Privacy Notice – Manpower

Manpower Southeast Europe are franchise partners of ManpowerGroup, the world’s leading labor market services company, which connects hundreds of thousands of employees and companies around the world every day, responding to international and local labor market challenges with our solutions.

Manpower South East Europe (hereinafter referred to as Manpower or Manpower SEE) includes several related legal entities in different countries of this region as its members, namely:

Manpower ltd Serbia

Legal reperezentative: Nemanja Drobnjak and Vanja Vlak

adress: 11g, Milutin Milanković Blvd., 11070 Novi Beograd

ID:20409550

Manpower Business Solutions

Legal representative: Nemanja Drobnjak and Vanja Vlak

address: 11g, Milutin Milanković Blvd., 11070 Novi Beograd

ID: 20666528

Manpower Slovenia

Legal representative: Helena Jalšovec

address: Vilharjeva cesta 46, 1000 Ljubljana

ID: 5674115000

Manpower ltd Hrvatska

address: Avenija Dubrovnik 16, 10000 Zagreb

Legal representative: Tamás Fehér

ID: 080675552

Manpower Savjetovanje doo Zagreb

address: Avenija Dubrovnik 16, 10000 Zagreb

Pravni zastupnik: Tamás Fehér

ID: 080675501

Manpower BiH

address: Fra Adjela Zvizdovica 1, 71000 Sarajevo

Legal representative: Aleksandar Hangimana

ID: 4202525700000

Manpower Bulgaria OOD

address: Business Center Filip Kutev 148, 1113 Sofia, Bulgaria

Legal representative Ivan Šerbanov

ID: 175110216

Manpower Bulgaria EOOD

Address: Business Center Filip Kutev 148, 1113 Sofia, Bulgaria

Legal representative: Ivan Šerbanov

ID: 175085777

Our company’s name and reputation have merged with reliability, the basic principle that pervades all our activities. Our customers entrust us with valuable data, and we take the trust placed in us seriously. Manpower performs data management tasks on behalf of its clients and assumes responsibility for the protection of personal data in accordance with the law.

Manpower is committed to the protection of its customers’ personal data and considers it highly important to respect its customers’ right to self-determination of information. Manpower treats personal data confidentially and takes all security, technical and organizational measures to ensure data security.

The main goal of Manpower is to fully comply with the current legislation related to data protection, so primarily Regulation No. 2016/679 of the European Parliament and Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and the freedom of such data on the flow of information, as well as the repeal of EC Regulation 95/46 (General Data Protection Regulation; hereinafter: “GDPR”), as well as all local Laws where applicable..

The purpose of this data protection information (hereinafter: “Information”) is to inform people who come into contact with Manpower, either through its website or through its employees, about how Manpower intends to handle their personal data.

Data controller

The Data Controller is considered to be the legal entity (from the above list of companies) that obtained your personal data, while other companies as members of the group are considered joint Controllers in the manner specified below in this privacy policy.

The purpose of the Notice

This Notice is applicable.

for our job applicants and persons using our career services (career coaching, career counseling, etc.) (hereinafter collectively: “Job Applicants”),
to our outsourced or seconded employees (that is, to persons whom we outsource to one of our principals (“Partners”) or outsource in connection with certain assignments, as well as to persons for whom we provide outplacement or career change services) (hereinafter collectively: ” Intermediary and Temporary Employees”)
to the users of the website (www.manpower.hu) and applications (hereinafter: “Website”) listed here (hereinafter collectively: “Website Users”), and
to the representatives and contacts of our business partners, principals, and subcontractors (hereinafter collectively referred to as “Contacts”).

This Notice does not apply to our employees at our corporate headquarters and country offices who are employees of Manpower and who work directly for Manpower and not directly for any of Manpower’s principals.

This Notice describes the types of personal data and personal information we collect, the ways of using this data and information, the management and protection of the data and information we collect, the duration of their storage, the parties with whom we share the data and information, and to whom we forward them. , as well as the rights that the data subjects can exercise in relation to the use of their personal data.

We also describe how you can contact us about our privacy practices and how to exercise your rights. Our data protection practices may differ in the countries in which we operate, reflecting local practices and legal requirements. You can find out about the specific local conditions by visiting our local websites.

You can jump to the section in the list by clicking on any of the links below:

What Information We Collect
How we use the information we collect

How we manage and protect personal data

How long we store the information we collect.
What Information We Share
Data transfer

Some data processing performed by the Data Controller
Your Rights and Choices

Updates to our privacy policy
How to contact us

What information do we collect?

We may collect personal data about you in a number of ways, for example through our websites and social media channels, through our events, over the phone, through job applications, in connection with hiring, during interviews with clients, and you can also contact us at any time. During the collection, processing, and storage of data, we continuously ensure that data protection rules apply.

Depending on the nature of the relationship, we may collect different personal data, including but not limited to:

contact details (such as name, postal address, e-mail address and telephone number);

username and password when you register on our websites.

other information that you may provide to us, for example in the context of job applications or surveys, or through the “Contact Us” function on our Websites.

if you contact us, the content of e-mails (correspondence) and possible telephone conversations with you.

Handling the data of minors

The legal representative can give consent on behalf of a minor. The Data Controller has no way to check the authorization of the consenting person or to learn the content of the declaration of the legal representative, so you and your legal representative guarantee that the consent complies with the law.

