but the data subject does not wish the data to be erased, only requests the restriction of its use;
the purpose of data processing no longer exists, but the data subject requests the processing for the establishment, exercise, or defense of a legal claim;
the data subject has objected to the processing, but BDO must verify whether its legitimate grounds override those of the data subject.
The data subject has the right to receive their data processed by BDO and to request their transfer to another controller (right to data portability). The data subject has the right to receive the data they have provided in a structured, commonly used, machine-readable format and to transmit those data to another controller, or request the direct transmission of the data to another controller.
If the data processing is based on the data subject’s consent, the data subject may withdraw their consent at any time, without justification. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The data subject may object to the processing of their personal data:
if the processing is based on legitimate interest; in such case, the processing may not continue unless compelling legitimate grounds override the interests, rights, and freedoms of the data subject, or are related to the establishment, exercise, or defense of legal claims,
if it is for or related to direct marketing purposes; in such case, the data processing may no longer continue for that purpose.
Remedies
If you have any complaints regarding your personal data, please first contact BDO using one of the contact options provided in this notice, in order to resolve your complaint amicably and promptly.Data Protection Authority Procedure
You may also contact the data protection authority and initiate an investigation, referring to a violation of rights in relation to personal data processing or the imminent risk of such violation:Name: National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa u. 9
Mailing address: 1530 Budapest, P.O. Box: 5.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.huRight to turn to court
In the event of a violation of your rights, independently of submitting a complaint, you may also turn to the competent court based on your place of residence or stay. The court will act in the matter without delay.
9. HOW CAN YOU EXERCISE YOUR RIGHTS?
If you contact us to exercise any of your above rights, please reach out to us using the contact details provided above.
If you declare that you wish to exercise any of your rights, we will inform you of the measures taken as a result of your request without undue delay, but no later than within one month from the receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, we may extend this period by an additional two months. We will inform you of any such extension within one month from receipt of the request, along with the reasons for the delay. If you submitted your request electronically, we will also respond electronically, unless you explicitly request a different method.
If we decide that no action is required on your request, we will inform you of the reasons for the lack of action without delay, but no later than within one month of receiving your request, and also inform you that you may file a complaint with the data protection authority and may exercise your right to judicial remedy.
10. Data Security
BDO ensures the security of data. To this end, it has taken all technical and organizational measures necessary to enforce applicable legal regulations, data and secrecy protection rules.
BDO has taken all reasonable measures to protect the data from unauthorized access (protection of software and hardware devices), alteration, transmission, disclosure, deletion or destruction (regular backups, antivirus protection), as well as from accidental destruction and damage, and from becoming inaccessible due to changes in the applied technology.
11. Other Information
BDO does not perform profiling and does not make decisions based on automated data processing. BDO does not transfer the data of the data subject to any data controller located outside the EU.
12. Modification
BDO reserves the right to modify this notice. The modified and consolidated version of the Notice will be published on the website www.bdo.hu.
Sincerely,
BDO Hungary