Data Controller: Shapr3D Zrt. (registered office: 1054 Budapest, Akadémia utca 6., 01-10-048757).
Data Subject: shall mean the applicant who submits an application to the Data Controller.
Personal Data: means any information relating to the Data Subject.
1.1. The purpose of this Privacy Policy is to provide clear and practical information to the Data Subject about how the personal data are processed during the recruitment process. The Data Controller processes personal data in order to assess the suitability for open job positions, manage recruitment activities and maintain transparent hiring procedure.
1.2. This Privacy Policy and information related to the Data Controller’s data processing are always available on Data Controller’s website.
1.3. The Data Controller may amend this Privacy Policy if necessary and, in such cases, will inform the Data Subject of any relevant changes in an appropriate manner.
1.4. Should the Data Subject have any question regarding the Privacy Policy or the Data Controller’s data processing including the exercise of the data subject rights described herein, please contact us at interview@shapr3d.com.
2.1. Scope of processed persona data: The Data Controller limits the processing of personal data to what is absolutely necessary. However, certain data processing is necessary to evaluate applications and maintain contact with applicants. The Data Controller processes the personal data provided by the Data Subject in connection with the advertised position in order to assess the candidate’s suitability and to communicate regarding the application. In case Data Subject’s profile settings enable LinkedIn to share the profile with third parties, Data Controller may store profiles it deems relevant for future job positions. The Data Controller processes the following personal data:
In all cases, the Data Controller processes only those personal data that are relevant and necessary for the specific job position.
2.2. Legal basis and duration of processing: By submitting an application, the Data Subject gives explicit consent to the Data Controller to process their personal data for the purpose of evaluating the application and conducting the recruitment process. The Data Controller processes the personal data until the recruitment process is concluded. Once the recruitment process is concluded, the further processing of personal data depends on whether the application was successful or unsuccessful:
2.3. Provision of personal data: It is necessary for the Data Controller to be able to contact the applicants and to assess if their application is suitable for the role. Data Controller only collects personal data if the Data Subject clicks “submit” on the application. In some cases, an application may be made by a third party on your behalf for a role. This may be through an agency, a referral, or via contact with one of our recruiters. In this case the third-party providing information is responsible for ensuring that the data transfer takes place with prior informed, explicit consent of the Data Subject. The Data Controller processes personal data received from third parties only where such consent has been obtained in advance and only to the extent necessary for the recruitment purpose.
2.4. Source of personal data: Personal data are primarily provided directly by the Data Subject and, in some cases, may be obtained from third parties (see point 2.). In addition, the Data Controller may create or receive derived or inferred personal data relating to the applicant’s professional background or suitability for the position, to the extent necessary for assessing the candidate’s fit for the role (for example, through interview notes or internal evaluations). The Data Subject has the right to request a copy of any record or note containing such inferred personal data.
2.5. Shapr3D may use artificial intelligence (AI) and machine learning (ML) technologies, including natural language processing and predictive analytics, to assist in the initial screening of employment applications. These AI/ML tools assess applications against the characteristics and qualifications relevant to the job requisition to identify how well your profile matches the requirements of the position. These tools are designed to help identify potentially qualified candidates, but they do not make automated hiring decisions or profiling. The AI/ML-generated assessments are one of several factors considered in the hiring process. Our human recruiters thoroughly evaluate your skills and qualifications to determine your suitability for the role.
3.1. In the case of an unsuccessful application, the Data Controller might decide to process the personal data further if necessary for the purpose of defending against potential legal claims, as evidence against discrimination.
3.2. Legal basis and duration of data processing: In such cases, the Data Controller processes the personal data based on its legitimate interest pursuant to Article 6(1)(f) of the GDPR and retains the data for a period of three (3) years, or as long as required for the enforcement or defense of such claims. The Data Controller has conducted a legitimate interest assessment, which concluded that its interest in retaining the data for this limited purpose outweighs the Data Subject’s interest in deletion. Upon request, the Data Controller will make the summary of this assessment available to the Data Subject.
3.3. Other data processing circumstances: As the personal data originate from the recruitment process, all other data-processing conditions remain the same as set out in Section 2. The Data Controller, however, strives to delete any recruitment-related personal data that are not relevant to the defense of the legal claim in question.
4.1. The Data Controller uses a recruitment management system (Applicant Tracking System) operated by its data processor, Ashby, Inc., to support the administration of recruitment processes. Through this system, the Data Controller manages candidate applications, interview scheduling, evaluations, and related communication in a secure and centralized manner.
4.2. Ashby, Inc. acts as a data processor and processes personal data only on behalf of and under the instructions of the Data Controller, in line with applicable data protection laws and contractual safeguards.
4.3. Ashby, Inc. is a U.S.-based company that is self-certified under the EU–U.S. Data Privacy Framework, and therefore, the transfer of personal data to the United States ensures an adequate level of protection in accordance with Article 45 of the GDPR.
5.1. If the Data Subject provides personal data from third parties, Data Subject must have the required consent or other legal basis to share the personal data with the Data Controller and informs Data Controller of any change or update relating to them. All Data Subjects should refrain from providing third parties’ data.
6.1. The Data Subject has a right to:
6.2. The Data Controller provides information on action taken on the Data Subject’s request sent to the contract address specified in Section 1.7. without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, considering the complexity and number of the requests. The Data Controller informs the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay.
Where the Data Subject makes the request by electronic means, the information will be provided by electronic means where possible, unless otherwise requested by the Data Subject. If the Data Controller does not act on the Data Subject’s request, the Data Controller will inform the Data Subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
6.3. Data Subject’s right to remedy:
