Job Application Policy (via LinkedIn)
SECTION 1: OVERVIEW / INTRODUCTION
1.1. The company under the name "IST - International Software Techniques S.A.”, (henceforth called "IST"), registered address: Papaflessa 16, 151 24 Marousi - Athens, Greece, corporate VAT number / TIN: EL095526161, becomes a Controller of your personal data for the purposes stated in subsection 1.2, the moment you willingly respond to a specific company-posted job ad that is published on the LinkedIn platform and submit your job application and respective CV to the company - via the said platform - for evaluation, screening and recruitment.
1.2. The job ads that we publish on the LinkedIn platform, fall under one of the following categories:
a) job ads that address internal job openings (see SECTION 2),
b) job ads that address job openings at one of our clients (see SECTION 3).
SECTION 2: JOB ADS THAT ADDRESS INTERNAL JOB OPENINGS
2.1. Job ads that address internal job openings are to be recognized by their explicit introductory wording / description: "We are looking for a capable and skilled individual to join our team".
2.2. Definition of "job ads that address internal job openings": job openings directly related to staffing of internal teams / internal recruiting needs. The job applicants are assessed, evaluated, selected and hired by IST and allocated to a specific company department / team / project etc. IST is solely responsible for all employee-related management practices and policies, as well as for payroll-related services.
2.3. When a job ad adresses an internal job opening, a "Controller-to-Controller" relationship is established between the folllowing two (2) parties: IST and LinkedIn.
2.4. Definition of a Controller-to-Controller relationship: Controller-to-Controller relationships imply the presence of two or more separate controllers. In this case, separate controllers are sharing personal data, but processing it individually for their own distinct purposes. Where the means and purposes of data processing activities are decided individually, and data is simply shared between controllers, it is a Controller-to-Controller relationship. Each entity is processing for its own purpose and uses its own means. Each is a controller in its own right and there is no joint controllership.
2.5. Initially, LinkedIn is the data controller of your personal data and it is the reponsibility of the platform to ensure compliance with GDPR on its end. IST becomes a controller of your personal data and CV, the moment you willingly respond to a specific company-posted job ad that is published on the LinkedIn platform and submit your job application, personal data and respective CV to the company. A Controller-to-Controller relationship is therefore established between the two parties (LinkedIn and IST), since LinkedIn shares your personal data and CV that are stored on the platform with IST. The moment IST makes use of your personal data and CV, by processing, managing and storing it outside the LinkedIn platform, IST also becomes a data controller in its own right, and is therefore responsible for complying with GDPR laws and regulations.
2.6. The personal data we collect, process, manage and store is your name, surname, email address, mobile and landline phone numbers, and also your CV, which contains information such as identity details, personal details, contact details, education, employment history or other information that may be included in a submitted CV (e.g. references, additional abilities and skills, candidate’s employment preferences such as a desired position, type of employment relationship etc., personal leisure interests).
2.7. You should not include information in your job application that relate to criminal convictions and offenses or specific categories of sensitive personal data (such as information on political views, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data etc.), nor contain data related to third (natural) persons, except after their express authorization. IST is not to be held responsible if - intentionally or not - you provide such type of data.
2.8. Your personal data and your CV are collected by IST for the sole purpose of assessing your qualifications and competencies in order to be selected for a job position (your desired job position or any other company-related position for which you are deemed to have the required qualifications), as well as, for the purpose of contacting you requesting additional information or to arrange an appointment.
2.9. For job ads that address internal job openings, recipients of your personal data and of your CV are only the employees of IST (authorized personnel only have access to your personal data and CV). Your personal data and CV will be distributed internally to IST Managers, Directors and C-level Executives who are responsible for - or participate in - candidate evaluation, screening and recruitment.
2.10. Both your LinkedIn job application, personal data and respective CV will be treated confidentially by IST.
2.11. Both your LinkedIn job application, personal data and respective CV will not be shared with a third-party (person or legal entity), and will only be used for candidate evaluation, screening and recruitment purposes within IST.
