OBLIGATION

ISG pledges to respect the personal rights and privacy of individuals in accordance with the terms of the DSGVO and the Austrian data privacy act (DSG) in the version of the Datenschutz-Anpassungsgesetzes 2018 effective from May 25th 2018 and declares the handling of individual-related data with an entrepreneurial objective. ISG hereby guarantees the safety of the data processing pursuant to Article 32 DSGVO.

Individual-related data:

All information, directly or indirectly in reference to an individual (i.e. name, address, birthdate, genetic data, health data, etc.).

As a recruitment consultancy firm ISG is handling individual-related data and is processing this data as well. Therefore we have drafted the most important regulations and proceedings in this directive on the correct processing of this data:

Processing:

Any association with personal data, such as ascertainment, retention, storage, alteration, assessment, use, transmission, alliance, as well as locking, erasure or elimination.

AREA OF APPLICATION

This data privacy directive applies to all employees, managing partners and their staff and trainees of ISG.

Third part processing of Data (clients)

Third-party processing of individual-related data that is conducted on behalf of ISG must also be guaranteed. That is, the third-party abides by the objectives of this data privacy directive.

For this purpose the clients have to sign an order data processing agreement and the DS-GVO declaration of ISG.

PRINCIPLES

Individual-related data is only to be processed lawfully. In doing so the following basic principles are to be considered in particular:

1. Prerequisite to Lawfulness

The processing of individual-related data is not to be carried out, if the affected individual has not given their oral or written assent pursuant to Article 6 and Article 7 DSGVO.

This occurs during the application procedure:

a) With job advertisements via the career portal:

By agreeing at the data acquisition in our database (actively agreeing through clicking the “accepted” button of the data privacy agreement and reference to third party data circulation)

b) With job advertisements via email:

The compliance of candidates is requested per email (previous to admittance to the application procedure) - (actively agreeing through clicking the “accepted” button of the data privacy agreement and reference to third party data circulation)

c) With mailbox service job advertisements through

1. Agreement with the client via the order data processing agreement and data privacy statement and

2. Through actively requesting the compliance of applicants to forwarding their data to third parties.

d) Through headhunting activities by verbal and written compliance of the data acquisition and storage in our data base and accordingly the application procedure.

e) From social media platforms (XING, LinkedIn, external databases, personal networks) through verbal or written compliance of the data acquisition and storage in our database and accordingly, the application procedure.

f) From clients through written compliance of the candidates of data transmission to ISG.

g) Via outplacement through written compliance to data acquisition and storage in our data base.

h) Shortlist only in anonymized or through acronymized form

2. Principles for Processing

a) Individual-related data are only allowed to be processed within the bounds of the respective purpose according to Article 5 DSGVO, for which these data are collected, and within our Server (inside of the remote desktop). The Processing of Data outside of the remote desktop is strictly forbidden, since otherwise the technical precautionary measures for the protection of individual-related data can not be guaranteed. Candidates' information (CV, cover letter, credentials) are only to be stored within KIS. All ISG employees, partners and other collaborators are compelled to deposit any information in KIS. Any storage outside has to be communicated separately to the in-house data privacy team (Datenschutz@isg.com).

b) Individual-related data are to be kept factually correct and up-to-date. Pursuant to Article 17 they are to be deleted, corrected or completed, in case they do not apply any more or are incomplete or rather at all times when demanded by the respective individual either verbally or written. Please forward any requests for deletion exclusively to Datenschutz@isg.com.

c) CVs are only to be kept in the analog form (print-out) throughout the interview, subsequently they have to be eliminated instantly and according to regulations.

d) Individual-related data has to be processed with special care in public space.

Sensitive data

Sensitive data pursuant to Article 9 DSGVO, from which racial and ethnic origin, political affiliation, religious or philosophical views or the membership to a labor organization emanate, as well as data concerning physical and mental health and data about sexual life are to be classified as particularly sensitive.

Sensitive data are only to be stored unaltered and in revision-proof manner. That is sensitive data is not to be recorded manually in our data system, but only in the unaltered form that the application documents have been sent to us.

RIGHTS OF THE AFFECTED

Individuals, of whom individual-related data is being processed for, have to be provided with information about it upon request at any time. This right to information encompasses in particular the purpose of data processing, the category of data as well as the recipients of this data. Taking into account the principle of proportionality, the affected has the right of rectification, inhibition and deletion of their individual-related data. Restriction of above-mentioned rights are only permissible, if legally intended.

EXECUTION

Every single ISG employee and managing partner is responsible for the execution and adherence to this data privacy directive. By transmission of the DSGVO agreement and these guidelines every member of the ISG has read the legally binding internal data protection regulations of the ISG pursuant to Article 47 DSGVO and is assigned the enforceable rights related to the data processing of applicants.

The processing of individual-related data on a contractual basis by a third party (client) is to be arranged in form of a written order data processing agreement and DSGVO statement.

The responsible employee of ISG has to convince themselves of the orderly implementation and compliance of the principles in this data privacy directive by the instructed third party.

ENACTMENT

This data protection directive has been decided by the general management on 1st April 2018 and has been put into effect on the same day.

Henceforth, every member of the ISG is duly bound to the application of the general data protection principles according to the DSGVO (EU) 2016/679, in particular appropriation, data minimization, temporary storage period, data quality, data protection through technical development and through data protection friendly presets, legislative basis for the processing, processing of specific categories of individual-related data, safekeeping measures for data security and requirements for onward transfer to locations not bound to these internal data protection prescriptions.

Google Analytics

This website uses Google Analytics to help Analyse how users use the site. The tool uses "cookies," which are text files placed on your computer, to collect standard Internet log information and visitor behavior information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors' us of the webiste and to compile statistical reports on website activity for ISG Personalmanagement GmbH.

We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information (PII) of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website.

You may choose to accept or decline cookies. Most Web browsers automatically default to accept them, but you can usually modify your browser setting to decline cookies. If you reject cookies by changing your browser settings then be aware that this may disable some of the functionality on our Website.

User’s Personal Information: Visitors to our website may be able to register to use our services, attend events, make a purchase, join a community or upload/download information. When you register, you will provide personal information such as name, address, email, telephone number or facsimile number and other relevant information. If you are making a purchase, we will request financial information including your credit card number, expiration date, and security code. Any financial information we collect is used only to bill you for your purchase. This information may be forwarded to your credit card provider. We will not disclose personally identifiable information we collect from you to third parties without your permission except to the extent necessary, including: To fulfill your requests, to protect ourselves from liability, to comply with the terms and conditions of our internet host provider.

Google Remarketing

We use Google AdWords Remarketing to advertise ISG Personalmanagement GmbH across the Internet, in particular on the Google Display Network.

AdWords remarketing will display ads to you based on what parts of the ISG Personalmanagement GmbH website you have viewed by placing a cookie on your web browser.