Privacy Statement

Below you will find the information that has to be provided in accordance with Articles 13 and 14 of the General Data Protection Regulation (“GDPR”) on the processing of your personal data when you visit (hereinafter “you” or “your”) our website https://www.kostalhungary.hu; https://www.kostalhungary.com  (hereinafter each referred to as “Website”) by KOSTAL Global Business Services Center Korlátolt Felelősségű Társaság (hereinafter “we” or “us”).

• Data controller and data protection contact

KOSTAL Global Business Services Center Korlátolt Felelősségű Társaság,

1065 Budapest, Dozsa György ut 84/B, Park Artrium Office Building; info@kostal.com, Phone +-------.

Data Protection Contact: dataprotection@kostal.com

• Information on the processing of personal data

Below you will find information on the processing of your personal data for the purposes specified in more detail there and, for example, about the legal basis for this processing. If the legal basis for the processing specified there is the balancing of interests, you can request additional information about the balancing of interests carried out by us using the contact details specified in Section A.

• Use of the Website
• Use of the Website for information purposes

When you visit our Website, we process the IP address of your device for technical reasons, i.e. in order to be able to display the Website at all. We cannot provide the Website content accessed without the provision of this data.

In order to protect our IT infrastructure, we also process the IP address of your device, the type and version of the internet browser used by you, information on the operating system of your device, information on the pages accessed, the site previously visited (referrer URL) and the access date and time and store this information in so-called log files.

The legal basis of this processing is the balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest for this processing is the provision of the Website content accessed by you and the protection of the IT infrastructure used to provide the Website, in particular to identify, remedy and document IT disruptions (e.g. DDoS attacks) for evidence purposes. For more information please refer to the contact details specified in Section A.

The recipient of these data is our hosting provider Webflow, which acts for us as processor. A further recipient of these data is BlueColibri, which acts as processor and has been commissioned with the development of the Website as well as its maintenance and servicing.

We generally store these personal data in the log files for 3 (three) months. In the case of any security-relevant event (e.g. an attack), we also store the log files until the security-relevant event has been eliminated and clarified in full.

• Cookie bot/ Cybot A/S

The Cookie bot/ Cybot A/S Consent Manager is used by us to manage your consents, possible revocations of consents and objections to the use of cookies.

The data processing in this context is carried out to manage the user decisions regarding cookies (consent, revocation, opt-out) and to ensure the security of the application.

The IP address of your terminal device, the type and version of the Internet browser you are using, information about the operating system of your terminal device, information about the pages accessed, the previously visited page (referrer URL) and the date and time of access are processed. In addition, the user's decision on individual cookies or groups of cookies is stored at the time of the decision and the last visit.

Legal basis for the processing of the balance of interests (point f of Art. 6(1) GDPR). Our legitimate interest is the simple and reliable control of Cookies.

The recipient of the data is Cybot A/S, which acts as our order processor.

We store the data for a period of 6 months. The revocation of a previously given consent is stored for three years (accountability). Server log data is anonymized before storage.

We would like to point out that it is not possible to use the website without transmitting personal data, such as the IP address. An automatic decision-making process for consenting to the use of cookies does not take place.

• Job vacancies /Job Offers

You can also find links to job vacancies on our Website. These links lead to an external website for which a separate data protection statement applies. You can find this here.

If you apply in response to job offer from us on our web-site or initiative, i.e. without reference to a specific job, we process (i) the assignment to a specific job offer (i.e. a link between your entries and such an offer) in order to recruit new employees and carry out an application procedure; (ii) your personal data (first name, last name, address, contact data, date of birth, place of birth); (iii) the photo you have provided; (iv) your information about your previous resume, including educational background and professional experience, as well as certificates from previous employers and/or training institutions; (v) your letter of application; (vi) information about how you came to our attention; and (vii) login data. The processing of login data is necessary for the purpose of transmitting your application. With the exception of information about how you came to our attention and any severe disabilities, which you may voluntarily provide, you must provide the remaining personal information if you wish to work with us.