2.12. Your contact details (as these are stated in your CV and LinkedIn profile) will not be used for marketing or promotional purposes by IST.
2.13. IST may share your personal data with the competent authorities, if lawfully requested to do so.
2.14. Your personal data and CV might be added to our HR records for future reference, as new opportunities arise that may match your career objectives, experience and skills.
2.15. Your personal data and CV might remain in our HR records for a maximum period of 12 months (from the date of submission). Your CV will subsequently be deleted, along with your personal data.
2.16. You have the right to submit a request to us:
a) to access your data,
b) to rectify or delete your data,
c) to ask for the restriction of processing,
d) to ask for data portability,
e) to object to the processing.
For any of the above, you can submit your request by sending us an email at "hr@ist.com.gr". We shall respond to your request within 72 hours.
2.17. Being located in the EU, IST complies fully with GDPR laws and regulations.
2.18. Once outside the realm of the LinkedIn platform, your personal data and CV will be processed, managed and stored by IST within the European Union (EU) and European Economic Area (EEA).
2.19. Data Protection Supervisory Authority: Hellenic Data Protection Authority (HDPA), Address: Kifissias 1-3, 115 23 Athens, Greece, Tel.: +302106475600, Fax: +302106475628, www.dpa.gr
2.20. In case you require more information related to the use and handling of your personal data and CV, as well as, the exercise of your rights, or you would like more information on the Job Application Policy that IST incorporates, you can contact our Data Protection Officer (DPO) via email (dpo@ist.com.gr).
SECTION 3: JOB ADS THAT ADDRESS JOB OPENINGS AT ONE OF OUR CLIENTS
3.1. Job ads that address job openings at one of our clients are to be recognized by their explicit introductory wording / description: "IST, on behalf of its client, is seeking for...".
3.2. Definition of "job ads that address job openings at one of our clients": job openings directly related to staffing of client teams / client recruiting needs. The applicants are assessed, evaluated and selected by the client, hired by IST on the client's behalf, and allocated to a specific client department / team / project etc. The successful applicant will work for a specific client during his employment with IST; the client will be mainly responsible for employee management practices and policies, whereas IST will only provide basic and ancillary HR and payroll-related services.
3.3. The name of the client, on behalf of whom the job ad is published, is not disclosed at this stage of the process (i.e. publication of job ad, assessment and shortlisting of job applicants). The shortlisted applicants will be informed of the client's name when contacted (by IST or by the client directly) so as to arrange an appointment. Non-shortlisted applicants will not be informed of the client's name.
3.4. When a job ad adresses a job opening at one of our clients, a "Controller-to-Controller" relationship is established between the folllowing three (3) parties: IST, LinkedIn and our client.
3.5. Definition of a Controller-to-Controller relationship: Controller-to-Controller relationships imply the presence of two or more separate controllers. In this case, separate controllers are sharing personal data, but processing it individually for their own distinct purposes. Where the means and purposes of data processing activities are decided individually, and data is simply shared between controllers, it is a Controller-to-Controller relationship. Each entity is processing for its own purpose and uses its own means. Each is a controller in its own right and there is no joint controllership.
3.6. Initially, LinkedIn is the data controller of your personal data and it is the reponsibility of the platform to ensure compliance with GDPR on its end. IST becomes a controller of your personal data and CV, at the moment you willingly respond to a specific company-posted job ad that is published on the LinkedIn platform and submit your job application, personal data and respective CV to the company. A Controller-to-Controller relationship is therefore established between the first two parties (LinkedIn and IST), since LinkedIn shares your personal data and CV that are stored on the platform with IST. The moment IST makes use of your personal data and CV, by processing, managing and storing it outside the LinkedIn platform, IST also becomes a data controller in its own right, and is therefore responsible for complying with GDPR laws and regulations. Finally, since IST subsequently shares your personal data and CV with a client, on behalf of whom the job ad is published, the client also becomes a Controller of your personal data (i.e. the client also establishes a Controller-to-Controller relationship), and must ensure compliance with GDPR laws and regulations on its own right, independently of IST.
