Our organisation will only carry out individual processing in accordance with this privacy notice, information on which is given in the relevant sections of the notice.

5. Chapter Transfer(s) of data by the controller / Data processors

The controller transfers personal data for processing to the following partners (external service providers such as suppliers, billing service providers or banks) in order to fulfil its contractual obligations. Our company has a contract with each data processor, which includes a specific section on the appropriate protection of data.

5.1 Data processors

Our company transfers personal data to the following data processors (partners, suppliers):

5.1.1 Data protection provider Details of the provider:

Reé Consulting Nonprofit Kft.

Processor's data management activities: provision of data protection services, Data Protection Officer (DPO)

Address of the data processor: 8000 Székesfehérvár, Várkörút 4. II/26. Email address: dpo@reeconsulting.eu

Legal basis for the transfer: Performance of the contract

5.1.2 IT service provider

Details of the service provider: Krisztian Maczkó ev.

The data processor's activities related to data management: IT services Address of the data processor: Am Sonnenberg 42 53489 Sinzig

Email address: maczko.krisztian@gmail.com Place of processing (website or address):

Website:

Legal basis for the transfer: Performance of the contract

5.1.3 Accounting service provider

Details of the service provider: Feldmann-Berzen-Sebastian Steuerberater-Sozietät

Activity of the processor in relation to data management: accounting services

Address of the data processor: Wilhelmstraße 52 53474 Bad Neuenahr-Ahrweiler

Email address. info@fbs-steuerberater.de

Place of data processing (website or address):

Website: https://www.sbk-rlp.de/

Legal basis for the transfer: Performance of the contract

5.2 Data transfers to third parties (within the EU)

Our organisation transfers personal data about its clients to its employees and partners (job advertisers, other organisations) on the basis of their explicit consent or for the performance of a contract.

5.3 Data transfers to third parties (outside the EU)

Our organisation does not transfer data to third parties.

5.4 The information provided by the candidate may be transmitted by the Data Controller to new potential customers in an anonymous form, which does not result in the identification of the person - this data is not considered personal data

6. Chapter 2 Cookies

6.1 The function of cookies

• collect information about visitors and their devices
• remember visitors’ individual settings, which are used e.g. when using online
• transactions, so you don't have to type them in again;
• make the website easier to use;
• provide a quality user experience.

In order to provide a personalised service, a small piece of data called cookie is placed on the user's computer and read back during a subsequent visit. If the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the user's current visit to previous visits, but only for its own content.

6.2 Strictly necessary, session cookies

The purpose of these cookies is to allow visitors to browse the website of JobXpro and  use its features and services fully and smoothly. These types of cookies are valid until the end of the session (browsing), and are automatically deleted from your computer or other browsing device when you close your browser.

6.3 Third-party cookies (analytics)

As mentioned above, when using the JobXpro website, various cookies (e.g. a session or persistent browser cookie, flash cookie, etc.) may be set in order to enhance user experience and to take advantage of the Services. A cookie is a small piece of data that collects and stores information content defined by the server.

JobXpro logs the following data on an ongoing basis for the purpose of troubleshooting, to prevent abuse, to monitor the performance and functioning of the service and for statistical purposes, on the basis of legitimate interest, and deletes the data after 30 days:

IP address, date and time, browser, operating system, page visited.

The session cookie placed by JobXpro on the end-user device is deleted when you close your browser. The browser cookie placed permanently by JobXpro on the Contact’s end-user device will be stored on the hard drive of the device and will remain there even after the internet browser is closed until the cookie is manually deleted or the cookie expires. The browser cookies placed by JobXpro on the end-user device of the Contact may be deleted from the device at any time, and the use of cookies may be refused by selecting the appropriate browser settings, in which case the Contact may not be able to use all the features of the Service. It is necessary to disable cookies separately in each browser and end-user device. You can usually manage cookies in the tools/settings menu of your browsers under privacy settings. The flash cookie placed by JobXpro on the end-user device of the Contact will be placed on the hard drive of the device and will collect data until it is deleted or the flash plug-in is disabled. For more information on how to delete the flash cookie permanently, please visit http://javascriptprog.hu/2011/02/28/flash-cookie-1-resz-megosztott-helyi- object/ (in Hungarian), http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html (in English).

JobXpro's website uses Google Analytics, Google AdSense and Google AdMob, an external web analytics and advertising service company from Google Inc. Google Analitycs uses cookies to help analyze the use of the given website. Google AdSense and AdMob set cookies and use web beacons to collect information. The information stored by the cookie (including the IP address of the Contact) is stored on servers of Google Inc. in the United States. Google Inc. may transfer the information collected to third parties where required to do so by law, or where such third parties process the information on behalf of Google Inc. As part of Google AdSense and Google Adwords remarketing, Google Inc. places visitor-tracking cookies on the Contact’s devices that track visitors' online behaviour and allow Google Inc. to serve them advertising on other websites based on their behaviour and interests. The tracking cookie also allows Google Inc. to identify the website visitor on other websites. “Privacy Policy” of Google Inc.

is available at http://www.google.hu/intl/hu/policies/privacy/ . You can find additional useful information about Google Inc.’s data practices, the blocking of cookies and the personalization of advertisements on the website of Google Inc.                                                                                                     http://www.google.com/intl/hu/policies/privacy/ads/ http://www.google.com/intl/hu/policies/privacy/ads/.

7. Chapter Rights of the data subject

7.1 Right to be informed

JobXpro shall take appropriate measures to provide data subjects with all the information on the processing of personal data referred to in Articles 13 and 14 of the GDPR and each of the disclosures referred to in Articles 15 to 22 and 34 of the GDPR in a concise, transparent, intelligible and easily accessible form, in a clear and plain language. JobXpro’s Privacy and Data Protection Notice is available at the following link: https://new.jobxpro.com/gdpr

The information is free of charge if the person requesting the information has not yet submitted an information request to the controller for the same set of data in the current year. In other cases, reimbursement of costs may be granted. The amount of the reimbursement may also be fixed in a contract between the parties. Reimbursement of costs already paid will be required if the data have been unlawfully processed or if the request for information has led to a rectification.

The controller shall inform the data subject about the subject of the request or about the rejection of the request

in writing within the shortest possible period of time from the date of the request, but not later than 15 days.

7.2 Right of access of the data subject

At the request of the data subject (as any specified natural person identified or identifiable on the basis of personal data) (hereinafter referred to as the data subject), the controller shall provide information on the data of the data subject processed by the controller or by a processor appointed by the controller or on the basis of the controller’s instructions, on the source of the data, the purpose, legal basis and duration of the processing, the name and address of the processor and the activities of the processor in relation to the processing, the circumstances of the personal data breach, the effects of the personal data breach and the measures taken to remedy the situation, and, in the event of transfer of the data subject's personal data, the legal basis and the recipient of the transfer.

In addition to obtaining information through a request to the controller, the data subject may also obtain information on the processing of their personal data from the data protection register. The data protection register is public and anyone can inspect it and make a note of its content.

The controller shall provide the information within a maximum of one month from the date of the request. You may submit a data access request to the controller using any of the contact details provided in this notice.

7.3 Right to rectification - You can request the rectification of your personal data

The controller shall, upon request of the data subject, examine the personal data included in the rectification request to see if it really does not correspond to reality. If the personal data is not accurate and the accurate personal data is available to the controller, the controller shall correct the personal data.

The controller shall mark the personal data that it processes if the data subject contests the accuracy or correctness of the personal data, but the inaccuracy or incorrectness of the contested personal data cannot be clearly established.

You may submit a request or declaration to the controller using any of the contact details provided in this notice.

7.4 Right to erasure - You may request the erasure of your personal data, except for mandatory processing

The controller shall, on the basis of a request by the data subject, erase or block personal data contained in the request. When erasing the data, the controller shall render personal data unrecognisable in such a way that its recovery is no longer possible.

