Reg. no.: 01-09-897644
Reg. office: 1065 Budapest, Nagymező utca 54-56. (hereinafter: “Prezi”)
This Policy sets out terms and conditions under which Prezi, as data controller, collects and manages personal data relating to job applicants (hereinafter: “active candidates”) and persons targeted with employment offers (hereinafter: “passive candidates”, while active and passive candidates collectively “candidates” or “You” or “data subject” and Prezi and a candidate is jointly referred to as the “parties”).
This Policy ensures compliance with the underlying data privacy laws, in particular, but without limitation to Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information of Hungary (“Information Act”), Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR), Act CXXV of 2003 on Equal Treatment and the Promotion of Equal Opportunities of Hungary and shows Prezi’s efforts on the protection of the candidate’s personal data, privacy and equal treatment, and its continuous improvement of a data protection management system and data minimization.
This Policy applies to all relationships established with active candidates and passive candidates in the course of the recruitment process and related personal data processing activities at Prezi.
In the context of this Policy, personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The fundamental purpose of the data processing prescribed herein is the efficient conduction of the recruitment process at Prezi.
The collected personal data will be processed for the following purposes:
Prezi needs to process data to take steps at Your request prior to entering into a contract with you. Prezi may also need to process your data to enter into a contract with you. Prezi needs to process data in order to fully comply with relevant legal regulations.
Both You and Prezi have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing candidates’ data allows Prezi to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. The process also allows Prezi to remain in contact with and inform actual or potential candidates on openings of vacancies that may be of interest. It is important to note that You can request Prezi any time to terminate your data processing and Prezi will comply with such request unless statutory law would provide otherwise.
Consent: In a case where the personal data are required Your explicit consent may used as the lawful basis of the processing of personal data.
Legal obligation: In a case where the processing is necessary for Prezi to comply with the underlying laws (not including contractual obligations).
Legitimate interests: In a case where the processing is necessary for Prezi's legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
In order to provide the best possible employment opportunities at Prezi that are tailored to you, we need to process certain information about you. We only ask for details that will genuinely help us to help you. Recruitment data may include:
Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health, diversity information or details of any criminal convictions.
Prezi collects this information in a variety of ways. For instance, data might be contained in application forms, cover letters, Curriculum Vitaes or resumes, prezumes, obtained from your Linkedin profile, or collected through interviews, HR service providers, head-hunters, job platforms or other forms of assessment.
Data will be stored on the following platforms of Prezi:
If you submit your application to Prezi, you will be considered as an active candidate and based on the parties’ legitimate interest designated in Clause III, Prezi is entitled to keep your personal data in its records for potential future employment opportunities for which you may be suited. Your personal data shall be maintained for no longer than three years after the submission of your application. Following the end of this period, all personal data shall be erased and/or anonymized so that no links between you as data subject and the anonymized are further traceable or identifiable.
Once you are being approached by Prezi as a passive candidate with an employment offer, Prezi will require your consent in order to have your data processed and thus to have it forwarded to the data processor designated in Clause VII. If your consent is given and Prezi proceeds with the recruitment process, but at the end of the selection process Prezi decides not to provide you with an employment opportunity, based on the parties’ legitimate interest, Prezi will keep your personal data in its records for potential future employment opportunities for which you may be suited. Your personal data shall be maintained for no longer than three years after your confirmation to proceed with Prezi’s recruitment process. Following the end of this period, all personal data shall be erased and/or anonymized so that no links between you as data subject and the anonymized are further traceable or identifiable.
During the aforesaid three-year period, both active and passive candidates have the right to objection against the processing of their data in line with the provisions of Clause IX.
Prezi may choose to periodically remind via email or other platforms candidates about the processing of their personal data for recruitment purposes. Again, all candidates have at all times the right detailed below, to request termination of the processing of their personal data.
If your application for employment as an active candidate is successful or you are provided with an employment opportunity as a passive candidate which you duly accept, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment and you will be provided with a new privacy notice and policy concerning Prezi employees and this Policy shall no longer apply to you.
For the purposes of the data management carried out by Prezi under this Policy, Prezi forwards your data to its legitimate data processor, GREENHOUSE SOFTWARE, INC (contact info on: https://www.greenhouse.io), a ‘processor’ under Section (8) Art. 4 of GDPR who will process the personal data on behalf of Prezi in their platform (hereinafter: ‘Greenhouse’ or ‘processor’). Prezi and the processor will have at all times an appropriate contractual framework in place to ensure the secure and lawful data transfer processing in compliance the GDPR and national regulations. Greenhouse is a data processor of U.S. (third country) origin, and it is subscribed to the EU-U.S. Privacy Shield Framework (subscription of Greenhouse available at www.privacyshield.gov). As a participant of the EU-U.S. privacy Shield Framework - based on COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield - Greenhouse is recognized as a data processor that ensures an adequate level of protection to your personal data under Article 45 Section 1 of GDPR.
