Gemini HR

Munkaerőt keresek
Állást keresek

A GEMINI HR SERVICES LIMITED LIABILITY

Home A GEMINI HR SERVICES LIMITED LIABILITY

(2800 TATABÁNYA, MAGYARY ZOLTÁN UTCA 1A., COMPANY REG. NO.: 11-09-021968)

GENERAL DATA PROTECTION NOTICE

A key objective of our Company is to fully comply with the data protection legislation in force, primarily Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter: “GDPR”), as well as the applicable Hungarian legislation, in particular the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information.

The purpose of this Data Protection Notice (hereinafter: “Notice”) is to inform persons who come into contact with Gemini HR either through its website or its employees about how Gemini HR intends to handle their personal data.

As a data controller, our Company determines the purposes and means of processing personal data independently or jointly with others, and as a data processor, processes personal data on behalf of the data controller.

Data processing is any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Technical data processing is data processing of a technical nature, which does not involve any right of disposal or decision-making over the data.

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

As a data controller and data processor, our Company respects the privacy of all persons who provide personal data to it and is committed to protecting such data.

I.

Based on Article 13 of the GDPR, our Company provides the following information to data subjects:

Data Controller’s details:

  • Company name: GEMINI HR Szolgáltató Korlátolt Felelősségű Társaság (GEMINI HR Services Limited Liability Company)
  • Registered office: 2800 Tatabánya Magyary Zoltán utca 1A.
  • Website: www.geminihr.hu
  • Contact person: Rózsa Fülöp, Managing Director
  • Phone: +36 34 323 046
  • E-mail: geminihrkft@gmail.com

A data processor is engaged at our Company (e.g. for payroll processing).

Data processor’s name and contact: Tímea Németh, +36 34 323 046

Pursuant to Article 37 of the GDPR, our Company is not obliged to appoint a Data Protection Officer.

Data protection requests: if you have any request or question concerning data processing, you may send your request by post to 2800 Tatabánya, Réti utca 162. ground floor, or electronically to the e-mail address geminihrkft@gmail.com. We will send our responses without undue delay, but at the latest within 30 days, to the address specified by you.

No international data transfer takes place on the part of our Company.

II.

Purpose, legal basis and duration of data processing by our Company

Processing purposes:

Data processing takes place on the basis of the prior informed, voluntary, and express consent of our clients, partners, and job applicants/candidates, or by virtue of legal provisions.

Our Company carries out data processing for the following purposes in accordance with the legislation:

  • in connection with the provision of temporary agency work and employer activities, we process the data of service users as employer and partner for the purpose of fulfilling legal obligations and maintaining customer relations;
  • processing of employees’ and applicants’ data (under conditions defined in a separate policy);
  • processing of contact persons’ data of contractual partners for the purpose of contract performance;
  • property protection, personal safety;
  • fulfilment of obligations defined by law;
  • marketing activities.

Legitimate interest

The Data Controller may process personal data for certain legitimate business purposes, including:

  • where the process enables us to develop, modify, personalise, or otherwise improve our services/communications for the benefit of our clients, job applicants, and employees;
  • detection and prevention of fraud;
  • enhancement of the security of our network and IT systems;
  • direct marketing purposes.

Legal basis for data processing:

  • GDPR Article 6(1)(a): consent of the data subject
  • GDPR Article 6(1)(b): necessary for the performance of a contract
  • GDPR Article 6(1)(c): necessary for compliance with a legal obligation
  • GDPR Article 6(1)(f): legitimate interest, always requiring a balancing test

Legal basis of individual processing activities:

  • legal basis for issuing invoices in accordance with accounting legislation: GDPR Article 6(1)(c)
  • contact-keeping: the legal basis (for processing the data of partners’ employees) is GDPR Article 6(1)(f). The data controller’s legitimate interest: business continuity.
  • processing of employees’ data: GDPR Article 6(1)(b) and (c)
  • processing of contractual partners’ data: legal basis GDPR Article 6(1)(b)
  • marketing activities: legal basis: GDPR Article 6(1)(a). A Facebook page is also operated for marketing purposes; however, no independent database is created and no profiling is carried out.
  • online registration: legal basis GDPR Article 6(1)(a)
  • operation of security cameras: legal basis GDPR Article 6(1)(f). The data controller’s legitimate interest: property protection; in the case of employees, the employer’s legitimate interest as defined in the Labour Code.

Where the data subject’s personal data is processed on the basis of legitimate interest, we carry out a balancing test, during which:

  • we identify and record the legitimate interest;
  • we identify and record the data subject’s interests and rights;
  • we assess on the basis of necessity and proportionality, purpose limitation, data minimisation, and limited storage;
  • we inform the data subject of the balancing test.

The data subject has the right to object, on the basis of which the personal data will no longer be processed, unless processing is justified by compelling grounds.

No compelling grounds exist in the case of direct marketing; in the event of objection, the data must be deleted.

Duration of data processing:

We store the personal data we collect in our systems in a manner that allows for the identification of data subjects for no longer than is necessary in light of the purposes for which the data were collected or are further processed.

  • Invoices are retained for at least 8 years due to a legal obligation. The retention period for documents underlying the issuance of invoices is 8 years.
  • Retention period of documents underlying the employment relationship: 50 years.
  • Retention period of data provided for the purpose of contact-keeping: 1 year following the termination of the relationship.
  • Retention of data related to contract performance: 5 years.

What information we share

We protect your personal data and do not disclose it. We may share your personal data with subcontractors who provide services on our behalf and according to our instructions. We may share your personal data with (i) our subsidiaries and affiliated companies; (ii) if you are a job applicant, with clients who may have available job opportunities or who may be interested in the workforce we place; and (iii) with our other partners, such as labour placement consultants and subcontractors, for the purpose of finding employment for you.

In addition, we may disclose certain of your personal data (i) where required by law or legal process; (ii) to law enforcement authorities or other government officials based on a lawful disclosure request; and (iii) where we believe such disclosure is necessary or appropriate to prevent physical, financial, or non-material harm, or to investigate fraud or illegal activity. We also reserve the right, where we sell or transfer all or part of our business or assets (including in the context of a reorganisation, dissolution, or liquidation), to transfer the personal data we hold about you.

Data transfer

We transfer the personal data you provide or that we collect about you to domestic and international clients under our contractual obligations. Your personal data is subject to equivalent protection in the EU Member States. When we transfer your data to countries outside the European Union or to international organisations, we ensure adequate protection on the basis of an adequacy decision of the European Commission, or where the data controller or processor has provided appropriate safeguards in connection with the processing of personal data, and where enforceable data subject rights and effective legal remedies are available. Such safeguards may include in particular: (a) legally binding and enforceable instruments between public authorities or bodies; (b) binding corporate rules; (c) standard data protection clauses adopted by the European Commission.

III.

Data subjects’ rights:

In relation to your personal data, the data subject has the rights set out in the legislation:

  • right of access (knowledge of the data, and whether data processing is taking place);
  • where data is outdated or incorrect, rectification thereof;
  • erasure (only in the case of processing based on consent);
  • restriction of data processing;
  • prohibition of the use of personal data for direct marketing purposes;
  • transfer of personal data to a third-party service provider, or prohibition thereof;
  • a copy of any personal data processed by the data controller;
  • objection to the use of personal data;
  • right to rectification;
  • right to withdraw consent;
  • objection to automated decision-making.

IV.

Data protection incidents:

Please be informed that in connection with the exercise of the above rights, Gemini HR is obliged to provide information regarding your request for rectification, blocking, or erasure in writing and in an understandable form without undue delay, but no later than one (1) month from the submission of the request. If we do not take action on your request, we will inform you without delay, but no later than within one (1) month, of the reasons for not acting on your request for rectification, erasure, or blocking, and of the fact that you may seek judicial remedy in this regard and lodge a complaint with the National Authority for Data Protection and Freedom of Information.

Our Company ensures data security proportionate to the risk associated with the data processing. In the event of a breach thereof, without delay, but no later than within 72 hours of becoming aware of it, our data protection officer, or in their absence, the data controller/processor or their representative, will notify the supervisory authority and inform the data subject.

Upon becoming aware of a data protection incident, our Company will immediately take the necessary security measures to remedy and restore the breach underlying the incident.

We will notify the data subject of the measures taken and their outcome.

V.

Legal remedies:

The data protection supervisory authority in Hungary is: National Authority for Data Protection and Freedom of Information (hereinafter: NAIH; address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C; e-mail: ugyfelszolgalat@naih.hu). The data subject may lodge a complaint with NAIH if, in their view, the processing of their personal data does not comply with the legal obligations.

A judicial review may be initiated against the decision of NAIH.

VI.

Information on records:

Our Company carries out data processing and handling in a lawful, transparent, and verifiable manner. To achieve these objectives, we keep the following records:

Records of data processing activities

— until the GDPR entered into force, kept by NAIH under Section 65 of the Information Act

Contents:

  • serial number
  • activity
  • data processed
  • purpose of processing
  • legal basis of processing
  • method and duration of storage
  • name and contact details of the data controller
  • name and contact details of the Data Protection Officer
  • data transfers, recipients
  • technical and organisational measures

Records of data processing must be kept separately by activity.

Records of data transfers

Contents:

  • serial number
  • date
  • recipient
  • transfer to a third country
  • scope of personal data
  • purpose of data processing/handling
  • legal basis of data processing/handling
  • name and contact details of the data controller
  • name and contact details of the Data Protection Officer
  • technical and organisational measures
  • planned deadline for data erasure
  • other data specified by law (e.g. chamber identification number of the auditor)

Records of the termination of data processing

Contents:

  • serial number
  • date of request
  • name and identifying data of the data subject
  • content of the request
  • description of the action
  • date of the action
  • name and contact details of the data controller
  • name and contact details of the Data Protection Officer

Records of data protection incidents

Contents:

  • serial number
  • time of the incident
  • name of the incident
  • scope of data subjects affected
  • personal data affected
  • impact of the incident
  • measures
  • name and contact details of the data controller
  • name and contact details of the Data Protection Officer

Records of data subject and authority requests and responses thereto

Contents:

  • serial number
  • subject and time of the request
  • scope of data subjects affected
  • personal data affected
  • measures
  • name and contact details of the data controller
  • name and contact details of the Data Protection Officer

Records of the Data Protection Officer’s activities

Contents:

  • serial number
  • time of activity
  • activity
  • compliance review
  • impact assessment observations
  • cooperation with the supervisory authority

Records of “misdirected” data and requests

Contents:

  • serial number
  • time of receipt
  • subject of the request
  • action taken (e.g. return)
  • name and contact details of the data controller
  • name and contact details of the Data Protection Officer

Records of prior data protection impact assessments

Contents:

  • serial number
  • time of the impact assessment
  • description of operations, purpose of processing, legitimate interest
  • examination of necessity and proportionality
  • analysis and management of risks
  • name and contact details of the Data Protection Officer
  • opinion of the Data Protection Officer

Tatabánya, 27 May 2026.

GEMINI HR Kft. as data controller

represented by: Rózsa Fülöp, Managing Director