Privacy Notice

1. Data Controller Information

Company Name: Melon HR Technology Kft.
Tax Number: 28835585-2-41
Company Registration Number: 01-09-376084
Registered Office: 1023 Budapest, Frankel Leó út 45.
Representative: Gergő Prémecz, Managing Director
Email Address: [email protected]

Data Protection Officer: Gergő Prémecz
Email Address: [email protected]
Phone Number: +36 1 426 4642
(hereinafter referred to as the “Service Provider” or “Data Controller”)

2. Introduction

The Service Provider places great emphasis on ensuring that its data management practices comply with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, hereinafter referred to as the “GDPR” or “Regulation”), Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as the “Info Act”), and other relevant laws, while also considering major international recommendations related to data protection.

The GDPR mandates that the Data Controller implement appropriate measures to provide concise, transparent, intelligible, and easily accessible information about the processing of personal data to data subjects in clear and plain language, and to facilitate the exercise of the data subject’s rights.

The following Privacy Notice serves to fulfill this legal obligation.

This Privacy Notice aims to inform the users of the MelonApp mobile application operated by the Service Provider (hereinafter referred to as the “Application”) and the websites www.melonapp.hu and gyorstoborzas.melonapp.hu (hereinafter collectively referred to as the “Website”) about:

  • The personal data processed in connection with the Application and the Website,
  • The practices followed in the processing of personal data,
  • The organizational and technical measures taken to protect personal data, and
  • The means and possibilities for data subjects (Users) to exercise their rights.
 

The Service Provider highly values the respect for Users’ informational self-determination rights. Personal data is treated confidentially, and all necessary security, technical, and organizational measures are taken to ensure the protection of the data. Browsing the Website and using the Service involves the provision of data by the User.

By visiting the Website, giving any necessary consent, or initiating the use of the Application or Service, the User accepts and agrees to provide data to the Service Provider and acknowledges that certain personal data is required for the use of the Application or certain Services. The provision of this data is voluntary. Some features or elements of the Application and Website, as well as access to certain Services, are only available after registration or login. If the User decides not to provide the requested personal data, they acknowledge and accept that they will not have access to certain parts of the Website, Application, or specific elements of the Services.

This Privacy Notice is always accessible on the Application and the Website and is to be applied in conjunction with the General Terms and Conditions (hereinafter referred to as “GTC”) related to the Service. The provisions of the GTC also apply to this Privacy Notice. Terms not defined in this Privacy Notice have the meaning ascribed to them in the GTC.

3. Definitions

The definitions applicable in this Privacy Notice are set out in Article 4 of the GDPR. Accordingly, we highlight the key terms:

  • “Personal data”: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • “Processing”: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • “Profiling”: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • “Pseudonymization”: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • “Controller”: A natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • “Processor”: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
  • “Recipient”: A natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by such public authorities shall comply with the applicable data protection rules according to the purposes of the processing.
  • “Third party”: A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • “Consent of the data subject”: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
  • “Data breach”: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

4. Applicable Legislation

The Service Provider handles data in compliance with the following legal provisions:

  • GDPR
  • Directive 95/46/EC of the European Parliament and of the Council (October 24, 1995) on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“Data Protection Directive”).
  • Infotv. (Hungarian Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information).
  • Hungarian Civil Code (Act V of 2013, “Ptk.”).
  • Hungarian Accounting Act (Act C of 2000, “Számv. tv.”).
  • Hungarian Act CVIII of 2001 on Electronic Commerce and Information Society Services (“Eker. tv.”).
  • Hungarian Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (“Grt.”).
  • Hungarian Act CIV of 2010 on the Freedom of the Press and the Basic Rules on Media Content (“Smtv.”).
  • Hungarian Act CXXX of 2016 on the Code of Civil Procedure (“Pp.”).
  1. Legal Basis and Duration of Data Processing
 

The legal basis for data processing is the data subject’s voluntary, informed, and explicit consent under Section 5(1)(a) of the Infotv., and Article 6(1)(a) (data subject consent) and Article 6(1)(b) (processing necessary for the performance of a contract) of the GDPR. Users voluntarily engage with the Service Provider, and their registration and use of the services are entirely voluntary.

The Controller may process personal data without the data subject’s consent only when explicitly authorized by law.

For data processing related to the Website and the Application, the legal basis is Article 6(1)(b) of the GDPR, which provides for processing necessary for contract performance.

If a User subscribes to a newsletter, the required data (email address, name) are processed by the Controller based on the User’s voluntary consent (GDPR Article 6(1)(a)).

Consent-based data processing may be withdrawn at any time without affecting the lawfulness of data processing carried out before the withdrawal. Personal data will be deleted immediately after the cessation of the legal basis.

By accepting this Privacy Notice and the Terms of Service, the User voluntarily consents to the processing of their personal data in connection with the Application and Website as described herein and in the Terms of Service. Activating the User’s profile explicitly reaffirms this consent.

By downloading the Application and initiating activation by providing an email address or linking a Facebook account, the User explicitly accepts the Terms of Service and consents to data processing as described in this Privacy Notice.

The legal basis for processing may also include the legitimate interest of the Controller, provided that the Controller performs a balancing test in accordance with GDPR to ensure that the data subject’s rights do not override the legitimate interest. Upon request, the Controller will provide further information about this balancing test.

In some cases, data processing is based on Article 6(1)(c) of the GDPR, as it is necessary to comply with legal obligations, such as tax and accounting requirements. If other legal grounds cease to exist, but statutory requirements mandate data retention, the data will not be deleted.

The duration of data processing is further governed by Section 6(5) of the Infotv., ensuring that after the deletion of a User Profile, the Service Provider will no longer process personal data. Deleting the Application does not delete profile data; however, using the “Delete Account” button in the “Profile” menu and confirming the deletion will result in the irreversible removal of all data.

Data provided during job applications may also be processed by the respective Job Advertiser User, who is responsible for informing Users about their data processing practices. Requests related to personal data (e.g., rectification, deletion, or objection to processing) may be submitted to the Service Provider or directly to the Job Advertiser User at the contact details provided in the job advertisement.

Given the shared data processing, Users are advised to send their requests to both the Service Provider and the Job Advertiser User.

  1. Principles of Data Processing
    The Data Controller processes personal data solely in compliance with the regulations defined by the laws of the European Union and Hungary (principle of lawfulness).
    The Data Controller places great emphasis on ensuring that the data processing it conducts is comprehensible, transparent (principle of transparency), and fair for both the data subjects and the Data Controller.
    The Data Controller processes personal data of the data subject only for the purposes specified below (principle of purpose limitation).
    The Data Controller processes only personal data that are strictly necessary for achieving the purpose of data processing and are suitable for achieving the intended purpose (principle of data minimization).
    The Data Controller processes personal data only to the extent and for the duration necessary for fulfilling the purpose of data processing (principle of storage limitation).
    During data processing, the Data Controller ensures the accuracy, completeness, and – if necessary for the purpose of the data processing – up-to-date status of the personal data, and ensures that the data subject can only be identified for the duration necessary for the purpose of data processing (principle of accuracy).
    The Data Controller ensures the confidentiality of the personal data it processes and prevents unauthorized access during data processing (principle of confidentiality).
    The Data Controller does not process personal data of website visitors who are not users, customers, or subscribers, except for the visitor’s IP address and other data automatically recorded by the visitor’s browser.
    If data processing is based on consent, the Data Controller must be able to demonstrate that the data subject (User) has consented to the processing of their personal data. If the data subject (User) provides consent through a written declaration that also concerns other matters, the request for consent must be presented in a manner that is clearly distinguishable from those other matters, in an understandable and easily accessible form, using clear and simple language. The data subject (User) has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of data processing based on consent prior to its withdrawal. The withdrawal of consent must be made as easy as its granting. In determining whether consent is freely given, utmost consideration must be given to the circumstances, including whether the performance of a contract or the provision of a service was made conditional on the consent to process personal data that are not necessary for the performance of the contract.
  2. Data Transfer
    The Service Provider transfers personal data to third parties – including the data transfers detailed in Section 5.1 of this Notice – only if the User has explicitly consented to the transfer, knowing the scope of data to be transferred and the recipient, or if the transfer is authorized by law. The Service Provider is entitled and obliged to transfer any personal data it holds lawfully to the competent authorities if required to do so by law or by an enforceable official mandate. The Service Provider cannot be held liable for such transfers or any resulting consequences. The Service Provider documents all data transfers and maintains records of them.
  3. Data Processing
    The prior consent of the data subject is not required for engaging a data processor, but the data subject must be informed. Accordingly, the following information is provided:
 

IT Service Provider of the Service Provider:
The Service Provider engages a data processor for maintaining and managing the Website, who provides IT services (hosting services) and, as part of this, processes personal data provided on the Website for the duration of the agreement with the Service Provider. The data processor handles the storage of personal data on the server.

The details of this data processor are as follows:

  • Company Name: Webery Digital Agency Kft.
  • Tax ID: 26311427-2-41
  • Company Registration Number: 01-09-323454101
  • Headquarters: 1023 Budapest, Frankel Leó út 45.
  • Email: [email protected]
  • Phone: +36 70 419 1038
  • Website: www.webery.com
 

The personal data are otherwise handled exclusively by the authorized staff of the Service Provider.

For Job-Seeking Users: Beyond their explicit consent provided by pressing the “Submit” button, and for Job-Posting Users through their express consent by publishing job advertisements (which enables mutual access to the detailed data outlined above through implied conduct), the Service Provider does not transfer the personal data of Users to third parties other than the Users themselves.

Personal Data Categories Related to Job-Posting Users:
For posting a job advertisement, the Job-Posting User (employer) is required to provide the following data:

  • The name of the Job-Posting User (employer);
  • Key characteristics of the job opportunity to be advertised, such as job location, type (full-time, occasional work, student job, part-time, internship), job title (short description), and a brief or detailed job description, including keywords for easier searchability;
  • The name and gender of the person uploading the job opportunity, and optionally additional information about the job (salary, minimum required qualifications, language skills, requirements);
  • The Job-Posting User may also add extra questions;
  • For posting the job advertisement, the Job-Seeking User must provide billing information (billing name, billing address, tax number [if any], company registration number [if any]), a valid email address, and a password.
 

If the mandatory fields are not completed, the Job-Posting User acknowledges that posting the advertisement will not be possible. Before publication, the Job-Posting User may edit any job advertisement data by returning to the relevant step.

Job-Posting Users can delete or modify their profile data at any time by accessing the “My Profile” menu. Deleting the application does not delete profile data. However, pressing the “Delete My Profile” button in the “Profile” menu and confirming the deletion will irreversibly erase all data.

The Data Controller does not process special categories of data as defined in Article 9 of the GDPR (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for identifying natural persons, health data, or data concerning a natural person’s sex life or sexual orientation).

Among the data provided by the Job-Posting User, the data identified in points (i) (if the employer is a natural person), (III) (name and gender of the uploader), and in certain cases, the data in point (vi) qualify as personal data.

Additional Data Processing Information
During the visit and use of the Website, the Service Provider processes technical data automatically generated in connection with the browser program used by the User for establishing and maintaining an internet connection (e.g., type of browser program, IP address, port number, domain name [URL], date of visit, list of viewed pages).

During the use of the Application, the Service Provider processes the following data of the Users:

User ID, mobile device tokens, the type and version of the mobile device’s operating system, installed application version, used IP address, time of access, location data, search data, notification preferences, favorited job advertisements, applied job advertisements, data related to error reporting, last login time, activation time, number of logins.

The tools used for identifying and correcting data entry errors before making a contractual declaration include the following: If the email address provided during registration or the data required for using a Facebook account are invalid or incorrect, an error message will appear on the preview of the Application/Website.

  1. Purpose of Data Processing
    User (Job Seeker User) registration, identification of the User, differentiation from other Users, establishing and maintaining contact with the User, enabling access to basic and specific functions of the Application/Service, facilitating customization of certain Services, utilizing convenience features, ensuring efficient and secure use of the Service by Users, activating User registrations, maintaining a record of Users, and targeted display of job advertisements.
 

The Service Provider offers a Service designed to assist Job Seeker Users in receiving personalized updates on the latest job market opportunities, while enabling Job Advertiser Users to post targeted job advertisements through the Application. Additionally, the Service facilitates communication (contact initiation and maintenance) between Job Seeker Users and Job Advertiser Users.

Data processing also serves statistical purposes, such as gathering statistical information necessary for the development of the Application and the Website and conducting analyses related to visits and usage, as well as purposes related to information security, including the prevention and detection of potential misuse.
The Service Provider processes log data related to visits to the Website for information security purposes for two years and for statistical purposes for one year.

To gather statistical information, the Service Provider uses information packets known as cookies, which are installed on the User’s technical device when visiting the Website. These cookies only extract anonymous statistical data to improve the Website and Service, provided the User allows this through their browser settings. Users can block the installation of cookies or delete previously installed cookies at any time.

Temporary and session-enhancing cookies facilitating Website use are deleted at the end of the respective session. Functional cookies are stored for three months, and statistical cookies are stored for two years on the User’s device, unless removed earlier by the User.

  1. Purpose of Data Processing
    To promote its offers and services, the Service Provider maintains a Facebook page. Personal data published by visitors on the Service Provider’s Facebook page are not processed by the Service Provider. Visitors are subject to Facebook’s Privacy Policy and Terms of Service.
    In cases of unlawful or offensive content publication, the Service Provider reserves the right to exclude the individual from the group or delete their comments without prior notice.
    The Service Provider is not liable for illegal content or comments posted by Facebook users or for any errors, malfunctions, or issues arising from changes to the Facebook platform.
 
  1. Data Security
    The Service Provider handles personal data with utmost care and strict confidentiality, only to the extent necessary for providing the Service.
    To ensure secure data management, the Service Provider implements the technical and organizational measures required to enforce data processing and data protection regulations effectively.
 

12. Rights of the User Regarding the Processing of Personal Data and Legal Remedies

Right to Prior Information
The data subject has the right to be informed about the facts and details related to data processing before it begins.
(GDPR Articles 13-14)

Right of Access
The data subject has the right to receive confirmation from the Data Controller on whether their personal data is being processed. If so, the data subject is entitled to access the personal data and associated information as defined in the GDPR.
(GDPR Article 15)

Right to Rectification
The data subject has the right to request the Data Controller to rectify inaccurate personal data without undue delay. Taking into account the purposes of processing, the data subject may also request the completion of incomplete data, including by means of a supplementary statement.
(GDPR Article 16)

Right to Erasure (“Right to be Forgotten”)
The data subject has the right to request the Data Controller to delete personal data without undue delay. The Data Controller is obligated to erase the personal data if one of the reasons outlined in the GDPR applies.
(GDPR Article 17)

Right to Restrict Processing
The data subject has the right to request the Data Controller to restrict processing if the conditions defined in the GDPR are met.
(GDPR Article 18)

Notification Obligation Related to Rectification, Erasure, or Restriction of Processing
The Data Controller must inform all recipients of any rectification, erasure, or restriction of processing, unless this proves impossible or requires disproportionate effort. Upon request, the Data Controller must inform the data subject about these recipients.
(GDPR Article 19)

Right to Data Portability
Under the conditions specified in the GDPR, the data subject has the right to receive their personal data provided to a Data Controller in a structured, commonly used, and machine-readable format. The data subject also has the right to transfer this data to another Data Controller without hindrance.
(GDPR Article 20)

Right to Object
The data subject may object at any time, on grounds relating to their particular situation, to the processing of their personal data under GDPR Article 6(1)(e) or (f).
(GDPR Article 21)

Automated Decision-Making, Including Profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
(GDPR Article 22)

Restrictions
Legislative measures by the EU or member states may restrict the rights and obligations under Articles 12-22 and 34 of the GDPR.
(GDPR Article 23)

Notification of Data Breach
If a data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller must notify the data subject without undue delay.
(GDPR Article 34)

Right to Lodge a Complaint with a Supervisory Authority
The data subject has the right to lodge a complaint with a supervisory authority, particularly in the EU member state of their habitual residence, place of work, or where the alleged infringement occurred if they believe the processing of their personal data violates the GDPR.
(GDPR Article 77)

Right to an Effective Judicial Remedy Against a Supervisory Authority
Any natural or legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them. They can also appeal if the supervisory authority does not handle their complaint or inform them of progress or results within three months.
(GDPR Article 78)

Right to an Effective Judicial Remedy Against a Data Controller or Processor
The data subject has the right to an effective judicial remedy if their GDPR rights are violated due to improper processing of their personal data.
(GDPR Article 79)

Accessing Information from the Service Provider
The User is entitled to request information from the Service Provider about the personal data processed by the Service Provider or its contracted data processors, the sources of such data, the purpose, legal basis, and duration of processing, the name and address of data processors, and the data processing activities they carry out. Additionally, the User may inquire about data breaches, their effects, and measures taken to mitigate them, as well as the legal basis and recipients of any data transfers.

The Service Provider will respond in writing to the User’s request within the shortest possible timeframe, no later than 25 days, in compliance with Hungarian law (Infotv. §15). In cases where the Service Provider is required to deny the request, the User will receive written notice citing the relevant legal provision. This notice will also inform the User about their right to seek legal or administrative remedies.

Correction or Deletion of Personal Data
If the User’s personal data is inaccurate and the Service Provider has the correct data, the Service Provider will rectify the inaccuracies. Personal data must be deleted if:

  • Its processing is unlawful.
  • The User requests its deletion.
  • It is incomplete or incorrect and cannot be lawfully corrected.
  • The purpose of processing is no longer applicable, or the storage period has expired.
  • A court or the National Authority for Data Protection and Freedom of Information orders its deletion.
 

The User may request deletion by submitting a written request to the Service Provider.

Marking Personal Data
The Service Provider will mark the data if its accuracy is disputed by the User but cannot be definitively confirmed or refuted.

Notification
The Service Provider will inform the User and relevant third parties of any corrections, deletions, or restrictions, unless this is impossible or requires disproportionate effort.

Right to Object to Data Processing
The User may object to data processing if it is necessary to fulfill the legal obligations of the Service Provider or to safeguard the legitimate interests of the Service Provider, data recipient, or a third party (except in mandatory cases). The User may also object to the use of data for direct marketing, opinion polling, or scientific research.

The Service Provider will review the objection within 15 days, make a decision, and inform the User in writing. If the request is denied, the Service Provider must provide a justified decision in writing.

If the objection is rejected or not addressed within the specified timeframe, the User may take the matter to court.

Contact Information for Legal Claims:

  • Service Provider Name: Melon HR Technology Kft.
  • Address: 1023 Budapest, Frankel Leó út 45.
  • Email: [email protected]
  • Company Registration Number: Cg.01-09-376084
  • Tax Number: 28835585-2-41

13. Data Processing for the Fulfillment of Tax and Accounting Obligations

The Service Provider processes the legally mandated data of natural persons entering into business relationships with it as customers or suppliers for the purpose of fulfilling tax and accounting obligations (e.g., bookkeeping, taxation) based on the legal obligation to comply. According to Act CXXVII of 2017 on Value Added Tax, Sections 169 and 202, the processed data include, in particular: tax number, name, address, taxation status. Pursuant to Act C of 2000 on Accounting, Section 167, the data include: name, address, the designation of the person or organization ordering the economic operation, the signature of the authorizer and the person verifying the execution of the order, as well as the inspector’s signature depending on the organization; the recipient’s signature on inventory movement documents and cash handling documents, and the payer’s signature on receipts. According to Act CXVII of 1995 on Personal Income Tax, the data include: entrepreneurial license number, agricultural producer’s license number, tax identification number. The retention period for personal data is five years following the termination of the legal relationship that serves as the legal basis.

14. Final Provisions

The Service Provider reserves the right to unilaterally amend this Privacy Notice while notifying Users. The amended provisions—unless the modifications require the User’s consent or otherwise stated in this Privacy Notice—become effective for the respective User upon the first use of the Application or the first visit to the Website following the publication of the amendments.

This Privacy Notice is effective from November 10, 2021.

A lehető legjobb felhasználói élmény érdekében cookie-kat és más technológiákat használunk. Hozzájárulhat, vagy a beállításoknál kikapcsolhatja ezek működését. View more
Cookies settings
Elfogadás
Adatvédelmi és cookie beállítások
Privacy & Cookies policy
Cookie name Active
Hogyan törölheti a cookie-kat, és hogyan tilthatja le azokat: Amennyiben nem szeretné, hogy cookie-kat használjunk, letilthatja azokat. A letiltás böngészőfüggő, és különböző módon történhet. A legnépszerűbb böngészőkben a letiltás mikéntjéről az alábbi linkeken szerezhet tudomást:
Save settings
Cookies settings

Request Data Deletion

If you want us to delete your data, let us know via the following form: