HU

Internal Whistleblowing System Procedure

Information on the Company’s Whistleblowing System

Excerpt from the whistleblowing system procedure

1. Company Details

Name HSA GROUP ZRT.
Registered Office 1051 Budapest, Széchenyi István tér 7-8.
Company Registration Number 01-10-142262
Tax Number 32223877-2-41
E-mail Address bejelentovedelem@hsagroup.hu

2. Operation of the Whistleblowing System

As a result of Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law, Act XXV of 2023 on complaints, public interest disclosures, and rules related to the reporting of abuses was implemented in Hungarian law and has been effective since 24 July 2023. In compliance with our obligations under this Act, the Company operates a whistleblowing system.

The primary aim of the whistleblowing system is to increase the transparency of the Company’s operations and the accountability of our organization by ensuring the protection of persons who detect and report actual or suspected breaches from retaliation, in addition to investigating the report.

We hereby draw your attention to the fact that the following persons are entitled to use the whistleblowing system operated by our Company:

    • all employees of the Company,
    • former employees,
    • persons in other employment relationships with the Company – including interns and volunteers,
    • persons who were previously in such a relationship with the Company,
    • persons seeking to establish an employment or other work-related relationship with the Company, for whom the procedure for establishing such a relationship has commenced – including job applicants,
    • sole proprietors in a contractual relationship with the Company,
    • sole traders,
    • entrepreneurs, subcontractors, suppliers, or persons under the supervision and direction of an agent, who have commenced proceedings to establish, are in, or have been in a contractual relationship with the Company

who become aware of any unlawful or allegedly unlawful act or omission in connection with the Company’s activities.

3. Procedure of the Whistleblowing System

The basic provisions relating to the Company’s whistleblowing system and the procedural rules ensuring the effective investigation of reports through internal whistleblowing channels are set out in the ‘Internal Whistleblowing System Procedure’ regulation, effective from 1 January 2024.

For the Company, the internal whistleblowing system is operated by the whistleblower protection officer or the designated whistleblower protection lawyer (hereinafter: operator of the internal whistleblowing system).

The whistleblower protection officer/lawyer assists in receiving, assessing, and effectively investigating reports of breaches or ethically questionable conduct, in preparing an investigation plan and summary report if necessary, and in taking any measures required based on the content of the report. The reception and investigation of reports as mandatory tasks related to the internal whistleblowing system are carried out by the Company’s whistleblower protection officer/lawyer.

The name and contact details of the Company’s whistleblower protection officer:

Name: Dr. Miklós Péter E-mail: bejelentovedelem@hsagroup.hu Telephone number: ?

4. Method of Making Reports

The whistleblower may make a report in writing or verbally. Verbal reports may be made by telephone or other voice messaging system, or in person, using the contact details of the operator of the internal whistleblowing system indicated in point 2 of this Information.

If a recorded telephone line or other recorded voice messaging system requiring the whistleblower’s consent is used within the internal whistleblowing system, the operator of the internal whistleblowing system shall, after providing information in accordance with the rules on the protection of personal data, record the verbal report in a durable and retrievable form or put it in writing and – ensuring the possibility of verification, correction, and acceptance by signature – provide a copy to the whistleblower.

If no recording systems are used within the internal whistleblowing system, the operator of the internal whistleblowing system shall put the verbal report in writing and – ensuring the possibility of verification, correction, and acceptance by signature – provide a copy to the whistleblower. When putting the verbal report in writing, the operator of the internal whistleblowing system must prepare a complete and accurate record.

If the whistleblower makes the report in person, the operator of the internal whistleblowing system shall, after providing information in accordance with the rules on the protection of personal data, record the verbal report in a durable and retrievable form or put it in writing and – ensuring the possibility of verification, correction, and acceptance by signature – provide a copy to the whistleblower.

5. Data Processing Related to Reports

Within the framework of the internal whistleblowing system, the personal data of the whistleblower, the person whose conduct or omission gave rise to the report, and any person who may have substantive information regarding the report, may only be processed to the extent strictly necessary for investigating the report and remedying or eliminating the conduct subject to the report, and may be forwarded to the whistleblower protection lawyer involved in the investigation or to an external organization.

The internal whistleblowing system must be designed so that, apart from those authorized, no one else can access the personal data of the whistleblower whose identity is revealed, or of the person concerned in the report. Persons investigating the report may share information on the content of the report and the person concerned in the report – in addition to informing the person concerned – with other organizational units or employees of the employer only to the extent strictly necessary for conducting the investigation.

If the report concerns a natural person, the whistleblower’s personal data may not be disclosed to the person requesting information in the exercise of their right to information and access under the rules on the protection of personal data applicable to that natural person.

Budapest, 1 January 2024. HSA Group Zrt.

DATA PROCESSING NOTICE

on the processing of personal data of persons using the whistleblowing system

1. Data Controller’s Details:

Name HSA GROUP ZRT.
Registered Office 1051 Budapest, Széchenyi István tér 7-8.
Company Registration Number 01-10-142262
Tax Number 32223877-2-41
E-mail Address bejelentovedelem@hsagroup.hu

2. Purpose, Scope, Legal Basis, and Duration of Data Processing

Purpose of data processing The purpose of data processing is to receive, handle, and take action on reports submitted through the internal whistleblowing system in order to fulfill the legal obligations of the Data Controller under Act XXV of 2023 on complaints, public interest disclosures, and rules related to the reporting of abuses.
Scope of processed data Within the framework of the internal whistleblowing system, the personal data strictly necessary for investigating the report of the whistleblower, the person whose conduct or omission gave rise to the report, and any person who may have substantive information regarding the report, which are primarily provided by the whistleblower to the Data Controller.
Legal basis of data processing Compliance with a legal obligation (Article 6(1)(c) of the GDPR, Section 26 of Act XXV of 2023 on complaints, public interest disclosures, and rules related to the reporting of abuses).
Duration of data processing Until the report is resolved or actions required as a result of the report are taken, or, in other cases, until the expiration of legal claims, but no longer than 5 years from the date of the report.

3. Use of Data Processor

No data processor is used in connection with the operation of the whistleblowing system.

4. Data Transfer

The Data Controller transfers personal data to the following recipients:
  • The service provider commissioned to operate the Company’s internal whistleblowing system
Name: Dr. Miklós Péter Contact: bejelentovedelem@hsagroup.hu Telephone number: ? The Data Controller does not transfer personal data to a data controller established in a third country.

5. Persons Authorized to Access the Data

At the Data Controller, only the operator of the internal whistleblowing system processes the data exclusively for the purpose of fulfilling their related tasks.

6. Basic Data Security Measures

The Data Controller handles personal data with the utmost care, strictly confidentially, only to the necessary extent, and, in the case of consent, in accordance with any possible instructions of the consenting person. The Data Controller strives with particular diligence to ensure the secure handling of personal data, and has therefore taken the necessary technical and organizational measures and established the procedural rules required to enforce data processing and data protection laws. The Data Controller regularly reviews and, if necessary, amends these measures and rules.

7. Your Rights and Rules on Exercising Rights

Right to request information You may request information about the personal data processed by the Data Controller. In this case, the Data Controller will inform you about which personal data it processes, for what purpose, the duration of the data processing, as well as the rights you are entitled to in connection with data processing and the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information.Please note that if the report concerns a natural person, the personal data of the whistleblower may not be disclosed to the person requesting information in the exercise of their right to information and access under the data protection rules applicable to that natural person.
Right to obtain a copy You may request a copy of the personal data processed by the Data Controller. In this case, the Data Controller will send a copy of your personal data to the contact address you have specified (email address, postal address).
Right to rectification Upon your request, the contacted Data Controller will modify or rectify your personal data, or will store the new personal data you have provided from then on.
Withdrawal of consent If the data processing was based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to erasure You may request the deletion of your personal data by sending a letter to the Data Controller’s contact address. The Data Controller may only refuse your request in cases defined by the GDPR.
Right to be forgotten If the Data Controller has made your personal data public and is required to delete it, the Data Controller will take all reasonable steps to inform other data controllers to whom your personal data has been disclosed that you have requested the deletion of your personal data from the Data Controller.
Right to restriction You may request the restriction of your personal data if
  • the data processing is unlawful and you oppose the deletion of the personal data and instead request the restriction of their use;
  • the Data Controller no longer needs the personal data, but you request the restriction of the data for the establishment, exercise, or defense of legal claims.
In the case of the right to restriction, you must specify the reason for the restriction. The Data Controller will fulfill your request for restriction by storing the personal data separately from all other personal data. For example, in the case of electronic data files, they are saved to an external data carrier, and paper-based documents are stored in a separate folder.
Right to data portability You have the right to receive your personal data in a widely used format (in particular, as a .pdf or .doc file) and to transfer it to another data controller. You may request that the Data Controller transfer your personal data directly to another data controller.
The Data Controller will fulfill your request within one month, which may be extended by up to two months. If the request is refused, the Data Controller will inform you of the reasons for the refusal within one month of receiving the request, and will also inform you that you may lodge a complaint with the Authority and seek judicial remedy. If the Data Controller has reasonable doubts about the identity of the person submitting the request, it may request the provision of information necessary to confirm the identity of the data subject. This is particularly the case if the data subject exercises the right to obtain a copy, in which case it is justified for the Data Controller to verify that the request comes from the authorized person.

8. Your Legal Remedies

To exercise your rights related to data processing, you may contact the Data Controller’s data protection officer at the contact details provided above. You may submit your request or complaint in writing, electronically, or in person—recorded in minutes—to the data protection officer. The data protection officer will assess and examine your request or complaint within 30 days based on its content. For the purpose of enforcing your rights or to examine the lawfulness of the Data Controller’s actions, or if you believe that the Data Controller’s data processing does not comply with legal requirements, you may initiate an official procedure with the National Authority for Data Protection and Freedom of Information (Postal address: 1363 Budapest, Pf.: 9., e-mail: ugyfelszolgalat@naih.hu). You may also turn directly to the court if you believe that the Data Controller has violated the law in the course of data processing or has caused you damage by its unlawful conduct.
Dated: Budapest, 1 January 2024 HSA Group Zrt.

HSA Group is the leading labor service provider in Eastern Hungary, offering comprehensive solutions for the staffing needs of small and medium-sized businesses as well as multinational companies. Our corporate group members specialize in all aspects of student employment, regular employment, pensioner employment, and simplified employment, as well as in recruiting and selecting highly qualified professionals.

Privacy Notice  |  Cookies  |  Impressum  |  Whistleblower protection

©

2025

HSA Group Zrt. All rights reserved.

Facebook-f Instagram Linkedin-in Threads Youtube

DES&DEV: