Data Privacy Statement

The purpose of this policy is for Bayer Hungária Kft. (headquarters: 1123 Budapest, Alkotás u.50; company registration number: 01-09-063142; tax ID number: 10263002-2-44; hereinafter: Bayer). the Data Processor) to present the data processing practice for the process of recruitment (hereinafter: Recruitment) of staff (hereinafter: the Candidate or the Subject).

Before applying for any position, please carefully read the guidelines.

1. The purposes of data processing, within the scope of the data handled, are the legal basis and time of data processing

1.1. Creating a user profile

The purpose of data processing is to make it easier for the Subject to register and to create a user profile on the website (hereinafter: the Profile), in order to apply for the position desired.

By creating a Profile, a candidate can apply for multiple positions.

Information for accessing the website



Surname, first name, date of birth, e-mail address and password (encrypted), or LinkedIn ID and LinkedIn password (encrypted) if the Subject logs in with their LinkedIn profile


Information for creating a professional profile




Information on qualifications: institution, area, type of qualification, period (year, month)

Information on professional experience: employer, field of work, period, gross pay required

period of notice

native language, gender, short introduction, language skills, link to online profile

Information on qualifications: institution, area, type of qualification, period (year, month)

Information on qualifications: reason for changing

Contact information



e-mail address, telephone number

Skype username


You can also register without the optional information, which is just for the purpose of clarification.

The separate listing of this information, which forms part of the resume, is for ease of searchability and quicker identification of non-relevant applications. As many candidates apply for each position, Recruitment can be handled more smoothly if the most important information is provided at the Candidate’s registration.

The legal basis for data processing is the explicit consent of the Subject, which is provided during registration.

The period of data processing is: 5 years after registration. After this, if the Candidate does not provide confirmation for the continuation of the account, it will be automatically deleted by the system.

1.2. Application for the chosen position

The purpose of data processing is for the Subject to apply for the desired position.

Data processing is based on the consent of the Subject.

Information provided by the candidate

Information not provided by the candidate

documents to be uploaded (resume and cover letter)


Time and status (registration awaiting completion, under evaluation, accepted, rejected) of the application for the position.


The time of application is recorded by the system, while the status of the position is set by the Data Controller’s HR staff.

Period of processing information from the candidate: six months after the filling of the position.

Information not provided by the candidate: as long as the Profile exists.

1.3. Decision-making process

The purpose of data processing is for the Data Controller to arrange job interviews with the Subject, conduct these interviews, and evaluate the Subject’s application. During data processing for the Subject, the data controller may send invitations, make notes, and carry out work aptitude tests in order to compare the professional skills of the different candidates.

Scope of data processed: all information provided by the candidate, information acquired during the interview, work aptitude test.

The legal basis for data processing is the legitimate interest of the Data Controller in filling positions with the most competent individuals during the selection process.

Justification for legitimate interest:

The Data Controller can only judge the Subject’s job application if he or she maintains contact with the Subject, assesses the Subject’s professional competence, conducts interviews, and ascertains whether the skills required to fill the position are present, which necessarily involves data processing.

The process does not constitute a breach of the Subject’s interests, as information is only recorded in the interests of filling the role.

The period of data processing ends once the selection process is closed: after this, the Data Controller shall delete the data.

1.4. Conducting of employee personality assessment tests

During the later stages of the recruitment process, the Data Controller will offer employee personality assessment tests to certain Candidates based on the position that is applied for.

A test may only be conducted if the Candidate consents in writing after being notified, and if the Candidate’s rights are validated and respected.

As the Data Controller will not complete the test with every Candidate, the requirement for prior notification of the test will be fulfilled subsequently if completion of the test becomes relevant.

1.5. Collection of data for statistical purposes and for improvement of the process

The Data Controller shall send invitations to the Candidates in accordance with item 1.3. In order to improve the Recruitment process, the Data Controller shall log the interviews, and the presence of the Candidates, and, based on this, shall prepare a report on how many Candidates have applied for each position, how many interviews are conducted, and how soon an appropriate candidate is found.

Scope of processed data: date and time of interview, position applied for.

The data processing shall be based on the legitimate interests of the Data Controller in connection with the improvement of the processes.

Period of data processing: as long as the Profile exists.

Justification for legitimate interest:

The Data Controller can achieve lower costs and a quicker, more efficient process by improving the Recruitment process. Because the relevant information is recorded as needed during Recruitment (e.g. events with invitations containing calendar dates sent by e-mail), the Data Controller does not record surplus information. The information recorded does not constitute injury to the Subject.

2. Information related to data processing

2.1. Online Üzleti Intelligencia Kft.

(headquarters: 6720 Szeged, Kárász utca 9; tax ID number: 14555187-2-06; company registration number: 06-09-015852) carries out maintenance of the database and storage of the data, and administers the

Shared contact person for data processing:

Name: Zsófia Novák


Telephone: 06/70-617-5525

3. Who can access personal information?

The Data Controller’s HR staff, the manager(s) for the position, and the data processing IT staff may access the information.

4. Security of personal information

4.1. The Data Controller and the Data Processors maintain a secure IT environment in order to protect the personal information of Subjects, and carry out appropriate measures against unauthorized access, modification, transmission, disclosure, deletion and destruction, as well as accidental destruction and damage. When transfer of information takes place during Recruitment, care is taken in all cases to ensure that the transfer is done in the securest environment possible.

5. Rights of the Subject

The following rights pertain to the Subject:

5.1. The right to information relating to the personal data stored by the Data Controller, and the right to correction, deletion or restriction on the use of personal data, which can be requested from the following:

The Data Controller must fulfill the request as soon as possible, and within no more than 5 business days.

5.2. There is also a right to withdraw consent to the future collection, processing and use of personal data. Withdrawal of consent does not affect the legality of data processing carried out previously and with consent.

Contact details of the Data Controller’s Data Protection Officer:

Bayer Hungária Kft. – Data protection officer

Address: 1123 Budapest, Alkotás út 50

Tel.: +36 1 4874-281

Mobile: +36-30-4609830


5.3. The right to challenge or prohibit data processing based on the Data Controller’s legitimate interest, unless the Data Controller confirms that the data processing is supported by compelling and legitimate reasons that primarily affect the interests of the Subject, or if it is needed in the interests of declaring, proving or protecting legal claims;

5.4. The right to store data (the Subject has the right to request a copy of the information stored, within reasonable limits);

5.5. In event of injury, or if there is direct risk related to the processing of personal information, the Subject may initiate an investigation by the National Data Protection and Freedom of Information Authority (1121 Budapest, Szilágyi Erzsébet fasor 22/C; mailing address: 1530 Budapest, Pf.: 5.; website:; e-mail:; telephone number: +36 (1) 391-1400), or, in the event of violation of rights, the affected party may initiate legal proceedings.

6. How to contact us

If the Subject has any questions, recommendations, or objections, or wishes to ask (a) question(s) in connection with the Data Processing guidelines, then they should contact the Data Processing Data Protection Officer:

Data processing officer

Mailing address: 1123 Budapest, Alkotás utca 50

Email address for general enquiries:

Tel.: +3614874281