Privacy Policy
Current version: 01-June-2023
This privacy policy explains what personal data we gather, how we use that information, and with whom we share it. It also sets out your rights in relation to your personal data and who you can contact for more information or queries.
To whom does this Privacy Policy apply and what does it cover?
This Privacy Policy statement applies to ISM Technology Recruitment Ltd. and its affiliates and subsidiaries (“ISM”) as well as to job applicants (“Candidates”).
We are committed to protecting your privacy and handling your personal data in an open and transparent manner and in compliance with data protection laws.
This privacy policy sets out how personal data is processed, whether online or via other channels, when:
- Providing services to you or our clients.
- You use “our Website”.
- Performing any other activities that form part of the operation of our business.
When we refer to “our Website” or “this Website” in this policy we mean the specific webpages at https://www.ismtech.net/ and at https://www.techstarthailand.com
This privacy policy also contains information about when we share personal data with third parties.
How do we use your personal data (purpose of processing)?
Candidates acknowledge, agree, and consent to the collection, use, and disclosure by ISM, whether as Data Controller or as Data Processor, of personal data submitted by the Candidate through any Channels, for any of the following reasons.
Use of personal data to support clients
- To define the right skills and profile requirements, and the nature of ISM’s engagement with its clients (permanent or contract employment);
- To identify the most suitable Candidate(s) vis-à-vis the requirements identified;
- To allow ISM’s clients to evaluate profiles with regard to requirements identified.
Use of personal data to support Candidates
- To place people in permanent or contract jobs;
- To build a database of CVs to enable ISM to efficiently match Candidates with client requirements;
- To support Candidates’ long-term relationship with ISM for future job searches and career planning;
- To help verify Candidates’ prior performance on a case-by-case basis (which may involve technical tests provided by client; in such cases consent is handled by client as Data Controller, not by ISM);
- Establishing formal agreements between Candidate and ISM if Candidate is hired as an ISM contract employee.
Use of personal data for the operation of our business
We may also use your personal data for the purposes of, or in connection with:
- Recording and maintaining a history of interactions with clients and with Candidates, related to the processing of a job application;
- Managing and tracking questions, inquiries, requests, and complaints;
- Using the services of third-party processors, including payroll and insurance;
- Compliance with applicable legal or regulatory requirements;
- Responding to requests and communications from competent authorities;
- Financial accounting, invoicing, and payment processing;
- Candidate relationship purposes, which may involve: (i) sending you details of job opportunities relevant to your skills; (ii) sending you periodic newsletters with articles about technology and career planning; (iii) contacting you to receive feedback about our services;
- Protecting our rights and those of our clients.
Use of personal information collected via our Website
In addition to the purposes connected to the operation of our business above, we may also use your personal data collected via our Website:
- To notify Candidates of information during use of the our website;
- To manage and improve our Website;
- To manage and respond to any request submitted through our Website.
What legal grounds do we rely on for processing personal data?
We use your personal data for the purposes outlined above because:
- of our legitimate interests in the effective delivery of our services to you or to our client;
- of the legal obligations that we are subject to, such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or
- the information is required in order to perform the requirements of a contract.
Processing relying on legitimate interest
We process the following personal data under a legitimate interest basis:
- use in maintaining updated information about Candidates’ skills and experience, so that ISM can match Candidates with potential job opportunities;
- use in contacting Candidates to provide them with information about job opportunities;
- use in recruiting, interviewing, and evaluating Candidates’ qualifications;
- use in requesting additional details from Candidates such as work history, compensation, and availability for interviews;
- use in recording Candidates’ consent to collect personal data;
- use in sending data about Candidates to ISM clients, if Candidate has given ISM specific consent, on a case-by-case basis, to do so;
- use in checking the background and references of Candidates, as well as the accuracy of any personal data provided by Candidates to ISM, if Candidate has given ISM specific consent, on a case-by-case basis, to do so.
- To provide information regarding the promotion of ISM’s services and activities as well as the activities of ISM’s clients, affiliates, and business partners.
- To contact Candidates with newsletters, surveys, and other forms of communication containing information about events and other topics relevant to IT, Human Resources, the Digital Economy, and any related topics.
If you do not want to continue receiving any communications from us, you can click on the unsubscribe function in the communication or send an e-mail to dpo@ismtech.net.
Sensitive personal data
ISM does not process any sensitive personal data, unless:
- You have given us your explicit consent to process that data;
- We are required by law to process that data in order to ensure we meet legal obligations imposed on us;
- The processing is necessary to carry out our obligations under regulations of the Revenue Department, social security administration, or labor protection laws;
- The processing is necessary for the establishment, exercise, or defense of legal claims.
Cookies
Cookies may be used on our Websites to determine user preferences, and to analyze the relevance of certain website pages so that we can determine levels of interest and tailor our website and the user experience accordingly. ISM does not use third-party cookies on its website.
To whom do we disclose your information?
ISM may disclose and/or forward personal data, where necessary, to the following third parties in order to complete the full recruitment process:
- ISM’s clients, or client’s related companies, that may have positions suitable for Candidates;
- A background check provider or a third-party service provider participating in ISM’s recruitment process;
- Other third parties to whom Candidate has consented to the disclosure of personal data.
ISM will require the recipient of the personal data thus disclosed to take appropriate measures to protect the Candidate’s information, to process such personal data only as necessary, and to take steps to prevent the unauthorized use or disclosure of personal data.
Personal data may be transmitted to and from ISM in a variety of ways (“Channels”):
- Data that Candidates submit to ISM via any of our Websites;
- Data that Candidates provide directly to ISM staff (e.g. via email, through social media, etc.), either in response to a request or unsolicited by ISM;
- Data that ISM receives from third-party sources (e.g. via job boards) or via referrals from other individuals or from Clients.
Additionally, during the recruitment process, ISM may receive personal data directly from Candidates via conversations or interviews.
How do we protect your personal data?
The security of Candidates’ personal data is important to ISM. As a result, we use a range of physical, electronic, and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include:
- Education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
- Organization and technical controls to restrict access to personal data on a ‘need to know’ basis;
- Technological security measures, including firewalls, encryption, and anti-virus software;
- Physical security measures, such as keypad security for staff to access our premises.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data but we cannot guarantee the security of data transmitted to us or by us.
How long do we keep your personal data?
We will hold your personal data on our systems for the longest of the following periods:
- As long as is necessary to conduct the relevant activity or provide the relevant services;
- Any retention period that is required by law;
- The end of the period in which litigation or investigations might arise in respect to the services.
Additional details regarding retention of personal data are documented in ISM’s Records of Processing Activities (“RoPA”) which is available on request.
Transmission or transfer of personal data abroad
- ISM may transmit or transfer Candidate’s personal data to foreign parties, such as the Human Resources departments of ISM’s clients, and wherever else it may be necessary for the performance of ISM’s services either for the benefit of the Candidate or for any other legitimate purpose as described in this Privacy Policy.
- ISM may keep Candidate’s data on servers or cloud computers provided by other parties, and may use third-party programs, or applications, or platforms including but not limited to services mediated by software to process Candidate’s personal data. ISM will not allow unrelated persons to access personal data and will require those other parties to take appropriate security measures.
- If Candidate’s personal data is sent abroad, ISM will comply with the Personal Data Protection Act in that regard and take reasonable measures to ensure that Candidate’s personal data is adequately protected, and to prevent its unauthorized use or disclosure. In addition, where transfers are done to a third country where that country has data protection laws with extraterritoriality that applies, ISM will comply as required.
What are your Data Subject rights?
You have various rights in relation to your personal data. In particular, you have a right to:
- Obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
- Ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
- Ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data;
- Withdraw consent to our processing of your personal data;
- Receive a copy of the personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format;
- Object to our processing of your personal data.
To exercise any of your rights, or if you have any other questions about our use of your personal data, please email dpo@ismtech.net or call us at 02 634 3800.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
Changes to this Privacy Policy statement
We may modify or amend this Privacy Policy statement from time to time.
To let you know when we make changes to this Privacy Policy statement, we will amend the revision date at the top of this page. The new modified or amended Privacy Policy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.
ISM Contact Details
ISM can be contacted for any purpose described in this Privacy Policy by phone at 02 634 3800 or via email: dpo@ismtech.net.