If one of the following reasons applies, the data subject has the right to have the personal data

deleted wizhout undue delay upon request by the data controller

• personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• the data subject withdraws the consent forming the basis of data processing, and there is no other legal basis for the data management;
• the data subject objects to the processing and there are no overriding legitimate grounds for the data processing;
• personal data have been unlawfully processed;
• the personal data must be deleted in order to fulfill legal obligations prescribed by
• the EU or Member State law applicable to the data controller;
• the collection of personal data took place in connection with the offering of services related to the information society.

In addition to the erasure of personal data at the request of the data subject, the controller shall erase personal data if

   a) its treatment is unlawful;    b) it is incomplete or incorrect and cannot be lawfully remedied, provided that erasure is not    precluded by law;    c) the purpose of data processing has ceased or the statutory time limit for storing the data has expired;    d) it is ordered by a court or the Authority.

Erasure of data cannot be initiated if the processing is necessary:

   a) for exercising the right of freedom of expression and information;    b) for the purposes of complying with an obligation under Union or Member State law applicable to the controller requiring the processing of personal data, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;    c) for archiving, scientific and historical research purposes or for statistical purposes in the public interest in the field of public health;    d) or to bring, enforce or defend legal claims.

The Data Controller shall delete the personal data without undue delay, but within 30 days at the latest. The data controller shall notify the data subject of the erasure, as well as all those to whom the data were previously transmitted for processing. Notification may be omitted if this does not harm the legitimate interests of the data subject having regard to the purposes of the processing. If the controller does not comply with the data subject's request for rectification, blocking or erasure, it shall, within 30 days of receipt of the request, communicate in writing or, with the data subject's consent, by electronic means, the factual and legal grounds for refusing the request for rectification, blocking or erasure.

You may submit a request or declaration to the controller using any of the contact details provided in this notice.

7.5 Right to restriction of processing - The data subject may request the restriction of his or her personal data, except for mandatory processing

The controller shall block personal data instead of erasure if the data subject so requests or if the information available to the controller indicates that the erasure would undermine the data subject's legitimate interests. Personal data blocked in this way may be processed only for as long as the processing purpose that precluded the deletion of the personal data persists. When blocking the data, the controller shall mark the personal data with an identification mark in order to limit its further processing permanently or for a limited period of time.

The controller shall restrict processing if one of the following conditions is met:

• the data subject contests the accuracy of the personal data, in which case the restriction applies for a period of time that allows the accuracy of the personal data to be verified;
• the data processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
• the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
• the data subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller override those of the data subject.

Where processing is restricted, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or a Member State.

The Data Controller shall block the personal data without undue delay and at the latest within 30 days. The data controller shall notify the data subject of the blocking, as well as all those to whom the data were previously transmitted for processing. Notification may be omitted if this does not harm the legitimate interests of the data subject having regard to the purposes of the processing. If the controller does not comply with the data subject's request for rectification, blocking or erasure, it shall, within 30 days of receipt of the request, communicate in writing or, with the data subject's consent, by electronic means, the factual and legal grounds for refusing the request for rectification, blocking or erasure.

You may submit a request or declaration to the controller using any of the contact details provided in this notice.

7.6 Right to data portability

The data subject has the right to receive personal data relating to him/her provided to the controller in a structured, commonly used, machine-readable format and to transmit such data to another controller.

Submission of a request or statement to the data controller is possible at any of the contact details

provided in this notice.

7.7 Automated decision-making on individual cases, including profiling

You may submit a request or declaration to the controller using any of the contact details provided in this notice.

7.8 Right to object - You can object to processing of your personal data The data subject may object to the processing of personal data by means of a statement in the following cases:

   a) where the processing or transfer of personal data is necessary for the fulfilment of a legal obligation applicable to the controller or for the purposes of the legitimate interests pursued by the controller, the recipient or a third party, except in cases of mandatory processing;    b) if personal data is used or forwarded for the purpose of direct business acquisition, public opinion polls    c) or scientific research.

A statement of objection is a statement in which the data subject objects to the processing of personal data and requests the cessation of the processing or the erasure of processed data.

The controller shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform the applicant in writing of its decision.

If the controller establishes that the data subject’s objection is justified, the controller shall terminate the processing, including further collection and further transfer, and block the data, and notify all those to whom the personal data affected by the objection and the action taken on the basis of the objection was previously transmitted about the objection and the measures taken based on it, an those who are obliged to take measures to enforce the right to protest.

The controller may not delete the data of the data subject if the processing is required by law. However, the data may not be transferred to the recipient if the controller has consented to the objection or if the court has ruled that the objection is justified.

Submission of a request or statement to the data controller is possible at any of the contact details

provided in this notice.

7.9 Right of withdrawal

The data subject shall have the right to withdraw their voluntary consent by means of a statement addressed to the controller

at any time, without giving any reason. The declaration is effective from the time it is brought to the attention of the controller.

You may submit a request or declaration to the controller using any of the contact details provided in this notice.

8 .Chapter Enforcement possibilities for the data subject

8.1 In the first instance, file your request or complaint with the controller

If you, as data subject, believe that the controller has violated your privacy rights by unlawfully processing your personal data or by breaching data security requirements, we recommend that you address your complaint to the controller in the first instance.

The controller will receive your complaint at the following contact details:

Link (URL):

E-mail address:

In postal correspondence:

The controller shall respond to complaints received in writing within the shortest possible time from the date of the request, but not later than 15 days. If you do not receive a reply from the controller within this time limit, or if you receive a reply but do not agree with it, you may refer the matter to the competent authority responsible for the processing.

8.2 In the second place, you should contact the Authority

In the event that you have already contacted the data controller with a complaint arising from the processing of your personal data, but they have not responded to you within the time specified by law, or have responded but you do not agree with their response, you may file a complaint with the National Authority for Data Protection and Freedom of Information in Hungary (NAIH).

How to contact the NAIH:

Name: Hungarian National Authority for Data Protection and Freedom of Information Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, Pf.: 5. Telephone: 0613911400 https://www.naih.hu

mailing address: PO Box 30 40, 55020 Mainz telephone: +49 (0) 6131 8920-0 https://www.datenschutz.rlp.de/de/themenfelder-themen/kontakt/

8.3 As a last resort, refer the matter to the Court

The data subject may apply to court against the data controller

• in the event of a violation of their rights, and
• if the data subject disagrees with the decision of the controller taken on the basis of the objection; or,
• if the controller fails to comply with the time limit of 15 days from the date of the objection (30 days from the date of notification of the decision or the last day of the time limit),
• in the event of refusal of a request for rectification, erasure or blocking (25 days after receipt of the request), if the data subject does not accept the factual and legal grounds of the controller for refusal of the request for rectification, blocking or erasure,
• if the data controller refuses the request of the data subject to provide information on the data processed by the data controller or by a processor to whom the data controller has delegated the processing of personal data, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the processor and the data controller’s activities in relation to the processing, the circumstances of the personal data breach, the effects of the personal data breach and the measures taken to remedy the situation, and, in the case of a transfer of personal data, the legal basis and the recipient of the transfer, the data subject may take the matter to court.

In the course of a trial, the controller has the burden of proving that the processing complies with the law. The lawsuit may also be filed with the court of the data subject’s domicile or residence, at the data subject's choice. The Authority may intervene in the case in order to help the data subject to win the case.

9. Chapter 9 Data protection

9.1 Personal data breach

A personal data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.

A personal data breach may cause physical, material or non-material damage to natural persons, including loss of control over their personal data or restriction of their rights, discrimination, identity theft or misuse, if not addressed in an appropriate and timely manner.

A personal data breach must be notified to the competent supervisory authority without undue delay and no later than 72 hours, unless it can be demonstrated, in accordance with the principle of accountability, that the personal data breach is unlikely to pose a risk to the rights and freedom of natural persons.

The data subject must be informed without delay if the personal data breach is likely to result in a high risk to the rights and freedom of the natural person, in order to enable them to take the necessary precautions.

9.2 General data protection rules

The data controller has designed and implements the processing operations in such a way as to ensure the protection of privacy of the data subjects when applying the Info law and other rules on data processing, accordingly: