With the present Recruitment Privacy Policy (hereinafter: “Policy”), IncepLabs Ventures Kft. (hereinafter: “Company” or “IncepLabs” or “We”) intends to ensure that it gathers, stores and handles data fairly, lawfully, transparently and with respect towards individual rights. This Policy applies to the recruitment procedure of IncepLabs and its affiliates. This Policy gathers the Company’s guidelines and principles for collecting, storing, using, processing and disclosing personal data regarding your job application procedure(s).
In this Policy, Data Subject or “you” means a person who applies to or has previously applied to a position at IncepLabs Ventures Kft. or any affiliate.
The processing and collection of personal data by the Company is in harmony with the directly applicable laws of the European Union and the provisions of Hungarian laws in effect. In case of personal data processing, the Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: “GDPR”; for relevant definitions please see Appendix No. 1), the Act CXII of 2011 on the Right to Informational Self-determination and Freedom of Information (hereinafter: “Freedom of Information Act”), furthermore the recommendations and the data protection practice of the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter: “NAIH”) and the recommendations of the Article 29 Data Protection Working Party (hereinafter: “WP29”) shall apply.
During the recruitment process we process your personal data provided by you during the application procedure, especially in your curriculum vitae and cover letter. During the tests and interviews we may obtain further information about you that can potentially constitute personal data. The Company will keep the received personal data confidential and takes all necessary steps to secure data processing. As IncepLabs determines the purposes and means of the processing of any personal data collected or received from you, the Company is a data controller of any personal data described in this Policy. You are the data subject related to the personal data that the Company receives during the application procedure.
Company name of the data controller: IncepLabs Ventures Kft.
Registered seat: 1048 Budapest, Gémes József utca 30., Hungary
Company registry ID: 01-09-444149
Email address: legal@inceplabs.ai
| Categories of personal data | Purpose of data processing | Legal basis of data processing | Storage period | |
|---|---|---|---|---|
| a) | Professional CV, letter of motivation. | Assessing the proficiency, qualification, professional experience necessary to fulfil the position in question and evaluating the motivation of the applicant. | We process your personal data based on our legitimate interest in filling job openings, selecting the most suitable candidate, conducting the recruitment procedure appropriately, communicating with candidates related to the process, complying with laws and legal obligations, protecting our interests in case of litigation or other legal proceedings, avoiding multiple applications from the same individual, and handling situations where recruitment service providers or agencies submit an applicant with whom we have already been in contact. | We process your personal data for a 1-year period starting on the day we receive your application. When we have no legal basis to process your personal data or the previous basis ceases to apply, your personal information will either be deleted or anonymized. |
| b) | Personal and contact data of the applicant provided during the application process. | Identification, keeping contact. | ||
| c) | Data concerning proficiency, qualification and professional experience. | Certifying the qualification necessary to fulfil the position in question. | ||
| d) | Data generated by the Company about the applicant during the interviews and tests concerning the evaluation of the candidates. | Evaluation of the suitability of the applicant in the selection procedure. | ||
| e) | Personal data generated during tests and other tasks testing skills necessary to fulfil the position before admission. | Determining suitability for the position. |
No automated individual decision-making or profiling is performed in the course of the data processing of the Company concerning the applicants.
The visibility of personal data is restricted and will be accessible only by the relevant people at IncepLabs who are taking care of your application. Except as expressly described below, we neither rent nor sell your information to third parties or non-affiliated companies. We may share your information only when we have your permission.
The Company may request data processing service for processing the personal data. During the service of data processing, the data processor shall abide under the present Policy, relevant legislations in force, furthermore the provisions of the existing contracts of the Company.
In order to fulfil its purposes as a data controller, IncepLabs cooperates with the data processors listed below. IncepLabs reserves the right to change the data processors at any time.
Company name: Google LLC
Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States
Website: https://about.google/
Privacy: https://policies.google.com/privacy
Data processing activity: IncepLabs uses Google Workspace (Gmail and Google Drive) to receive, store and organise applications, CVs, cover letters and other recruitment-related correspondence and documents. Google LLC processes the personal data listed in Section 2 in its capacity as a data processor.
Data received by Google LLC may be stored and processed in a third country (especially in the USA). Google LLC has committed to complying with the EU-U.S. Data Privacy Framework. In addition, IncepLabs and Google LLC rely on Standard Contractual Clauses in accordance with the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 as appropriate safeguards under the GDPR. For more information, see: Google Cloud Data Processing Addendum.
If the applicant does not directly apply for a position at the Company (that is, for example through a recruitment agency or through a temporary employment agency or a student labour association) then the Company may collect certain data from these sources as well, and will handle these data in line with this Policy.
IncepLabs observes all applicable regulations regarding the security of personal data, therefore both IncepLabs and its authorized data processors implement appropriate technical and organizational measures to protect personal data, and establish adequate procedural rules to enforce the provisions of the GDPR and all relevant local laws concerning confidentiality and the security of data processing.
You have the right to obtain confirmation whether or not we are processing personal data relating to you, have communicated to you such data so that you could verify its accuracy and the lawfulness of the processing and have the data corrected, amended or deleted where it is inaccurate or processed in violation of the GDPR.
In certain circumstances, you may have a broader right to erasure of personal information that We hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that We may need to retain certain information to comply with our legal obligations.
You may have the right to request IncepLabs to stop processing your personal data.
You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).
In certain circumstances, you may have the right to be provided with your personal information in a structured, machine-readable and commonly used format and to request that We transfer the personal information to another data controller without hindrance.
6.1. Any personal information which you provide for IncepLabs must be true, complete, and accurate in all respects. You agree to notify us of any change in your personal information via IncepLabs’s email address specified in Section 1 without delay.
6.2. The Data Subject may exercise the following rights in relation to IncepLabs’s data processing activities:
6.3. Right to get information and to have access to personal data being processed:
The Data Subject has the right to obtain confirmation from IncepLabs as to whether or not personal data concerning him or her are being processed, and, if that is the case, to have access to the personal data and the following information:
If personal data are transferred to a third country or to an international organization, the Data Subject shall be informed of the appropriate safeguards relating to the data transfer.
IncepLabs provides the Data Subject with a copy of his or her processed personal data. For any further copies requested by the Data Subject, IncepLabs may charge a reasonable fee based on administrative costs. If the Data Subject submits the request by electronic means, the information shall be provided in a commonly used electronic form, unless otherwise requested by the Data Subject.
The right to obtain a copy referred to in the previous paragraph shall not adversely affect the rights and freedoms of others.
The rights mentioned above can be exercised through the IncepLabs contact details indicated in Section 1.
6.4. Right to data portability:
The Data Subject has the right to receive personal data concerning him or her, which he or she has provided to IncepLabs, in a structured, commonly used and machine-readable format and has the right to transmit those data to another data controller without hindrance from IncepLabs, if the data processing is based on consent or on a contract and the processing is carried out by automated means.
When exercising the right to data portability defined above, the Data Subject shall have the right to have the personal data transmitted directly from one controller to another, if it is technically feasible.
Exercising the right to data portability is without prejudice to the right to erasure (“right to be forgotten”).
The right to data portability shall not adversely affect the rights and freedoms of others.
6.5. Right to rectification:
Upon the request of the Data Subject, IncepLabs will rectify any inaccurate personal data related to the Data Subject without undue delay. Considering the purposes of the data processing, the Data Subject has the right to have his or her incomplete personal data completed, including by providing a supplementary statement.
6.6. Right to erasure (“Right to be forgotten”):
The Data Subject has the right to request the erasure of personal data concerning him or her and IncepLabs shall comply with this request without undue delay if any of the following reasons exists:
Erasure of data cannot be initiated if data processing is necessary:
6.7. Right to restrict data processing:
The Data Subject has the right to request the restriction of data processing concerning him or her from IncepLabs, and IncepLabs shall comply with this request without undue delay if any of the following reasons exists:
If processing has been restricted according to the above, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A Data Subject who has obtained restriction of data processing according to the above shall be informed by IncepLabs before the restriction of data processing is lifted.
6.8. Right to object:
The Data Subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her, if the legal ground of data processing is to perform a task carried out in the public interest or in the exercise of official authority vested in a data controller, or the data processing is necessary for the purposes of the legitimate interests pursued by a data controller or by a third party, including profiling based on these provisions. IncepLabs shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the data processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
6.9. Procedure in the event of a request submitted by the Data Subject:
IncepLabs provides information to the Data Subject on any action taken upon the Data Subject’s request related to the rights defined in this Policy without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary, considering the complexity and number of the requests. IncepLabs informs the Data Subject of any such extension within one month of receipt of the request, with the reasons for the delay. If the Data Subject makes the request by electronic means, IncepLabs will provide the information by electronic means where possible, unless otherwise requested by the Data Subject.
If IncepLabs does not act on the Data Subject’s request, IncepLabs informs the Data Subject without delay and at the latest within one month of receipt of the request of the reasons for not acting and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Any and all information and communication requested by the Data Subject are provided by IncepLabs free of charge, unless requests from the Data Subject are manifestly unfounded or excessive, in particular because of their repetitive character. In this case, IncepLabs may either charge a reasonable fee considering the administrative costs of complying with the request or refuse to act on the request.
IncepLabs shall communicate any rectification or erasure of personal data or restriction of data processing carried out by IncepLabs to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. IncepLabs shall inform the Data Subject about those recipients if the Data Subject requests it.
6.10. You may lodge a complaint about the processing of your personal data to the National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; address: H-1055 Budapest, Falk Miksa utca 9-11; postal address: 1363 Budapest, Pf.: 9.; phone: +36-1-391-1400; facsimile: +36-1-391-1410; email: ugyfelszolgalat@naih.hu) or to the data protection authority of your home country or country of your residency.
6.11. Independently from lodging a complaint to NAIH, you may turn to court pursuant to the provisions set forth in the Privacy Act if your rights are infringed. Upon your decision, the procedure may be launched before the tribunal in whose jurisdiction you are domiciled or you have a temporary address. Prior to initiating a legal procedure, it may be useful to discuss the complaint with IncepLabs.
6.12. Your detailed rights and remedies are set out in subsections 14–18 and 21–23 of the Privacy Act and in Articles 15–21 of the GDPR.
We value your opinion. If you have any comments, questions, or wish to obtain more information on data processing at IncepLabs, please send an email to legal@inceplabs.ai or mail to the registered seat specified in Section 1. We will handle the submitted information confidentially. Our representative will contact you within a reasonable time.
1 Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards protecting the rights and freedoms of the data subject. These safeguards shall ensure that technical and organizational measures are in place in particular in order to ensure respect for the principle of data minimisation. These measures may include pseudonymisation provided that these purposes can be fulfilled in that manner. If these purposes can be fulfilled by further data processing which does not permit or no longer permits the identification of data subjects, these purposes shall be fulfilled in that manner.
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
This Policy is effective as of 16 March 2026.