Recruitment Privacy Policy
This Privacy Policy (hereinafter referred to as the „Policy”) was posted on and is effective as of 29 October 2025.
1. DATA CONTROLLER AND DEFINITIONS
With the present Recruitment Privacy Policy (hereinafter: "Policy"), Commsignia Ltd. (hereinafter: "Company" or "Commsignia" or "We") intends to ensure that it gathers, stores and handles data fairly, lawfully, transparently and with respect towards individual rights. This Policy applies to the recruitment procedure of Commsignia and its affiliates. This Policy gathers the Company’s guidelines and principles for collecting, storing, using, processing and disclosing partner’s personal data regarding your job application procedure(s). Should you apply using Our website, the privacy policy applicable to Our website would also apply for the use of the website, which you can access here: https://commsignia.com/privacy-policy
In this Policy Data Subject or "you" means a person who applies to or have previously applied to a position at Commsignia Ltd. or any affiliate.
The processing and collection of personal data by the Company is in harmony with the directly applicable laws of the European Union and the provisions of the Hungarian laws in effect. In case of personal data processing, the Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: “GDPR ”; for relevant definitions please see Appendix No. 1) , the Act CXII of 2011 on the Right to Informational Self-determination and Freedom of Information (hereinafter: "Freedom of Information Act"), furthermore the recommendations and the data protection practice of the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter: "NAIH ") and the recommendations of the Article 29 Data Protection Working Party (hereinafter: “WP29”) shall apply.
During the recruitment process we process your personal data provided by you during the application procedure, especially in your curriculum vitae and cover letter. During the tests and interviews we may obtain further information about you that can potentially constitute personal data. The Company will keep the received personal data confidential and takes all necessary steps to secure data processing. As Commsignia determines the purposes and means of the processing of any personal data collected or received from you, the Company is a data controller of any personal data described in this Policy. You are the data subject related to the personal data that the Company receives during the application procedure.
Company name of the data controller: Commsignia Ltd.
Registered office: Széchenyi u. 14., 7252 Attala, Hungary
Postal address: 4-20 Irinyi József utca, Budapest 1117, Hungary
Company registration number: 17-09-010377
Tax number: HU23874664
Email address: [email protected]
Website: www.commsignia.com
2. SCOPE OF PROCESSED DATA, PURPOSE, LEGAL BASIS OF DATA PROCESSING, THE PERIOD FOR WHICH THE PERSONAL DATA IS STORED
| Categories of personal data concerned | Purpose of data processing | Legal basis of data processing | Period for which the personal data is stored |
a) | Professional CV, letter of motivation. | Assessing the proficiency, qualification, professional experience necessary to fulfill the position in question and evaluating the motivation of the applicant. | We process your personal data based on our legitimate interest in filling job openings, selecting the most suitable candidate, conducting the recruitment procedure appropriately, communicating with candidates related to the process, complying with laws and legal obligations, protecting our interests in case of litigation or other legal proceedings, avoiding multiple applications from the same individual, and handling situations where recruitment service providers or agencies submit an applicant with whom we have already been in contact.
| We process your personal data for a 1-year period starting on the day we receive your application. When we have no legal basis to process your personal data or we the previous bases ceases to apply, your personal information, we will either be deleted or anonymized. |
b) | Personal and contact data of the applicant provided during the application process. | Identification, keeping contact. | ||
c) | Data concerning proficiency, qualification and professional experience. | Certifying the qualification necessary to fulfill the position in question | ||
d) | Data generated by the Company about the applicant during the interviews and tests concerning the evaluation of the candidates. | Evaluation of the suitability of the applicant in the selection procedure. | ||
e) | Personal data generated during tests and other tasks testing skills necessary to fulfill the position before admission.
| Determining suitability for the position. |
No automated individual decision-making or profiling is performed in the course of the data processing of the Company concerning the applicants.
3. RECIPIENTS OF THE PERSONAL DATA
The visibility of personal data is restricted and will be accessible only by the relevant people at Commsignia who are taking care of your application. Except as expressly described below, we neither rent nor sell your information to third parties or non-affiliated companies. We may share your information only when we have your permission.
The Company may request data processing service for processing the personal data. During the service of data processing, the data processor shall abide under the present Policy, relevant legislations in force, furthermore the provisions of the existing contracts of the Company.
In order to fulfil its purposes as a data controller Commsignia cooperates with the data processors listed below. Commsignia reserves the right to change the data processors at any time.
Name of the data processor | Data processing activity carried out on behalf of Commsignia and list of the personal data the data processor has access to, |
Trakstar Hire Company name: Mitratech Holdings, Inc. | Trakstar Hire (previously called: Recruiterbox) is used to organize and administer the hiring process, thus processing personal data..
Data received by Mitratech Holdings, Inc. may be stored and processed in a third country (especially in the USA). Hence Commsignia and Mitratech Holdings, Inc. have concluded a data processing agreement which includes standard contractual clauses in accordance with the Commission Decision (EU) 2021/914 of 4 June 2021 with the intention to provide appropriate safeguards to you as laid down in GDPR. |
HackerRank Company name: Interviewstreet Incorporation Website: https://www.hackerrank.com/privacy | HackerRank is used to evaluate the skills of the Data Subject as a software developer. Interviewstreet Incorporation has access to the e-mail address, name and the position applied for.
Data received by Interviewstreet Incorporation may be stored and processed in a third country (especially in the USA). Hence Commsignia and Interviewstreet Incorporation have concluded a data processing agreement which includes standard contractual clauses in accordance with the Commission Decision (EU) 2021/914 of 4 June 2021 with the intention to provide appropriate safeguards to you as laid down in GDPR. |
LinkedIn Corp
Company name: LinkedIn Corp Address: 1000 West Maude, Sunnyvale, California, 94085 Website: https://www.linkedin.com/ Contact: https://www.linkedin.com/help/linkedin | Commsignia may engage the Data Subjects using the LinkedIn social media site and platform, using the so-called LinkedIn Recruiter service. Commsignia will at all times comply with the relevant LinkedIn terms and conditions and other (e.g. privacy related) documentation. LinkedIn Corp may store and process date in a third country (especially in the USA). Hence Commsignia and LinkedIn Corp have concluded a data processing agreement which includes standard contractual clauses: https://www.linkedin.com/legal/l/customer-sccs. In this case, depending on the type of service used, LinkedIn Corp and Commsignia may also be independent or joint data controllers. More information regarding privacy and regulatory compliance:
|
In addition, Commsignia stores paper based personal data in locked storages within its office space. Any unauthorized collection, processing, or use of such data by employees of Commsignia is prohibited.
Commsignia, Inc. (address: 5201 Great America Parkway, Suite 320, Santa Clara, CA 95054, United States of America, website: www.commsignia.com, contact: [email protected]) is the parent company of the Data Controller. If you are interested in positions at Commsignia, Inc., some information may be shared with Commsignia, Inc. during the selection process. In this case Commsignia, Inc. and Commsignia are joint data controllers.
Commsignia only transfers personal data collected from the EU territory to a third-party having a registered seat outside the EU or the United States of America acting as a data processor without appropriate safeguards when it is necessary for the performance of the contract. Commsignia will make every effort to ensure that the personal data transferred is safe and secure and that the personal data is processed in a manner consistent with the GDPR.
If the applicant does not directly apply for a position at the Company (that is, for example through a recruitment agency or through a temporary employment agency or a student labor association) then the Company may collect certain data from these sources as well, and will handle these data in line with this Policy.
4. DATA SECURITY
Commsignia observes all applicable regulations regarding the security of personal data, therefore both Commsignia and its authorized data processors implement appropriate technical and organizational measures to protect personal data, and establish adequate procedural rules to enforce the provisions of the GDPR and all relevant local laws concerning confidentiality and the security of data processing.
5. RIGHTS OF THE DATA SUBJECT
Right to be informed, Right of access and to rectification: You have the right to obtain confirmation whether or not we are processing personal data relating to you, have communicated to you such data so that you could verify its accuracy and the lawfulness of the processing and have the data corrected, amended or deleted where it is inaccurate or processed in violation of the GDPR.
Right of erasure: In certain circumstances, you may have a broader right to erasure of personal information that We hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that We may need to retain certain information to comply with our legal obligations.
Right to object to processing: You may have the right to request Commsignia to stop processing your personal data.
Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).
Right to Data Portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that We transfer the personal information to another data controller without hindrance.
6. RIGHTS AND ENFORCEMENT
6.1. Any personal information which you provide for Commsignia must be true, complete, and accurate in all respects. You agree to notify us of any change in your personal information via Commsignia’s email address specified in section 1 without delay.
6.2. The Data Subject may exercise the following rights in relation to Commsignia's data processing activities:
· request information on and have access to his/her personal data being processed;
· request the rectification of his/her personal data;
· request the deletion of his/her personal data or restriction of the processing of his/her personal data;
· object to Commsignia's data processing;
· request data portability.
6.3. Right to get information and to have access to personal data being processed:
The Data Subject has the right to obtain confirmation from Commsignia as to whether or not personal data concerning him or her are being processed, and, if that is the case, to have access to the personal data and the following information:
a) the purposes of the data processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) if possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the Data Subject’s right to request from Commsignia the personal data’s rectification, erasure or the restriction of their processing if these personal data are related to the Data Subject or the Data Subject’s right to object to such data processing;
f) the right to lodge a complaint with a supervisory authority;
g) if the personal data are not collected from the Data Subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, and at least in these cases meaningful information about the logic involved, as well as the significance and the envisaged consequences of such data processing for the Data Subject.
If personal data are transferred to a third country or to an international organization, the Data Subject shall be informed of the appropriate safeguards relating to the data transfer.
Commsignia provides the Data Subject with a copy of his or her processed personal data. For any further copies requested by the Data Subject, Commsignia may charge a reasonable fee based on administrative costs. If the Data Subject submits the request by electronic means, the information shall be provided in a commonly used electronic form, unless otherwise requested by the Data Subject.
The right to obtain a copy referred to in the previous paragraph shall not adversely affect the rights and freedoms of others.
The rights mentioned above can be exercised through the Commsignia’s contact details indicated below.
6.4. Right to data portability:
The Data Subject has the right to receive personal data concerning him or her, which he or she has provided to Commsignia, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from Commsignia, if the data processing is based on consent or on a contract and the processing is carried out by automated means.
When exercising the right to data portability defined above, the Data Subject shall have the right to have the personal data transmitted directly from one controller to another, if it is technically feasible.
Exercising the right to data portability is without prejudice to the right to erasure („right to be forgotten”).
The right to data portability shall not adversely affect the rights and freedoms of others.
6.5. Right to rectification:
Upon the request of the Data Subject, Commsignia will rectify any inaccurate personal data related to the Data Subject (without undue delay). Considering the purposes of the data processing, the Data Subject has the right to have his or her incomplete personal data completed, including by providing a supplementary statement.
6.6. Right to erasure („Right to be forgotten”):
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the Data Subject withdraws his or her consent on which the data processing is based, and if there is no other legal ground for the data processing;
c) the Data Subject objects to the data processing and there are no overriding legitimate grounds for the data processing, or if the personal data are processed for direct marketing purposes;
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Commsignia is subject;
f) the personal data have been collected in relation to the offer of information society services.