Management of special personal data

Except for certain rare cases, the Data Controller does not ask you to provide special personal data.

If you still provide special personal data to the Data Controller, the Data Controller considers that you have given your express consent to the processing of the data.

How we use the information we collect.

Manpower only handles personal data in compliance with the following principles defined in the GDPR and specific local Law where applicable:

Personal data:

its handling must be carried out legally and fairly, as well as in a transparent manner for the data subject (“legality, fair procedure and transparency”).

be collected only for specific, clear, and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes; further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes, or for statistical purposes is not considered incompatible with the original purpose (“purpose limitation”).

they must be appropriate and relevant for the purposes of data management and must be limited to what is necessary (“data sparing”).

they must be accurate and, where necessary, up to date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data processing (“accuracy”);

its storage must take place in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may only be stored for a longer period of time if the personal data will be processed for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the appropriate technical and organizational measures prescribed in this regulation to protect the rights and freedoms of the data subjects subject to its implementation (“limited storage”);

The Data Controller is responsible for compliance with the principles defined in this point and must also be able to prove this compliance (“accountability”).

Purpose of data management

The Data Controller collects and uses data for the following purposes, among others (as permitted by law):

Regarding Job Applicants:

providing labor market solutions.

contacting people who are interested in our job applications or applying for them, and providing services related to the most suitable positions for them.

recruitment.

in the case of applying for a specific position, creating a user account.

Regarding Intermediary and Temporary Employees:

conducting the recruitment and selection process in terms of labor mediation, recommending potential candidates to Partners,

in terms of labor hire, the creation of the employment relationship and the provision of the employee to the Borrowing Partner.

For all stakeholders:

if this is permitted by law and in accordance with the Data Controller’s information on cookies and advertisements, sending promotional materials, notifications of available positions and other communications.

to the extent permitted by law, to send notices and manage participation in special events, promotions, programs, offers, surveys, contests and market research*;

responding to inquiries and requests from individuals*;

the operation, evaluation and development of our business activities (including the development, further development, analysis and improvement of our services, the management of our communications, the conduct of data analyses, as well as the implementation of accounting, auditing and other internal functions);

Public opinion research, market research, consumer satisfaction measurement and feedback evaluation*; as well as

the protection against fraud and other illegal activities, claims and other obligations, as well as the steps taken to recognize and prevent them, if required by sector-specific legislation.

The legal basis for the data processing included in this point is the legitimate interest of the Data Controller and your informed consent in the case of points marked with *.

The legal basis for data management

Manpower ensures that all data processing is done on the appropriate legal basis, which can be, e.g., your consent, but also the fulfillment of the legal obligation. Below we summarize the legal basis on which we process your data.

a) Fulfillment of the contract, preparation of the conclusion of the contract

Manpower uses the contract performance legal basis if data processing is necessary for the conclusion, performance, or termination of the contract.

This legal basis also includes data management before the conclusion of the contract, which is necessary to take steps at the request of the data subject.

The data managed on such a legal basis are typically provided by you when entering a contract or are generated about you during the performance of the contract.

b) Compliance with legislation

If you establish a rental relationship with us, or if we enter into a partnership agreement with you, the individual official notifications – e.g. tax authorities, social security bodies – we are obliged to process your data in order to do so. In addition, in certain cases, official or court decisions and other legislation may oblige us to transmit your data.

c) Consent

The Data Controller is entitled to process your personal data based on your consent, e.g. when creating a user account. If the legal basis of consent is used, the Data Controller will always provide you with the data management information prepared in accordance with Articles 13 and 14 of the GDPR.

You have the right to withdraw your consent at any time, but this withdrawal does not affect the legality of data processing based on consent, prior to the withdrawal. The fact of withdrawal alone cannot cause you a disadvantage.

You can withdraw your consent in any of the following ways:

in writing by letter, with the letter authentically signed (in the case of a client who is not a natural person, in accordance with an authentic signature model);

electronically – after proper identification and authentication.

with your express and clear statement over the phone (in this case, the phone conversation will be recorded);

in certain predetermined cases by email, with a minimum enhanced security electronic signature.

d) Legitimate interest

In addition, personal data may be processed if it is essential and necessary due to a legitimate interest of the Data Controller. Click here to learn more about these legitimate interests and when we may process information based on them.

The legal basis of legitimate interest is applied by Manpower if the data processing is necessary to enforce the legitimate interests of Manpower, a member company member or a third party connected to Manpower, provided that the enforcement of this interest is proportionate to the limitation of the right to protect your personal data. To decide this, Manpower in each case so-called carries out an interest assessment test, the result of which determines whether data processing can be legally continued on the basis of this legal basis.

Data is processed on the basis of a legitimate interest, for example:

if the process enables us to develop, modify, personalize, or otherwise improve our services/communications for the benefit of our customers, job applicants and colleagues.

fraud detection and prevention.

increasing the security of our network and IT systems.

to better understand how people interact with our Sites.

direct marketing purposes.

determining the effectiveness of promotional campaigns and advertisements.

When we process data for the above purposes, we ensure that your personal data is handled with special attention. You have the right to object to such data processing. If you wish to exercise this right now, click here! Please note that if you exercise your right to object, this may affect our ability to provide the services that are most beneficial to you.

We may use the information in other ways, for which we will send a separate notification at the time of its collection or before.