3.7. The personal data we collect, process, manage, store and share with the client is your name, surname, email address, mobile and landline phone numbers, and also your CV, which contains information such as identity details, personal details, contact details, education, employment history or other information that may be included in a submitted CV (e.g. references, additional abilities and skills, candidate’s employment preferences such as a desired position, type of employment relationship etc., personal leisure interests).
3.8. You should not include information in your job application that relate to criminal convictions and offenses or specific categories of sensitive personal data (such as information on political views, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data etc.), nor contain data related to third (natural) persons, except after their express authorization. IST, or our client, are not to be held responsible if - intentionally or not - you provide such type of data.
3.9. Your personal data and CV are collected by IST, on behalf of our client, for the sole purpose of assessing your qualifications and competencies in order to be selected for a job position (your desired job position or any other client-related position for which you are deemed to have the required qualifications), as well as, for the purpose of contacting you requesting additional information or to arrange an appointment (depending on the context, you may be contacted by IST or by the client directly).
3.10. For job ads that address job openings at one of our clients, recipients of your personal data and of your CV are both the employees of IST and of the client (authorized personnel of IST and the client only have access to your personal data and CV). Your CV will be distributed both to IST and client Managers, Directors and C-level Executives who are responsible for - or participate in - candidate evaluation, screening and recruitment.
3.11. If the job applicant is a current employee of the client (at the time of the job application submission), the application will not be forwarded or otherwise be disclosed to the client, and the particular applicant will not be considered for further evaluation.
3.12. If the job applicant is a former employee of the client (at the time of the job application submission), the application will be forwarded / disclosed to the client, for further evaluation.
3.13. Both your LinkedIn job application, personal data and respective CV will not be shared with a third-party (person or legal entity) other than the client on behalf of whom the job ad is published, and will only be used for candidate evaluation, screening and recruitment purposes.
3.14. Your contact details (as these are stated in your CV and LinkedIn profile) will not be used for marketing or promotional purposes by IST.
3.15. IST may share your personal data with the competent authorities, if lawfully requested to do so.
3.16. Your personal data and CV might be added to IST's HR records for future reference, as new opportunities arise that may match your career objectives, experience and skills.
3.17. Your personal data and CV might remain in IST's HR records for a maximum period of 12 months (from the date of submission). Your CV will subsequently be deleted, along with your personal data.
3.18. You have the right to submit a request to IST:
a) to access your data,
b) to rectify or delete your data,
c) to ask for the restriction of processing,
d) to ask for data portability,
e) to object to the processing.
For any of the above, you can submit your request by sending us an email at "hr@ist.com.gr". We shall respond to your request within 72 hours.
3.19. Being located in the EU, IST complies fully with GDPR laws and regulations.
3.20. Once outside the realm of the LinkedIn platform, your personal data and CV will be processed, managed and stored by IST within the European Union (EU) and European Economic Area (EEA).
3.21. Being a controller of its own, it is the sole responsibility of the client to ensure compliance with GDPR laws and regulations, independently of IST. IST is not to be held responsible, if the client fails to ensure compliance with GDPR laws and regulations.
3.22. As part of its business relationship, IST has notified the client beforehand - in writing - that the latter also becomes a Controller of personal data, the moment IST starts sharing personal data and CVs of job applicants with the client (on behalf of whom the job ad is published).
3.23. In order to better ensure the protection of personal data and CVs of job applicants by the client, IST requires from the client to have a valid GDPR policy in place, before sharing of personal data and CVs of job applicants commences.
3.24. Data Protection Supervisory Authority: Hellenic Data Protection Authority (HDPA), Address: Kifissias 1-3, 115 23 Athens, Greece, Tel.: +302106475600, Fax: +302106475628, www.dpa.gr
3.25. In case you require more information related to the use and handling of your personal data and CV, as well as, the exercise of your rights, or you would like more information on the Job Application Policy that IST incorporates, you can contact our Data Protection Officer (DPO) via email (dpo@ist.com.gr).
(Version 1.1 / 04 April 2024)