Furthermore, your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers with a vacancy, IT staff if access to the data is necessary for the performance of their roles.
In the final round of Your recruitment process, Your Prezume may be shared internally with the employees of Prezi for the purposes of recruitment exercise.
Prezi will not disclose your data to parties other than the foregoing, unless i) you are an active candidate and your application for employment is successful or ii) you are a passive candidate and we make you an employment offer which you choose to accept. We will then be entitled with your consent, to obtain references from your former employers or colleagues indicated in your CV or whom you advised us to contact.
Prezi takes reasonable steps to protect personal data in its possession secure against accidental loss, damage, and unlawful or unauthorised use, access, disclosure, alteration or destruction. All employees of Prezi are subject to confidentiality, privacy and non-disclosure obligations in accordance with Hungarian laws, with respect to any personal data disclosed to them in the frame of their employment, during and after their employment without time limitation whatsoever.
Keeping the confidential nature of the personal information covered by this Policy is Prezi’s key commitment which means that only authorised users are able to have access to this data for the purposes detailed in this Policy.
Your personal data will be processed primarily in Budapest, Hungary, by Prezi as controller, save for the case of retaining third party processor as described in this Policy. Prezi implements appropriate hardware, software and organisational security measures so to maintain the security and confidentiality of the personal data from its collection until its destruction.
To safeguard personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, Prezi introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data, and disclosing personal data both internally and to authorized third party service providers and agents only on a need-to-know basis. One should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed with absolute certainty, Prezi strives to protect the security of personal data and information and is constantly reviewing and enhancing its information security measures.
You have the right to request access to and rectification or erasure of your personal data or restriction of processing or to object to processing as well as the right to data portability. At your request Prezi will provide details on the personal data that holds about you. Before providing data or information, Prezi might ask for proof of identity and sufficient information about the concerned data subject to locate any relevant data. Accordingly, the candidates, as data subjects may request Prezi regarding personal data;
RIGHT TO ACCESS; to obtain from Prezi confirmation whether or not personal data is being processed, and, where that is the case, the following information;
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed,
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
RIGHT TO RECTIFICATION; to obtain from Prezi the rectification of inaccurate personal data concerning the candidate. Taking into account the purposes of the processing, the candidate has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
RIGHT TO ERASURE (‘right to be forgotten’); to obtain from Prezi the erasure of personal data concerning the candidate and Prezi has the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent to processing and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) [objecting automated decision making];
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in EU or a Member State law to which the controller is subject;
(f) the personal data have been collected from children in relation to the offer of information society services;
RIGHT TO RESTRICTION OF PROCESSING; to obtain from Prezi restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) [objecting automated decision making] of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims. A data subject who has obtained restriction of processing shall be informed by Prezi before the restriction of processing is lifted.
Prezi will communicate any rectification or erasure of personal data or restriction of processing carried out in accordance to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Prezi shall inform the data subject about those recipients if the data subject requests so.
RIGHT TO OBJECT; candidates have the right to object, on grounds relating to their particular situation, at any time to processing of personal data for the purposes of the legitimate interests pursued by Prezi or by a third party including profiling based on those provisions. Prezi shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
DATA PORTABILITY; candidates have the right to receive their personal data provided Prezi, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(a) the processing is based on candidate consent pursuant or on a contract between candidate and Prezi; and (b) the processing is carried out by automated means.
In exercising the right to data portability, candidates have the right to have the personal data transmitted directly from one controller to another, if and where technically feasible. This right shall not adversely affect the rights and freedoms of others.
All rights provided for the candidates above may be restricted by Prezi for the establishment, exercise or defence of legal claims, if so permitted by the applicable laws, with special regard to the GDPR provisions.
Questions and requests in relation to the processing of the candidate’s personal data should be addressed in written or electronic form to the HR Department of Prezi (email: firstname.lastname@example.org) describing all relevant facts or circumstances. Requests will be carefully studied and replied in a concise, transparent, intelligible and easily accessible form, using clear and plain language, within 30 days in writing, including electronic means.
In the event of an infringement of rights related to the processing of personal data, the candidate may turn to the Hungarian Authority for Data Protection and the Freedom of Information (1530, Budapest, Pf. 5.; e-mail: email@example.com, web: www.naih.hu) or the competent court (including the county tribunal having jurisdiction for the place of residence).
You are under no statutory or contractual obligation to provide data to Prezi during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
This Policy shall be governed by and construed in accordance with the law of the European Union and Hungarian national law.
This Policy exclusively refers to the data management carried out by Prezi, the employees of Prezi and the data processor designated in Clause VII. This Policy under no circumstances covers the eventual review by Prezi of the candidate’s data published to Linkedin or published to any other professional recruitment or social media platform open to public review.