III. How we manage and protect personal data.

We process personal data collected by us, including through automated means, for the purposes specified above and for a specified period, in accordance with our internal data retention policy to ensure that personal data is not stored for longer than necessary.

We maintain organizational, technical, and physical safeguards designed to protect the personal data you provide against accidental, unlawful or unauthorized destruction, loss, modification, access, disclosure or use. To guarantee adequate security and confidentiality of personal data, we apply the following security measures:

Encryption of data sent and received during transmission.

Strict user authentication controls.

Consolidated network infrastructure.

Network monitoring solutions.

How long we store the data we collect.

We store the personal data we collect in our systems in a way that allows the identification of the data subjects for no more than the time necessary in light of the purposes for which the data were collected or are further processed.

This specific period is determined by considering the following:

The need for further storage of the collected personal data in order to provide the user with the agreed services.

In order to protect the legitimate interests of the Data Controller as described in the objectives.

Existence of special legal obligations that require data management and related data storage for a specified period of time.

What information we share.

We protect your personal data and do not publish it. We may share your personal data with subcontractors who provide services on our behalf and on our instructions. We may share your personal information with (i) our subsidiaries and affiliates; (ii) if you are a job seeker, then with clients who may have available job opportunities or may be interested in the workforce we outsource; and (iii) with our other partners, such as staffing consultants and subcontractors, for the purpose of finding you work.

In addition, we may transfer or disclose certain of your personal information (i) if we are required to do so by law or legal process; (ii) to law enforcement or other government officials pursuant to a lawful disclosure request; and (iii) if we believe that disclosure is necessary or appropriate to prevent physical, property or non-property harm, or to investigate fraud or illegal activity. We also reserve the right to transfer the personal data we hold about you if we sell or transfer all or part of our business or assets (including reorganization, liquidation or liquidation).

The Data Controller only forwards the recorded recordings to the authorities or courts in accordance with the legal regulations on data protection in the absence of other evidence in court or other official proceedings.

Data transfer

Based on our contractual obligations, we transfer personal data provided by you or collected about you to our domestic and international clients, partners and other Manpower members within South East Europe.

Your personal data is entitled to the same protection in the member states of the European Union.

When we transfer your data to countries outside the European Union or to international organizations, we ensure their adequate protection based on the compliance decision of the European Commission, or if the data manager or data processor has provided adequate guarantees regarding the management of personal data, and if enforceable rights and effective legal remedies are available for the data subjects. . Such guarantees can be a) legally binding and enforceable instruments between public authorities or bodies; b) binding corporate rules; c) general data protection clauses adopted by the European Commission and rules defined by local law.

VII. Some data processing performed by the data controller.

Among other things, Manpower can process your personal data in accordance with the GDPR and local Law in accordance with its provisions.

Data management arising in connection with registration in the candidate database.

The Data Subjects can register in the Data Controller’s candidate database on the Manpower website. At that time, the Data Subjects provide their Personal Data, and in connection with the application, they can upload documents containing their personal data on the Website, which allows the Data Subjects to register in the Data Controller’s database. The Data Subject’s personal data will also be uploaded to the database if the Data Subject consents to the data provided by telephone, e-mail, in person or via social media.

The Job Applicant can register in the database in two forms; in the context of general registration, where your data is processed in connection with the filling of all possible positions, or only by applying for a specific position, in which case your personal data will only be processed in connection with this specific position.

Purpose of data management

Facilitating inclusion in the candidate database, facilitating the recruitment and selection process, conducting the recruitment and selection process, recommending a suitable position for the candidates, and finally filling the position. In addition to the activities listed above, if you are a Job Applicant and create a registration account or apply for a job, we will use your data for the following purposes (as permitted by law):

providing you with job opportunities and work.

provide HR services to you.

providing additional services to you: training, career counseling and career change services.

assessment of your suitability as a job applicant and assessment of your qualifications in relation to certain positions; as well as

conducting data analyses, for example: (i) analyzing our job applicant and employee base; (ii) assessment of individual performance and abilities, including qualification of job-related skills; (iii) identifying skills gaps; (iv) use information to appropriately match individuals with available opportunities, and (v) analyze data from the acquisition channel (trends in hiring practices).

Scope of processed data

address, title, first name, last name, e-mail address, telephone number, street, house number, postal code, city, country, CV and the data contained therein (in local or foreign language), motivation letter and the data contained therein, data relating to your own vehicle (yes, no), wage demand, education, special knowledge, data referring to work-related skills, other personal data voluntarily provided by the Data Subject

Legal basis for data management

consent of the data subject.

During registration, you consent to the recording of your personal data in the Data Controller’s database, and to participate in the Data Controller’s recruitment and selection process.

the legitimate interest of the Data Controller or a third party.

If the Job Applicant was unable to give consent to data processing either on paper or via the website, the Data Controller will process his data based on his legitimate interest until the consent is given, but no longer than 30 days.

The Data Controller does not ask you to provide special personal data. If, during registration, the Job Applicant provides special personal data based on his own decision (e.g. data on religious or worldview beliefs, health data, biometric data), then the Data Controller will handle it to the extent that it is necessary for the establishment, performance or termination of the employment relationship essential; all other data is ignored during decision-making.

Duration of data management

If the registration is confirmed, we will keep your personal data for 24 months from the date of the last activity in your profile, or until the termination or cancellation of the registration.

If you do not confirm your registration, your personal data will be deleted after 14 (fourteen) days.

