Ugrás a tartalomhoz
JobsFlow - Állásportál JobsFlow

Privacy Policy

Last updated: 2026. 04. 03.

The protection of your personal data is of the utmost importance to us. This policy explains in detail how we process and safeguard your data.

Effective date: 1 January 2024

This privacy policy has been prepared in accordance with the General Data Protection Regulation of the European Union (GDPR – Regulation 2016/679) and the applicable Hungarian legislation. By using our website, you accept the provisions set out in this privacy policy.

1. Basic information and definitions

JobsFlow Kft. (hereinafter: Data Controller) is committed to protecting your personal data. The purpose of this notice is to provide transparent and detailed information about what personal data we process, for what purpose and on what legal basis, and for how long.

Definitions

Personal data: Any information relating to an identified or identifiable natural person.
Processing: Any operation or set of operations performed on personal data (e.g. collection, recording, organisation, storage, alteration, use, retrieval, transmission, erasure).
Data subject: Any natural person who is identified or identifiable on the basis of any information.
Consent: A freely given, specific, informed and unambiguous indication of the data subject's wishes.

2. Identification of the Data Controller

Data Controller details

Name:JobsFlow Kft.
Registered address:1111 Budapest, Példa utca 123.
Tax number:12345678-1-42
Company registration number:01-09-123456

Data Protection Officer

For data protection enquiries, please contact our Data Protection Officer:

Name:[Name of Data Protection Officer]
Phone:+36 1 234 5678

3. Categories of personal data processed

3.1. Job seekers' data

  • Registration data: Name, email address, phone number, password (stored encrypted)
  • CV data: Educational qualifications, work experience, skills, language proficiency
  • Preferences: Job type, expected salary, location of work
  • Technical data: IP address, browser type, device identifiers
  • Activity data: Jobs viewed, applications submitted, saved searches

3.2. Employers' data

  • Company data: Company name, registered address, tax number, company registration number, contact person's name
  • User data: Email address, phone number, password (encrypted)
  • Billing data: Billing name and address, bank account number
  • Job posting data: Content of job advertisements, uploaded documents

3.3. Automatically collected data

  • Log files: IP address, time of visit, pages viewed, referring URL
  • Device data: Operating system, browser type and version, screen resolution
  • Cookies: Session identifiers, preferences, analytical data

4. Purposes of data processing

4.1. Registration and account management

Creating, identifying and authenticating user accounts, providing our services, maintaining contact.

4.2. Managing job postings and applications

Publishing job advertisements, receiving and forwarding applications to employers, operating the matching algorithm.

4.3. Service improvement and personalisation

Improving user experience, displaying relevant job offers, conducting statistical analyses, developing new features.

4.4. Security and fraud prevention

Preventing fraud, spam and abuse, ensuring the security of our platform and users, moderation activities.

4.5. Billing and payment

Processing orders, issuing invoices, handling payments, fulfilling accounting obligations.

4.6. Marketing communications (consent-based)

Sending newsletters, displaying relevant offers, sending promotional materials – exclusively on the basis of prior consent.

4.7. Compliance with legal obligations

Complying with statutory requirements, responding to regulatory requests, fulfilling accounting and tax obligations.

5. Legal basis for data processing

Our data processing is based on the following legal grounds under the GDPR:

a) Consent (GDPR Article 6(1)(a))

Uploading a CV, subscribing to the newsletter, receiving marketing communications – based on your voluntary, unambiguous consent. You may withdraw your consent at any time.

b) Performance of a contract (GDPR Article 6(1)(b))

Registration, posting a job advertisement, applying for jobs, subscription packages – necessary for the performance of the service contract.

c) Legal obligation (GDPR Article 6(1)(c))

Retaining accounting documents, fulfilling tax obligations, responding to regulatory requests – based on statutory requirements.

d) Legitimate interests (GDPR Article 6(1)(f))

Preventing abuse, maintaining security, analytics, service development – based on the legitimate interests of the Data Controller and its users.

6. Data retention periods

Data category Retention period Legal basis / Reason
Active user accounts Until account deletion Performance of contract
Inactive accounts (2 years of inactivity) 30 days after notification, then deleted Data minimisation principle
Job postings 1 year after expiry Accountability
Application data 3 years or until deletion request Legitimate interest
Billing data 8 years Accounting Act
Web analytics data 14 months Legitimate interest
Consent-based marketing data Until withdrawal of consent Consent
Log files 90 days Security, fraud prevention

Important: Deleted data may be retained in security backups for a further 90 days, after which it is permanently erased.

7. Data processors and data transfers

We engage the following data processors to provide our services. We have concluded a data processing agreement with each processor, ensuring compliance with the GDPR:

Hosting service

Provider: [Hosting provider name]

Purpose: Website hosting and operation

Data type: Technical data, user content

Email service

Provider: [Email service provider name]

Purpose: System emails, newsletter delivery

Data type: Email address, name, communication history

Payment provider

Provider: Stripe Payments Europe Ltd.

Purpose: Secure online payment processing

Data type: Payment data (card numbers are NOT stored in our systems)

Analytics

Provider: Google Analytics (anonymised IP)

Purpose: Traffic statistics, behavioural analysis

Data type: Technical and usage data (anonymous)

International data transfers

For certain services (e.g. Google, Stripe), data may be transferred outside the European Economic Area (EEA). These providers are members of the EU–US Data Privacy Framework, or apply the Standard Contractual Clauses approved by the EU, thereby ensuring adequate protection of personal data.

