Data protection notice on recruitment related data processing by
Kibit Solutions Limited Liability Company
(hereinafter referred to as: Kibit Solutions Ltd.)
provides the following information to data subjects regarding the processing of personal data during its recruitment related activities.
Name and activity of the Data Controller
Name of the Data Controller: Kibit Solutions Ltd.
Company registration number: Cg.01-09-342197
Registered seat: 1036 Budapest, Bécsi út 52. 1/2.
Email: info@kibitsolutions.com
The Data Controller participates in the execution of domestic and international IT-related projects through its employees or subcontractor.
RECRUITMENT PROCESS
Purpose of processing
recruitment of new employees, keeping contact with them during selection process
Categories of personal data
name, contact details (phone number, email address), CV, photo, certificates, result of professional test, excellence summary, interview, salary expectation, date of consent
Legal ground
the applicant’s consent (GDPR art. 6. point (1) a))
Duration of processing
15 days after the end of the 5th year following the date of the consent – if no withdrawal occurred before
Data transfer
In case of project planned with Client, Data Controller transfers the applicant’s CV, name, email address photo, result of the professional test to its Client.
Storage of personal data
Data Controller stores the applicants data in its own systems or its own Google Drive storage capacity.
CREATE AND MANAGE HR DATABASE
Purpose of processing
The Data Controller regularly participates in the execution of domestic and international IT-related projects where it might need the involvement of new employees.
Categories of personal data
name, contact details (phone number, email address), CV, photo, certificates, result of professional test, excellence summary, interview, salary expectation, date of consent
Legal ground
the applicant’s consent (GDPR art. 6. point (1) a))
Duration of processing
15 days after the end of the 5th year following the date of the consent – if no withdrawel occured before
Data transfer
In case of relevant Client project, personal data stored in the database will be transferred to Client after informing the candidate.
Storage of personal data
Data Controller stores the applicants data in its own systems or its own Google Drive storage capacity.
DATA TRANSFERS TO THIRD COUNTRIES
In certain cases, the personal data provided by data subjects may be shared with clients classified as third-country entities under applicable law. The Data Controller relies on adequacy decisions issued by the European Commission to determine whether a third country provides an adequate level of data protection for the above data transfers. In other cases, standard contractual clauses approved by the European Commission or other applicable legal exemptions (Privacy Framework to US companies) are used to govern such transfers.
RIGHTS OF THE DATA SUBJECT
Data subjects may request information regarding the processing of their personal data, request the correction or deletion of their data via recruitment@kibitsolutions.com, request restriction of processing, and have the right to data portability and to seek legal remedy. In Hungary, complaints can be submitted to the National Authority for Data Protection and Freedom of Information (NAIH), or the data subject may turn to a court of law.
RIGHT TO INFORMATION AND ACCESS
The data subject has the right to know what personal data the Data Controller stores and how it is processed. Requests must be submitted in writing (email or post). The Data Controller will respond in a commonly used electronic format unless otherwise requested in writing.
The first copy of the personal data will be provided free of charge. Additional copies may incur a fee based on administrative costs.
RIGHT TO RECTIFICATION
Upon written request, the Data Controller will correct any inaccurate personal data or supplement incomplete data without undue delay. All recipients of the data will be informed of the rectification unless this proves impossible or requires disproportionate effort.
RIGHT TO RESTRICTION OF PROCESSING
The data subject may request restriction of processing if:
they contest the accuracy of the personal data (restriction applies while accuracy is verified);
the processing is unlawful, but deletion is opposed, and restriction is requested instead;
the controller no longer needs the data for processing, but the data subject requires it for legal claims;
the data subject objects to processing pending verification of overriding legitimate interest by the controller.
RIGHT TO ERASURE (‘RIGHT TO BE FORGOTTEN’)
Upon request, the Data Controller will delete the data subject’s personal data without undue delay if:
the data is no longer needed for the original purpose;
the data subject withdraws consent and there is no other legal basis;
the data subject objects to processing and there are no overriding legitimate grounds;
the data was processed for direct marketing (including profiling);
the data was processed unlawfully;
the data relates to a child under information society services.
RIGHT TO DATA PORTABILITY
The data subject may receive and reuse their personal data (provided by them to the controller) across different services. This applies only to data the data subject submitted directly and not derived or inferred data.
RIGHT TO OBJECT
The data subject may object in writing to processing based on:
public interest (Article 6(1)(e) GDPR), or
legitimate interests (Article 6(1)(f) GDPR).
Processing must cease unless the Data Controller can demonstrate compelling legitimate grounds overriding the data subject’s interests or necessary for legal claims.
REQUEST HANDLING DEADLINES AND PROCEDURES
The Data Controller must respond to any of the above requests within one month. In complex cases or high volumes, this deadline may be extended by two months, with notification within the first month.
ENFORCEMENT OPTIONS
Requests may be submitted via email or post. The Data Controller may verify identity before fulfilling requests. If identification is not possible, the request may be rejected. Legal remedies include submitting complaints to NAIH (Hungary) or pursuing claims in court.
BACKUP POLICY
As part of its IT security responsibilities, the Data Controller ensures, in particular, that measures are in place to enable the restoration of data files, including regular backups and the separate, secure management of copies (backup).
OTHER PROVISIONS
The Data Controller reserves the right to unilaterally amend this Privacy Notice. Changes take effect as stated.
Effective date of this Privacy Notice: 1 March 2026
Data protection notice on recruitment related data processing by
Kibit Solutions Limited Liability Company
(hereinafter referred to as: Kibit Solutions Ltd.)
provides the following information to data subjects regarding the processing of personal data during its recruitment related activities.
Name and activity of the Data Controller
Name of the Data Controller: Kibit Solutions Ltd.
Company registration number: Cg.01-09-342197
Registered seat: 1036 Budapest, Bécsi út 52. 1/2.
Email: info@kibitsolutions.com
The Data Controller participates in the execution of domestic and international IT-related projects through its employees or subcontractor.
RECRUITMENT PROCESS
Purpose of processing
recruitment of new employees, keeping contact with them during selection process
Categories of personal data
name, contact details (phone number, email address), CV, photo, certificates, result of professional test, excellence summary, interview, salary expectation, date of consent
Legal ground
the applicant’s consent (GDPR art. 6. point (1) a))
Duration of processing
15 days after the end of the 5th year following the date of the consent – if no withdrawal occurred before
Data transfer
In case of project planned with Client, Data Controller transfers the applicant’s CV, name, email address photo, result of the professional test to its Client.
Storage of personal data
Data Controller stores the applicants data in its own systems or its own Google Drive storage capacity.
CREATE AND MANAGE HR DATABASE
Purpose of processing
The Data Controller regularly participates in the execution of domestic and international IT-related projects where it might need the involvement of new employees.
Categories of personal data
name, contact details (phone number, email address), CV, photo, certificates, result of professional test, excellence summary, interview, salary expectation, date of consent
Legal ground
the applicant’s consent (GDPR art. 6. point (1) a))
Duration of processing
15 days after the end of the 5th year following the date of the consent – if no withdrawel occured before
Data transfer
In case of relevant Client project, personal data stored in the database will be transferred to Client after informing the candidate.
Storage of personal data
Data Controller stores the applicants data in its own systems or its own Google Drive storage capacity.
DATA TRANSFERS TO THIRD COUNTRIES
In certain cases, the personal data provided by data subjects may be shared with clients classified as third-country entities under applicable law. The Data Controller relies on adequacy decisions issued by the European Commission to determine whether a third country provides an adequate level of data protection for the above data transfers. In other cases, standard contractual clauses approved by the European Commission or other applicable legal exemptions (Privacy Framework to US companies) are used to govern such transfers.
RIGHTS OF THE DATA SUBJECT
Data subjects may request information regarding the processing of their personal data, request the correction or deletion of their data via recruitment@kibitsolutions.com, request restriction of processing, and have the right to data portability and to seek legal remedy. In Hungary, complaints can be submitted to the National Authority for Data Protection and Freedom of Information (NAIH), or the data subject may turn to a court of law.
RIGHT TO INFORMATION AND ACCESS
The data subject has the right to know what personal data the Data Controller stores and how it is processed. Requests must be submitted in writing (email or post). The Data Controller will respond in a commonly used electronic format unless otherwise requested in writing.
The first copy of the personal data will be provided free of charge. Additional copies may incur a fee based on administrative costs.
RIGHT TO RECTIFICATION
Upon written request, the Data Controller will correct any inaccurate personal data or supplement incomplete data without undue delay. All recipients of the data will be informed of the rectification unless this proves impossible or requires disproportionate effort.
RIGHT TO RESTRICTION OF PROCESSING
The data subject may request restriction of processing if:
they contest the accuracy of the personal data (restriction applies while accuracy is verified);
the processing is unlawful, but deletion is opposed, and restriction is requested instead;
the controller no longer needs the data for processing, but the data subject requires it for legal claims;
the data subject objects to processing pending verification of overriding legitimate interest by the controller.
RIGHT TO ERASURE (‘RIGHT TO BE FORGOTTEN’)
Upon request, the Data Controller will delete the data subject’s personal data without undue delay if:
the data is no longer needed for the original purpose;
the data subject withdraws consent and there is no other legal basis;
the data subject objects to processing and there are no overriding legitimate grounds;
the data was processed for direct marketing (including profiling);
the data was processed unlawfully;
the data relates to a child under information society services.
RIGHT TO DATA PORTABILITY
The data subject may receive and reuse their personal data (provided by them to the controller) across different services. This applies only to data the data subject submitted directly and not derived or inferred data.
RIGHT TO OBJECT
The data subject may object in writing to processing based on:
public interest (Article 6(1)(e) GDPR), or
legitimate interests (Article 6(1)(f) GDPR).
Processing must cease unless the Data Controller can demonstrate compelling legitimate grounds overriding the data subject’s interests or necessary for legal claims.
REQUEST HANDLING DEADLINES AND PROCEDURES
The Data Controller must respond to any of the above requests within one month. In complex cases or high volumes, this deadline may be extended by two months, with notification within the first month.
ENFORCEMENT OPTIONS
Requests may be submitted via email or post. The Data Controller may verify identity before fulfilling requests. If identification is not possible, the request may be rejected. Legal remedies include submitting complaints to NAIH (Hungary) or pursuing claims in court.
BACKUP POLICY
As part of its IT security responsibilities, the Data Controller ensures, in particular, that measures are in place to enable the restoration of data files, including regular backups and the separate, secure management of copies (backup).
OTHER PROVISIONS
The Data Controller reserves the right to unilaterally amend this Privacy Notice. Changes take effect as stated.
Effective date of this Privacy Notice: 1 March 2026
Get in touch to learn more
Kibit
We build great software together
Bécsi út 52, 1036 Budapest, Hungary
EU VAT number HU24758611
EUID: HUOCCSZ.01-09-342197
© 2025 Kibit Solutions Kft
//
Website by
Get in touch to learn more
Kibit
We build great software together
Bécsi út 52, 1036 Budapest, Hungary
EU VAT number HU24758611
EUID: HUOCCSZ.01-09-342197
© 2025 Kibit Solutions Kft
Website by
Get in touch to learn more
Kibit
We build great software together
Bécsi út 52, 1036 Budapest, Hungary
EU VAT number HU24758611
EUID: HUOCCSZ.01-09-342197
© 2025 Kibit Solutions Kft
//
Website by