In the case of data processing based on legitimate interest, until consent is given, but no more than 30 days.

Source of data

The source of the data is directly the data subject.

Data transmission, Joint data controllers

The candidate database and the Personal Data contained in it are jointly managed by the members of the Manpower Group of Companies for the region of Southeast Europe, so they will be Joint Data Controllers during the data management activity. The purpose of joint data management is for the Manpower Group to find the most suitable position and employment method for the Data Subject. The Joint Data Controllers have access to the entire database.

The Joint Data Controllers determine the division of their responsibilities for fulfilling the obligations under the GDPR and local Law in the agreement reached between them. In this point, the essential elements of the agreement are detailed.

The Data Controllers have jointly prepared their data management information for the information of the data subject. This information also includes the name and contact information of the data protection officer of the Joint Data Controllers, as the contact person for the Data Subject.

The Joint Data Controllers jointly ensure the exercise of the data subject’s rights (contained in Articles 12-22 of the GDPR and/or local Law) by providing that if the data subject’s inquiry specifically relates to the data management of one of the Data Controllers (e.g., a data subject inquiry carried out by this Data Controller), then in the specific case the relevant Data Controller shall in the direction of the person concerned.

The data subject may contact any data controller with his request, exercise his rights under the GDPR and/or local Law in relation to any data controller, against any of them, the Joint Data Controllers are obliged to cooperate with each other in accordance with the provisions of the GDPR and/or local Law.

Responsibility of the Joint Data Controllers

The Joint Data Controllers are liable for damage caused by violating the provisions of the GDPR and/or local Law.

The Joint Data Controllers are released from liability if they prove that they are not responsible in any way for the event that caused the damage.

The responsibility of the Joint Data Controllers towards the data subject is joint and several, i.e., the data subject can enforce his claim against any of them and performance by any Data Controller reduces the obligations of the other obliges towards the data subject to the extent of the fulfilled part.

Data is not forwarded to data processors in connection with data management.

Recruitment and selection process in the case of temporary employment and recruitment

The Data Controller also performs data management in the context of the recruitment and selection process within the framework of the temporary staffing and recruitment services.

During the recruitment and selection process, the Data Controller provides Job Applicants with assistance in choosing the most suitable workplace, as well as assists its Partners in finding and referring the most suitable candidate.

Within this framework, the Data Controller conducts interviews with potential Job Applicants, if necessary, tests (personality tests or professional tests) are conducted, and also determines which Job Seeker may be the most suitable to fill the advertised position.

The Data Controller provides information about open positions to Job Applicants via the following contact details:

website, e-mail, telephone, Facebook, etc.

Details of data management can be found in the table below.

Purpose of data management

Finding and recommending workforce for the advertised position.

Scope of processed data

During the recruitment and selection process, in addition to registration in the candidate database, the Data Controller manages the following data:

Data collected during the interview (e.g., the position applied for by the candidate, professional experience, personality, professional knowledge, language skills, highest education, current/last workplace, position, salary requirement, results of professional or personality tests.

Legal basis for data management

consent of the data subject.

If the Job Applicant only wishes to apply for a specific position, the Job Applicant consents to the processing of his personal data only in connection with this position, and to the transfer of data to a specific Partner of the Data Controller for the purpose of successful placement.

If the Job Applicant wishes to apply for several positions, the Job Applicant consents to the processing of his personal data in connection with each position, as well as to the transfer of data to the Partners of the Data Controller for the purpose of successful placement.

the legitimate interest of the Data Controller or a third party.

The Data Controller may also carry out a so-called “name matching” procedure during the labor hire or labor mediation process, during which it may forward the candidate’s name and date of birth to the Partner. The purpose of the “name matching” procedure is to identify whether the Partner already has its own information regarding the Job Applicant.

Duration of data management

Manpower only keeps the data until notification of the result of the application if it does not establish an employment relationship with the applicant. Manpower will not use this data for any other purpose, unless the applicant expressly requests that their application material be processed for another purpose, for the purpose of participating in a possible new application procedure, for 1 year from the date of notification.

In the event of employment, Manpower processes the data based on your consent until the position is filled.

Only in the case of your consent given in connection with applying for a specific position, until the date of filling the specific position, but at the latest until the end of 6 months after the application.

Source of data

The source of the data is directly the data subject.

Data transmission, Joint data controllers

If the Job Applicant is selected by the Data Controller, your Partner can learn about the Job Applicant’s Personal Data.

In the case of labor hire, the borrowing employer may access the Personal Data of the candidate based on the agreement between the Data Controller and the borrowing employer.

The client of the labor placement agreement can learn the data based on the data transfer agreement related to the labor placement assignment concluded with the Data Controller.

The companies of the Manpower Group manage Personal Data jointly during the recruitment and selection process, so they are considered joint data controllers for all the data defined above.

The purpose of joint data management is for the Manpower Group to find the most suitable position and employment method for the Data Subject.

The Joint Data Controllers determine the division of their responsibilities for fulfilling the obligations under the GDPR and/or local Law in the agreement reached between them. In this point, the essential elements of the agreement are detailed.

The Joint Data Controllers jointly ensure the exercise of the data subject’s rights by providing that if the data subject’s inquiry specifically relates to the data management of one of the Data Controllers (e.g., a data subject inquiry carried out by this Data Controller), then in the specific case the relevant Data Controller shall in the direction of the person concerned.