8. Data security measures

To protect your personal data, we apply the following technical and organisational measures:

Encryption

  • • SSL/TLS encryption (HTTPS)
  • • Passwords hashed with bcrypt
  • • Database encryption
  • • Secure communication channels

Access control

  • • Role-based access permissions
  • • Multi-factor authentication (MFA)
  • • Access logging
  • • Regular access reviews

Protective mechanisms

  • • Firewall and intrusion detection system
  • • Regular security updates
  • • Antivirus and malware protection
  • • DDoS protection

Data backup and recovery

  • • Daily automated backups
  • • Redundant storage
  • • Disaster recovery plan
  • • Regular recovery testing

Organisational measures

  • • Employee confidentiality agreements
  • • Data protection training
  • • Incident response protocol
  • • Third-party audits

Monitoring

  • • 24/7 system monitoring
  • • Security log analysis
  • • Anomaly detection
  • • Penetration testing

9. Rights of data subjects

Under the GDPR, you have the following rights in relation to the processing of your personal data:

1. Right to information

You are entitled to request information about the personal data we hold about you, the purpose, legal basis, duration of processing, and the recipients.

2. Right to rectification

You may request the correction or completion of inaccurate or incomplete data. You can also do this yourself in your account settings.

3. Right to erasure ("right to be forgotten")

In certain circumstances you may request the deletion of your data. This right is not absolute – it does not apply if the processing is:

  • • Necessary for compliance with a legal obligation
  • • Necessary for the establishment, exercise or defence of legal claims
  • • Carried out for public interest archiving, scientific or historical research purposes

4. Right to restriction of processing

You may request that we restrict the processing of your data (e.g. during a dispute) if you contest the accuracy or lawfulness of the data.

5. Right to object

You may object to processing based on legitimate interests, as well as to direct marketing. Upon objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

6. Right to data portability

You may request to receive the data you have provided to us in a structured, commonly used, machine-readable format, and to have it transmitted to another data controller.

7. Right to withdraw consent

Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Exercising your rights

You may exercise the above rights in the following ways:

  • Email: [email protected]
  • Via the account settings menu (for certain rights)
  • By post: 1111 Budapest, Példa utca 123.

Response deadline: We will respond to your request within 30 days. For complex requests, this may be extended by a further 60 days, of which we will inform you.

10. Use of cookies

Our website uses cookies to improve user experience, optimise website performance, and generate traffic statistics.

What is a cookie?

A cookie is a small text file placed in your browser by a website. Cookies help the website remember your preferences and improve the user experience.

Types of cookies used:

Strictly necessary cookies

These cookies are essential for the website to function. They include login session cookies, security cookies, and cookies preserving shopping basket contents.

Legal basis: Performance of contract; no consent required.

Analytical / Performance cookies

These cookies enable us to understand how visitors use the website and which pages are most popular. We use Google Analytics (with anonymised IP addresses).

Legal basis: Consent required (cookie banner).

Functional cookies

These cookies remember your choices (e.g. language, region) and provide personalised functions.

Legal basis: Consent required.

Marketing / Targeting cookies

These cookies are used to display advertisements relevant to your interests. Third parties (e.g. Facebook, Google Ads) may also use such cookies.

Legal basis: Consent required.

Cookie management

You can manage cookies in your browser settings. Most browsers allow you to delete or disable cookies. However, disabling certain cookies may affect the functioning of the website.

Chrome cookie settings Firefox cookie settings Edge cookie settings Safari cookie settings

11. Handling of personal data breaches

In the event of a personal data breach (e.g. unauthorised access, data leak), we act in accordance with the requirements of the GDPR:

1

Immediate action

Upon detection of a breach, we immediately take the necessary security measures to prevent further harm.

2

Regulatory notification

If the breach poses a risk to the rights and freedoms of data subjects, we notify the National Authority for Data Protection and Freedom of Information (NAIH) within 72 hours.

3

Notification of data subjects

If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, describing the nature of the breach and the recommended protective measures.

4

Documentation and prevention

We document and investigate every breach, and take measures to prevent similar incidents in the future.

12. Protection of minors' data

Age restriction

Our services are intended for users aged 16 and over. We do not knowingly collect data from persons under 16. If we become aware that we hold data of a person under 16, we will delete it immediately.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at [email protected].

13. Right to complain and legal remedies

If you believe that we have infringed your data protection rights, you may take the following steps:

1. Direct contact

We recommend first contacting our Data Protection Officer directly:

Email: [email protected]

Address: 1111 Budapest, Példa utca 123.

2. Complaint to the supervisory authority

You may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH):

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information)

Address: 1055 Budapest, Falk Miksa utca 9-11.

Postal address: 1363 Budapest, Pf. 9.

Phone: +36 1 391 1400

Email: [email protected]

Website: https://naih.hu

3. Judicial remedy

In the event of an infringement of your data protection rights, you may bring proceedings before a court. You may also bring the action before the court of your place of residence or habitual residence.

Have a question?

If you have any questions about our data protection practices or would like to exercise your rights, please do not hesitate to contact us:

Email
[email protected]
Contact
Contact form

Last updated:

We reserve the right to modify this privacy policy at any time. We will notify users of any material changes by email.