Erasure of data cannot be initiated if data processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which Commsignia is subject to or for the performance of a task carried out in the public interest;
c) for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, for medical diagnosis, for the provision of health or social care or treatment or for the management of health or social care systems and services, on the basis of Union or Member State law or pursuant to contract with a health professional and if those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies;
d) for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the Data Subject, in particular as for professional secrecy;
e) for reasons of public interest in the area of public health and if those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies;
f) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if the right of erasure would make such data processing impossible or the right of erasure would such data processing seriously jeopardize[1]; or
g)for the establishment, exercise or defense of legal claims
6.7. Right to restrict data processing:
The Data Subject has the right to request the restriction of data processing concerning him or her from the Commsignia and Commsignia shall comply with this request without undue delay if any of the following reasons exists
a) the accuracy of the personal data is contested by the Data Subject, in this case restriction is related to a period enabling Commsignia to verify the accuracy of the personal data;
b) the data processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) Commsignia no longer needs the personal data for the purposes of the data processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims;
d) the Data Subject has objected to data processing based on public interest or legitimate interest, in this case restriction is applied for a period in the course of which it can be verified whether the legitimate grounds of Commsignia override those of the Data Subject.
If processing has been restricted according to the above, such personal data shall, with the exception of storage, only be processed with the Data Subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A Data Subject who has obtained restriction of data processing according to the above shall be informed by Commsignia before the restriction of data processing is lifted.
6.8. Right to object
The Data Subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her, if the legal ground of data processing is to perform a task carried out in the public interest or in the exercise of official authority vested in a data controller, or the data processing is necessary for the purposes of the legitimate interests pursued by a data controller or by a third party, including profiling based on these provisions. Commsignia shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the data processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
6.9. Procedure in the event of a request submitted by the Data Subject concerning the exercise of the above rights:
Commsignia provides information to the Data Subject on any action taken upon the Data Subject’s request related to the rights defined in this Policy without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary, considering the complexity and number of the requests. Commsignia informs the Data Subject of any such extension within one month of receipt of the request, with the reasons for the delay. If the Data Subject makes the request by electronic means, Commsignia will provide the information by electronic means where possible, unless otherwise requested by the Data Subject.
If Commsignia does not act on Data Subject’s request, Commsignia informs the Data Subject without delay and at the latest within one month of receipt of the request of the reasons for not acting and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Any and all information and communication requested by Data Subject are provided by Commsignia free of charge, unless requests from the Data Subject are manifestly unfounded or excessive, in particular because of their repetitive character. In this case, Commsignia may either charge a reasonable fee considering the administrative costs of complying with the request or refuse to act on the request.
Commsignia shall communicate any rectification or erasure of personal data or restriction of data processing carried out by Commsignia to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Commsignia shall inform the Data Subject about those recipients if the Data Subject requests it.
6.10. You may lodge a complaint about the processing of your personal data to the National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; address: H- 1055 Budapest, Falk Miksa utca 9-11; postal address: 1363 Budapest, Pf.: 9.; phone: +36-1-391-1400; facsimile: +36-1-391-1410; email: [email protected]) or to the data protection authority of your home country or country of your residency.
6.11. Independently from lodging a complaint to NAIH, you may turn to court pursuant to the provisions set forth in the Privacy Act if your rights are infringed. Upon your decision, the procedure may be launched before the tribunal in whose jurisdiction you are domiciled or you have a temporary address. Prior to initiating a legal procedure, it may be useful to discuss the complaint with Commsignia.
6.12. Your detailed rights and remedies are set out in subsections 14–18 and 21–23 of the Privacy Act and in Articles 15-21 of the GDPR.
7. CONTACTING COMMSIGNIA
We value your opinion. If you have any comments, questions, or wish to obtain more information on data processing at Commsignia, please send an email at [email protected] or mail to the postal address specified in section 1. We will handle the submitted information confidentially. Our representative will contact you within a reasonable time.
[1]Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards protecting the rights and freedoms of the data subject. These safeguards shall ensure that technical and organizational measures are in place in particular in order to ensure respect for the principle of data minimisation. These measures may include pseudonymisation provided that these purposes can be fulfilled in that manner. If these purposes can be fulfilled by further data processing which does not permit or no longer permits the identification of data subjects, these purposes shall be fulfilled in that manner.