Responsibility of the Joint Data Controllers

The Joint Data Controllers are liable for damage caused by violating the provisions of the GDPR.

The Joint Data Controllers are released from liability if they prove that they are not responsible in any way for the event that caused the damage.

The responsibility of the Joint Data Controllers towards the data subject is joint and several, i.e., the data subject can enforce his claim against any of them and performance by any Data Controller reduces the obligations of the other obligees towards the data subject to the extent of the fulfilled part.

Data is not forwarded to data processors in connection with data management.

As part of the name matching procedure, the Data Controller may forward the Job Applicant’s data to the Partner (name, date of birth, e-mail address), to identify whether it is already included in the Partner’s database. If he is not listed in the Database, but the Job Applicant can be considered a potential candidate for the position, the Data Controller will forward his CV, motivation letter (if any) and the description he prepared to the Partner.

Recruitment and selection process for own employees

The Data Controller also conducts recruitment for itself, within the framework of which it conducts its own search for employees to fill the advertised position(s).

The data management carried out by the Data Manager is the same as described in point 2, however, in this case, the Job Applicant’s Personal Data will not be forwarded to the Partners.

Data management in the context of labor hire

The Data Controller also provides labor rental services to its Partners, for which it also performs data management. Temporary employment is the activity in the framework of which the lender (the Data Controller) temporarily transfers the employee who is employed with him for the purpose of loan to the borrower for work in return for consideration.

Within the framework of its labor hire service, the Data Controller performs recruitment and selection services for its Partners on the one hand (see the details of data management in point 2), and on the other hand, performs data management for the purpose of hiring the workforce itself, including the creation, maintenance, and termination of the employment relationship. During this process, the Data Controller acts as a lending employer. The Data Controller handles data in connection with the creation and maintenance of the employment relationship (especially payroll, wages, payment of bonuses, recording of working hours, provision of occupational health services) and termination of the employment relationship regarding labor hire. The Partner of the Data Controller also performs data management regarding the employee’s daily work, e.g., participation in trainings, training, in terms of performance evaluation and employee control. You can find information about individual details of the data management carried out by the Controller’s Partner in the Partner’s data management information.

Details of data management can be found in the table below.

Purpose of data management

In the case of labor hire, the purpose of data management is for the Data Controller to lend employees who are employed by the Data Controller to the Partners, i.e. the borrowing employers, and for the Data Controller to be able to fulfill its obligations as an employer and fulfill its obligations in the employment contract.

Since, in the case of temporary employment, an employment relationship is established between the Data Controller and the Data Subject, therefore the Data Controller must manage all Personal Data mentioned below that is necessary for the creation, maintenance and termination of the employment relationship, so among other things, the Data Controller manages personal data:

salary transfer, salary planning, payroll, deductions.
investigation of work accidents, payment of benefits.
determination of vacations, working time discount.
request for monetary benefits and leave.
checking compliance with immigration rules, applying for permits.
establishment of an employment relationship, completion of NAV declaration.
working time discount, notice restriction.
registration of working hours, payroll.
evaluating the performance of employees, setting goals, and ensuring a career path, as well as properly tracking the documentation of the above.
improving and protecting the security of employees, sites, systems, and assets.
monitoring compliance with internal policies and procedures.
processing payments
regarding

Scope of processed data

address, title, surname, first name, birth name, place and time of birth, mother’s birth name, type and number of identification document (e.g. social security number), social security number, tax identification number, citizenship, registered place of residence, place of residence (mailing address) , bank account number, marital status, number of dependent children, e-mail address, telephone number, photo, data on studies, data on workplaces, data on knowledge of foreign languages, information on altered working ability, other information typically included in a CV, such as a reference/ opinions from third parties, certificates, diplomas, recognitions, awards and other documents and the information provided in them, other information typically required for payroll and insurance relationships, such as, for example, a social insurance booklet, certificates and other documents issued by a previous employee, certificates and certificates issued by an employment center, a decision issued by the National Rehabilitation and Social Expert Institute, a decision issued by a pension insurance company.

In addition, for employees with a changed working capacity: personal identification data; Social security number; degree of change in working capacity; measure of health status; degree of health damage; fact of disability; a copy of the documents used to verify the above.

Legal basis for data management

fulfillment of the contract (the processing of Personal Data is necessary for the creation of the employment contract and for taking steps at the request of the employee prior to the conclusion of the contract).

The Data Controller manages the personal data of the establishment, maintenance and termination of the employment relationship based on the legal basis of performance of the contract.

legal obligation (the processing of Personal Data is necessary to fulfill the legal obligation of the Data Controller – in the case of joint data management – to further joint data controllers)

In specific cases, the Data Controller manages personal data based on legal obligations regarding the employment relationship. Data processing takes place based on legal obligations for the establishment, maintenance and termination of the employment relationship, salary transfer, salary planning, payroll calculation, deductions, determination of holidays, working time discount, cash benefits and leave requests, verification of compliance with immigration rules, application for permits, VAT reporting obligation regarding its performance.

the legitimate interest of the Data Controller or the Borrower.

Regarding employees with altered working capacity, the purpose of data management is to verify and prove the employment of a person with altered working capacity and the benefits to the Employer related to the employment of persons with altered working capacity based on the relevant legislation in force.

Source of data

The source of the data is directly the data subject.

Data transmission, Joint data controllers

Based on its legal obligation, the Data Controller transfers the employees’ data to authorities.

In the case of labor hire, the Data Controller may also transfer the personal data to the borrowing employer.

Regarding labor hire, the Data Controller, and the borrowing employer (Partner) act as a joint data controller. Based on the joint data management agreement, the Joint Data Controllers manage the personal data related to labor hire together, and jointly determine the purpose and means of data management. The purpose of joint data management is to ensure the maintenance of the employment relationship, as well as to promote mutual and barrier-free communication between data controllers to implement more efficient hiring. The purpose of joint data management is also to comply with legal regulations.

The Joint Data Controllers jointly ensure the exercise of the data subject’s rights by providing that if the data subject’s inquiry specifically relates to the data management of one of the Data Controllers (e.g. a data subject inquiry carried out by this Data Controller), then in the specific case the relevant Data Controller shall in the direction of the person concerned.

The data subject may contact any data controller with his request, exercise his rights under the GDPR in relation to any data controller, against any of them, the Joint Data Controllers are obliged to cooperate with each other in accordance with the provisions of the GDPR and/or local Law.

Responsibility of the Joint Data Controllers

The Joint Data Controllers are liable for damage caused by violating the provisions of the GDPR and/or local Law.

The Joint Data Controllers are released from liability if they prove that they are not responsible in any way for the event that caused the damage.

The responsibility of the Joint Data Controllers towards the data subject is joint and several, i.e. the data subject can enforce his claim against any of them and performance by any Data Controller reduces the obligations of the other obligees towards the data subject to the extent of the fulfilled part.

Data is not forwarded to data processors in connection with data management.

The Data Controller processes the data regarding labor hire during the following period.

Data management in the framework of labor mediation

Job mediation aims to facilitate the meeting of job seekers and job offers in order to establish a legal relationship for employment, including the mediation of local nationals abroad and foreign nationals in the local country.

In other words, the Data Controller carries out the recruitment and selection activities for the Partners connected to the Data Controller, as described in point 2. If a possible candidate is found, the Data Controller forwards his personal data to the Partner.

At the end of the successful mediation procedure (when the person mediated by the Data Controller is employed), the Partner sends a certificate of completion to the Data Controller, which may also contain personal data.

Purpose of data management

Proof of completion of labor placement services.

Scope of processed data

name of the Data Subject; job title; start of employment; the salary of the Data Subject

Legal basis for data management

legitimate interest of the Data Controller.

Source of data

The source of the data is directly the data subject.

Duration of data management

If the document is related to a tax payment obligation or discount (it is used to support it), the retention period lasts until the right to tax assessment expires (usually until the 6th year following the tax year). Within this, if the document is also classified as a document with strict accounting, then the retention period is 8 years, unlike the previous ones.

Data transmission, Joint data controllers

No data is transmitted regarding the process.

Data management related to Direct Marketing

The Data Controller may manage the personal data of the Data Subjects in accordance with its direct marketing activities as described below.

The Data Controller would like to regularly inform its customers and future customers about its services and offers through direct inquiries, offers or newsletters. In the newsletter, depending on its type, the customer or prospective customer who subscribes to it receives information about new services, offers and other useful information of the Data Controller at regular intervals (e.g. daily, weekly, monthly). Newsletters may also contain advertising messages.

Purpose of data management

The primary purpose of data management is to send advertisements, newsletters, offers, and other inquiries to clients and prospective clients, within the framework of this, to inform clients and prospective clients about the Company’s new services, and thus to acquire (new) active clients for the Company.

Furthermore, the purpose of data management

a) conducting market research and customer satisfaction surveys, the purpose of which is to enable the Foundation to assess how satisfied its customers are with the service provided to them, and with the help of this, it can provide them with the best possible quality service.
b) customer relationship management;
c) ensuring quality and efficient customer service;
d) the contact.

Scope of processed data

name, e-mail address, telephone number

Legal basis for data management

Personal Data is processed based on the Data Subject’s consent. Consent can be withdrawn by the Data Subject at any time. Withdrawal of consent does not affect the legality of data processing prior to withdrawal.

Duration of data management

The Data Controller processes the data until the consent of the Data Subject is withdrawn, but at the latest for [8] years after the consent was given. If there is a legal basis of legitimate interest, the data will be processed for [8] years.

Source of data

The source of the data is directly the data subject.

Data transmission, Joint data controllers

The Personal Data processed in connection with the newsletter are transferred to the members of the Manpower Group of Companies, who act as Joint Data Controllers.

The Joint Data Controllers determine the division of their responsibilities for fulfilling the obligations under the GDPR in the agreement reached between them. In this point, the essential elements of the agreement are detailed.

The Joint Data Controllers jointly ensure the exercise of the data subject’s rights by providing that if the data subject’s inquiry specifically relates to the data management of one of the Data Controllers (e.g. a data subject inquiry carried out by this Data Controller), then in the specific case the relevant Data Controller shall in the direction of the person concerned.

Responsibility of the Joint Data Controllers

The Joint Data Controllers are liable for damage caused by violating the provisions of the GDPR.

The Joint Data Controllers are released from liability if they prove that they are not responsible in any way for the event that caused the damage.

Data is not forwarded to data processors in connection with data management.

Data management related to inquiries concerning the company.

Purpose of data management

Fulfilling requests for company-related information and service information received from anyone by phone, email, mail or even in person, or through social networking sites (e.g. Facebook, LinkedIn) to Manpower.

Scope of processed data

the data you provide e.g. name, phone number, e-mail address

Legal basis for data management

consent of the data subject.

Duration of data management

Personal data will be processed for 1 year after the response.

Source of data

The source of the data is directly the data subject.

Data transmission, Joint data controllers

No data is transmitted regarding the process.

Contact data management.

The contractual partners of the Data Controller (hereinafter: “Supplier”) carry out data management for the following purposes regarding the Supplier, or in the case of a non-natural person Supplier, its employees, other contributors, registered persons, and contacts contributing to the fulfillment of the Supplier’s contractual obligations:

Purpose of data management

The purpose of personal data management is to fulfill the contract between the Data Controller and the Partner. Thus, the implementation of effective contact between the Data Controller and the Partner, the conduct of negotiations related to the contract, which is an essential part of the fulfillment of the contract, is absolutely necessary.

The purpose of data management is also the possibility of asserting the economic and legal interests of the Data Controller in the event of disputes arising in connection with the contract.

Regarding those entitled to register, the purpose of data management is also the conclusion of a contract, possible modification, and termination of the contract.

Scope of processed data

name, company e-mail address, company phone number, position, possibly signature.

Legal basis for data management

Legal basis for data management: natural person in the case of a partner: i.e., performance of a contract (“data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract”)

In the case of other, non-natural person Partner: i.e., the legitimate interest of the Data Controller

Regarding data management, the Data Controller has determined that the basic rights and freedoms of the contacts do not take precedence over the legitimate interests of the data controller, as it is necessary for the Data Controller to be able to carry out operational tasks that require work daily in relation to the contractual relationship with the contractual partner. In this way, any necessary negotiations between the Data Controller and the partner can take place smoothly. Furthermore, since the data subjects can rightfully expect their personal data to be processed by their employer’s contractual partners based on their job description and the experience gained from their normal work, the Data Controller may not enter the private sphere of the data subject to an extent that can be considered excessive, and which could significantly adversely affect the person concerned. Furthermore, the Data Controller only manages data of the data subject that is necessary for maintaining contact related to the data subject’s work and seeks him/her exclusively in connection with the performance of his/her work.

Duration of data management

We process the personal data of our business partners’ contacts until the purpose of the data management is achieved, which, in the absence of a different provision, is the claim enforcement period following the fulfillment of the contract. Currently lasts until the end of five years, or in the case of a claim being asserted within this period, until it is legally closed.

Source of data

Personal data may be received from the Data Controller’s Supplier, which is not a natural person, and also from the Data Subject himself, where appropriate.

Duration of data management

The Data Controller manages the personal data until the data management purpose exists, but at the latest after the termination of the contract concluded with the Supplier until the civil law limitation period (generally 5 years), in connection with which the data subject acted as a contact person.

In the event that the contact person’s status as a contact person ceases during the term of the contract, the Data Controller will no longer search for this contact person, except in cases of dispute.

If any personal data is included in an accounting document, the Data Controller keeps the documents and thus the personal data contained in them for 8 years based on § 169 of Act C of 2000 on accounting.

Data transmission, Joint data controllers

The Data Controller may forward contact information to authorities or courts in the event of an official or judicial request.

The Supplier, who is not a natural person, is also responsible as a data controller for ensuring that the Data Subjects receive adequate information in advance about the intention to transfer data to the Data Controller (as the recipient of the data transfer and as another data controller), as well as the scope of the personal data affected by the data transfer and the purposes of the data transfer.

In the case of a Supplier who is not a natural person, the Supplier is obliged to hand over the information to the Data Subjects and certify that this has happened to the Data Controller.

Data management related to cookies

When you visit our Sites, we may collect certain information through automated tools such as cookies, web beacons, and web server logs. Information collected in this way includes, but is not limited to, IP address, unique device identifier, browser characteristics, device characteristics, operating system, language preferences, referring web addresses, information about actions taken on our Sites, date of visit to our Sites, and time and other usage statistics.

More information about data management in connection with Cookies can be found in the Cookie Policy of the Data Controller, which can be accessed via the following link:

https://manpowersee.com/site/privacy-notice/

VIII. Your Rights and Choices

You can exercise the following rights in relation to the management of your personal data:

Right of access: You have the right to receive confirmation as to whether we are processing your personal data and to access information about the processing of your personal data that we process in order to verify that your personal data is being processed in accordance with the law. At your request, we will make a copy of the data that is the subject of data management.
Right to rectification: You have the right to request the correction of inaccurate or incomplete data stored about you in order to protect the accuracy of such data and adapt it to data management.

Right to erasure (“the right to be forgotten”): You have the right to have your personal data deleted and no longer processed at your request under certain circumstances. These circumstances are, for example, the following: i) the personal data are no longer needed for the purpose for which they were collected or otherwise processed ii) if the data processing was based on your consent and you withdraw your consent iii) the data processing takes place for direct marketing purposes or iv) personal data were handled illegally. However, there are exceptions to the right to erasure. These general exceptions, when the processing of personal data is necessary: i) expression of opinion and exercise of rights to information, ii) compliance with legal obligations; or iii) to submit legal claims,

The right to restrict data processing: You have the right to request that the Data Controller restricts the processing of your data. These circumstances are, for example, the following: i) the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, assert or defend legal claims ii) the data processing is illegal and the data subject opposes the deletion of the data and instead requests their deletion restriction of its use iii) the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period that allows the data controller to check the accuracy of the personal data or iv) the data subject has objected to the data processing; in this case, the limitation applies to the period until it is established, whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject. If data management is subject to restrictions, such personal data may only be processed with the consent of the data subject, with the exception of storage, or for the presentation, enforcement or defense of legal claims, or for the protection of the rights of another natural or legal person, or for the important public interest of the European Union or a member state.
The right to data portability: You have the right to receive the personal data you originally provided and concerning you in a segmented, widely used, machine-readable format, and you may request that the data be transferred to another data controller if the data processing is based on the consent of the data subject or the contract is executed on the basis of a legal basis and in an automated manner.
Right to object: If the legal basis for the processing of your personal data is not your consent, but the data processing is necessary to enforce the legitimate interests of the data controller or a third party, you are entitled to object to the processing of your personal data at any time for reasons related to your own situation, including also profiling based on the aforementioned provisions. In this case, the processing of your personal data will only continue if exceptional circumstances exist. In addition, if your personal data is processed for direct business purposes, you have the right to object at any time to the processing of your personal data for this purpose, including profiling. If you object to the processing of personal data for direct business purposes,

Objection to automated decision-making: You have the right not to be subject to the scope of a decision based solely on automated data processing, including profiling, which would have legal effects on you or would similarly significantly affect you.
Right to withdraw consent: If the legal basis for processing your personal data is your consent, you have the right to withdraw your consent at any time. If you withdraw your consent, we will stop processing your data, unless data processing is permitted or required by the relevant laws and regulations. Withdrawal of your consent does not in any case affect the legality of the data processing that took place with the previously given consent prior to the withdrawal.

We would like to inform you that in connection with the exercise of the above rights, Manpower is obliged to provide the information regarding the request for correction, blocking or deletion in a form that can be understood in writing without undue delay, but no later than within one (1) month from the date of submission of the request. If we do not take measures based on your request, we will inform you without delay, but no later than within one (1) month, of the reason for not taking action on your request for correction, deletion or blocking, and that you can take legal action in this regard, as well as file a complaint with the National Data Protection and Freedom of Information Authority.

In the course of handling your request, we will notify you and all those whose personal data we previously transmitted for the purpose of data management about the correction, blocking and deletion.

If you have a complaint about Manpower’s data management practices, we recommend that you contact Manpower at one of the indicated addresses before taking the dispute to court.

Right to legal remedy: In order to remedy a violation of your rights related to the protection of your personal data, or in the event of an imminent threat of a violation, you may turn to a court or the National Data Protection and Freedom of Information Authority.

Slovenia:

Manpower Slovenija d.o.o.
Vodovodna 101
1000 Ljubljana
Phone number: +386 1 24 29 100
Email: dposlovenija@manpower.si
www.manpower.si

Croatia:

Manpower d.o.o.

Avenija Dubrovnik 16

10 000 Zagreb

Phone number: +385 1 5565 700

Email: dpocroatia@manpower.hr

www.manpower.hr

Hungary:

Manpower Munkaerő Szervezési Kft.

1133 Budapest, Váci út 76.

Phone number: +36 1 411 1590
Email: dpo@manpower.hu

www.manpower.hu

Bosnia&Herzegovina:

Manpower Bosna i Hercegovina

Fra Anđela Zvizdovića 1

71000 Sarajevo

Phone number: +387 61 976 691

Email: dposerbia@manpowergroup.rs

www.manpowergroup.ba

Serbia:

Manpower Serbia

Bulevar Milutina Milangovića 11G

11000 Belgrade

Phone number: +381 11 41 43 095

Email: dposerbia@manpowergroup.rs

www.manpowergroup.rs

Bulgaria:

Manpower Bulgaria OOD/ Manpower EOOD

Ul. Filip Kutev 14, Business center GORA, 6^th floor

Sofia

Phone number: +359 2 9426811

Email: regulatory_compliance@manpower.bg

www.manpower.bg

The adjudication of the lawsuit falls under the jurisdiction of the court of the seat of the Data Controller. The lawsuit can also be initiated before the court of the place of residence or stay.

If the Data Controller causes damage to others by unlawfully handling their data or violating data security requirements, they are obliged to compensate them. If you violate your privacy rights by illegally handling the data of the Data Controller or another data controller or by violating the requirements of data security, you may demand damages from the Data Controller.

If you require further information about the handling of your personal data, please read the section entitled “How to contact us” below.

Updates to our Privacy Policy

We may revise, amend and update this Privacy Notice (including any supplements) from time to time to reflect changes in our privacy practices and legal requirements.

In case of major changes, we will notify you by publishing a prominent notice on our Websites, indicating the most recent update at the top of each statement.

How to contact us

If you have any questions or comments regarding this Privacy Notice, or if you wish to exercise your rights, please contact us:

Slovenia:

Manpower Slovenija d.o.o.
Vodovodna 101
1000 Ljubljana
Email: dposlovenija@manpower.si

Croatia:

Manpower d.o.o.

Avenija Dubrovnik 16

10 000 Zagreb

Email: dpocroatia@manpower.hr

Hungary:

Manpower Munkaerő Szervezési Kft.

1133 Budapest, Váci út 76.
Email: dpo@manpower.hu