The legal basis for this processing is the decision on the establishment of an employment relationship is point b of Art. 6 (1) of the GDPR (“in order to take steps at the request of the data subject (in this case applicant) prior to entering into a contract”). Other legal bases are:

- point a Art. 6(1) of the GDPR A (Consent): e.g. for KOSTAL applicant community as part of the applicant management system

- point f Art 6 (1) of the GDPR (Legitimate interests): e.g. for HR evaluations (analytical reporting, background checks), recommending additional relevant positions by the competent recruiter

The recipient of this personal data is SmartRecruiter as operator of the "SmartRecruiter" platform, which processes the data on our behalf and according to our instructions. Only the people involved in the application process (e.g. line managers and associates of the recruiting department, HR associates and associate representatives) have access to your personal data.

In any case, we will retain the personal data for six (6) months after completion of the application process. If legal proceedings are instituted within this period, we will keep these documents for a longer period of time, namely until the conclusion of the legal proceedings. The human resources department may delete the applicant data on the individual instructions of the applicant or according to personnel specifications. After successful application, the data is transferred to our human resources system and deleted from the platform

• Third-party provider plug-ins

The video player You Tube is embedded in our Website. It enables you to use certain services of this external provider directly on our Website. You Tube has the sole responsibility for these plug-ins.

Plug-in providers can (similar to accessing an external website via a link) in particular receive your IP address and the address (URL) of the website from which you access the plug-in. If you are registered with You Tube as a user, it can usually also assign the data received to your user account.

YouTube LLC, is a company under US law. Information about YouTube can be found here. YouTube LLC’s privacy policy can be found here, where you can find information about the processing of personal data by Tube LLC.

YouTube is a subsidiary of Google in the USA. For the purposes of EU data protection law, the USA is not considered a safe third country. We would like to point out that US companies are obliged to hand over personal data to security authorities without giving the data subject the possibility to take legal action against this.

We have no influence on this processing activity and it cannot be ruled out that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data located on US servers for monitoring purposes.

• Use of cookies

When you use our Website, we store cookies in your device’s browser, unless you prohibit this with appropriate settings in your browser.

• General information on Cookies

Cookies are small text files containing information which can be placed on the user’s device via its browser when a website is visited. When the website is visited again with the same device, the cookie and the information stored in it can be read.

Generally and also in the description of the individual cookies used by us in Section D.III, a distinction is made between (i) first-party and third-party cookies, (ii) transient and persistent cookies as well as (iii) cookies that do not require consent and those that do require consent.

First-party cookies are cookies placed by us or a processor commissioned by us, whereas third-party cookies are cookies that are placed and accessed by another controller.

Transient cookies are deleted when you close your browser, whereas persistent cookies are cookies that are stored on your device for a specific period of time.

Cookies that do not require consent are cookies whose sole purpose is to transmit a message via an electronic communications network. Cookies that are strictly necessary so that the provider of an information society service expressly requested by the subscriber or user can make this service available do not require consent either (also referred to as “strictly necessary cookies”). All other cookies require consent.

• Cookie management

If the user’s consent is required for the use of certain cookies, we only place these cookies when you use the Website if you have given your consent to this beforehand. Please refer to Section D.III for information about whether the use of a cookie requires consent.

When you visit our Website, we display a so-called cookie banner in which you can give your consent to the use of cookies on this Website. By clicking on the button provided for this, you have the possibility to consent to the use of all cookies requiring consent described in detail in this Section D.III of this cookie information.

We likewise store your consent and, where applicable, your individual selection of cookies requiring consent in an additional cookie (“opt-in cookie”) on your device so that we can determine whether you have already given your consent when the Website is accessed again. The opt-in cookie is valid for a limited period of 1 (one) month.

Strictly necessary cookies cannot be deactivated with the cookie management function of this Website. However, you can at any time deactivate these cookies generally in your browser.

You can also manage the use of cookies in your browser settings. Additional detailed information can, for example, be found at http://www.allaboutcookies.org/manage-cookies/.

When you deactivate the storage of cookies in your browser, some Website functions may no longer work or no longer work properly.

• Cookies used on this Website

Below we provide you with information about the cookies we use.

• Name: cookieconsent

Purpose and content: Strictly necessary opt-in cookie (see Section D.II above) used to store your consent and, where applicable, your individual selection for the use of cookies on your device, in order to determine whether you have already given your consent when the Website is accessed again.

Responsibility: First-Party

Validity: persistent (1 year)

Consent required: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is the management of cookie consents given by the user

• Name: AWSALBCORS

Purpose and content: Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience.

Responsibility: Third Party

Validity: persistent (6 days)

Consent required: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is providing the informational function of the Website requested by the user.

• Name: incap_ses_#

Purpose and content: Preserves users states across page requests.

Responsibility: Third-Party

Validity: transient

Consent required: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is providing the informational function of the Website requested by the user.

• Name: nlbi_#

Purpose and content: Used to ensure website security and fraud detection.

Responsibility: Third-Pary

Validity: transient

Consent required: no

Legal basis under data protection: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is ensuring the security of our Website.

• Name: visid_incap_#

Purpose and content: Preserves users states across page requests.

Responsibility: Thirdt-Pary

Validity: persistent (1year)

Consent required: no

Legal basis under data protection: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is providing the informational function of the Website requested by the user.

• Name: Consent

Purpose and content: This cookie is used for the YouTube plug-in (see Section C) in order to be able to embed videos on our website.

Responsibility: Third-Party

Validity: persistent (2 years)

Consent required: yes

Legal basis under data protection: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

• Name: Consent

Purpose and content: This cookie is used for the YouTube (play.google) plug-in (see Section C) in order to be able to embed videos on our website.

Responsibility: Third Party

Validity: persistent (2 years)

Consent required: yes

Legal basis under data protection Consent (point (a) of Article 6 paragraph 1 of the GDPR).

• Name: Visitor_INFO1_Live

Purpose and content: This cookie is used for the YouTube (play.google) plug-in (see Section C) in order to be able to embed videos on our website.

Responsibility: Third Party

Validity: persistent (179 days)

Consent required: yes

Legal basis under data protection Consent (point (a) of Article 6 paragraph 1 of the GDPR).

• Name: YSC

Purpose and content: This cookie is used for the YouTube (play.google) plug-in (see Section C) in order to be able to embed videos on our website.

Responsibility: Third Party

Validity: transient

Consent required: yes

Legal basis under data protection Consent (point (a) of Article 6 paragraph 1 of the GDPR).

• Information on the rights of data subjects

As a data subject, you have the following rights with respect to the processing of your personal data. You can contact us for the purpose of exercising your rights using the contact details in Section A:

A right to obtain access to and information (Article 15 GDPR) about which personal data from you we process. This includes additional information on the data processing, such as the purpose and legal basis as well as the recipients of these data. You also have the right to request a copy of these data.

A right to obtain from us the rectification of inaccurate personal data concerning you and the completion incomplete personal data concerning you (Article 16 of the GDPR).

A right to obtain the erasure of personal data concerning you in the cases provided for by law (Article 17 of the GDPR), such as when the data are no longer needed for the purposes for which they were collected or have been unlawfully processed.

A right to obtain the restriction of processing in the cases provided for by the law (Article 18 of the GDPR).

A right to receive the personal data concerning you that we process on the basis of consent which has been given or for the performance of a contract (see Section B) in a structured, commonly used and machine-readable format (right to data portability, Article 20 of the GDPR).

A right to withdraw the consent given to us at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

A right to lodge a complaint with a supervisory authority (Article 77 of the GDPR). A list of the data protection supervisory authorities and their addresses can be found here.

‍

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (f) of Article 6 paragraph 1 of the GDPR (see Section B). We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

The above rights do not necessarily apply to you without limitation in every case. The law provides for restrictions in each case. You can find the full extent of your rights in the Articles of the GDPR specified above, which you can access by using the following link:

http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

‍

‍

Last modified: 24th of May 2022