IDG Candidate Privacy Policy (EU & UK)

  1. General Provisions

    This Candidate Privacy Policy (EU & UK) (“Privacy Policy”) applies to the Processing of Personal Data in connection with the recruitment process carried out by IDG, Inc. and Group Undertakings (“IDG” or “we”). IDG Group Undertakings are the International Data Corporation, Inc. and Group Undertakings (“IDC”) and IDG Communications, Inc. dba Foundry and Group Undertakings (“Foundry”). A full list of Foundry Group Undertakings, including contact details, is available online here. A full list of IDC Group Undertakings, including contact details, is available online here.

    The purpose of this Privacy Policy is to inform you how IDG acquires, stores, Processes, and protects your Personal Data when you apply for a job at IDG or any of its Group Undertakings, including what categories of Personal Data, purposes of Processing and your rights as a Data Subject are and how you may exercise them.

    IDG is a global company that attracts Candidates from diverse backgrounds and regions. We respect the privacy rights of all Candidates and are committed to protecting their Personal Data in accordance with applicable Data Protection Laws. This Privacy Policy applies to the extent the Processing of your Personal Data is subject to the GDPR and/or the UK GDPR.

    We recommend that you carefully familiarize yourself with this Privacy Policy.

  2. Definitions

    Candidate” or “you” means any natural person who applies for a job position at IDG.

    Data Protection Laws” means applicable privacy, security and personal information protection laws and regulations applicable to IDG or the Candidate such as the European General Data Protection Regulation (EU 2016/679) (the “GDPR”); European national laws implementing derogations, exceptions or other aspects of the GDPR; as well as the GDPR, as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (as amended or replaced from time to time) (the “UK GDPR”); and the relevant local data protection regulations within the European Economic Area and United Kingdom.

    Foundry” is defined in the heading of this Privacy Policy.

    Group Undertakings” means members of the IDG, IDC, or Foundry group of companies, as the context requires. IDG Group Undertakings includes IDC and Foundry.

    IDC” is defined in the heading of this Privacy Policy.

    IDG” or “we” is defined in the heading of this Privacy Policy.

    Personal Data” means any information that identifies or is capable of identifying the Candidate, in accordance with the Data Protection Laws.

    Privacy Policy” means this EU & UK Candidate Privacy Policy.

    The terms “Controller”, “Data Subject”, “Processing”, “Processor”, “Personal Data Breach” and “Personal Data”, unless specifically defined otherwise herein, shall bear the respective meanings given to them in the applicable Data Protection Laws.

  3. Controller Of Personal Data

    In connection with the recruitment process, Foundry Group Undertakings and IDC Group Undertakings determine the purposes and means of the Processing of your Personal Data and therefore, act as a Controller.

    Depending on where you apply for the job, the Controller of your Personal Data is:

    1. For IDC:

      • IDC CEMA (for job postings in Western Europe), with registered office at Malé náměstí 11, 110 00 Praha 1, Czech Republic, identification number 26482347.
      • IDC UK Ltd (for job postings in Central and Eastern Europe), with registered office at 5th Floor, Ealing Cross 85 Uxbridge Road, London, W5 5TH, United Kingdom, identification number 960665.
    2. For Foundry: the relevant Foundry Group Undertaking that carries out the recruitment process, as identified in the job posting. In the EU and the UK, the following Foundry Group Undertakings may be the Controller of your Personal Data:

      • Foundry UK: 21 Soho Square, London, W1D 3QP, United Kingdom
      • Foundry Ireland: Mezzanine Floor, Millennium House, Great Strand Street, Dublin 1, Ireland
      • Foundry Spain: Ctra. de la Coruña Km 18.200 Edif.C Bajo Izq., 28231 Las Rozas de Madrid – Spain
      • Foundry Sweden: International Data Group AB, Vasagatan 28, 111 20 Stockholm, Sweden
      • Foundry Germany: Georg-Brauchle-Ring 23, 80992 Munich, Germany
      • Foundry Poland: Grzybowska 2/44, Warsaw 00-131, Poland
  4. Contact Details

    If you have any questions relating to the Processing of your Personal Data or about this Privacy Policy, or you wish to exercise any of your rights as a Data Subject, please contact our Privacy Team at dataprivacy@idg.com.

  5. Purpose, Legal Basis, Scope, And Duration Of Processing Of Personal Data

    1. Scope of Processing

      We Process the following scope of your Personal Data: information that you provide in your resume and during the recruitment process, specifically your name and surname, residence address, email address, telephone, acquired education, current employment position, acquired work experience and skills, photograph, and any other Personal Data contained in your resume or otherwise provided to us by you. To the extent permitted by the applicable law and necessary for a given job position, we may also process a limited scope of information collected in the course of background checks and verification of references that you provide.

    2. Purposes and Legal Bases of Processing

      We only Process your Personal Data within the scope necessary for the fulfillment of our contractual or statutory obligations, based on our legitimate interests, or on the basis of consent granted by you for the purposes as set out below:

      1. Recruitment Process

        We primarily Process your Personal Data for the purposes of carrying out the recruitment process for a specific job position which you have applied for. The Processing of your Personal Data is necessary to evaluate the Candidates and conclude an employment contract between the successful Candidate and us. To the extent permitted by the applicable law and necessary for a given job position, we may also conduct background checks to verify whether you are eligible for the position that you applied for.

        The legal basis for the Processing of your Personal Data is the contract that we take steps to enter into.

        We will process your Personal Data for the above-described purpose until the recruitment process relating to you is concluded.

      2. Legitimate Interests

        Following the recruitment process, we may also Process your Personal Data based on our legitimate interests. IDG’s legitimate interests include monitoring of the compliance within the recruitment process, determination, defense, and exercise of our legal rights or the resolution of any potential disputes relating to the recruitment process that you have participated in. We may also process your data for analytical purposes so that we can analyze the recruitment process and better understand who is applying for our positions, helping us to determine the most effective way to advertise jobs, attract talent and fill open positions.

        We may continue to Process your Personal Data after the termination of the recruitment process if it is necessary to protect our legitimate interests; this period will typically not exceed the period of one year following the conclusion of the recruitment process.

      3. Information on Other Job Openings

        In the event that you grant us your consent, we will also Process your Personal Data for the purposes of contacting you in regard to other job openings in IDG Group Undertakings and the realization of potential future recruitment processes for such job positions.

        In such cases, we will continue to Process your Personal Data, at maximum for the period defined in the consent; this period will typically not exceed the period of three years from the time when consent was granted.

  6. Recipients Of Personal Data

    1. Sharing of Personal Data

      For the purposes described above, some categories of the Personal Data that we collect in connection with the recruitment process may be shared by us with third parties that are either independent Controllers or that act as our Processors. In particular, we may share Personal Data with:

      • IDG entities from the Group Undertakings, including International Data Group Inc., for the purpose of realization of the recruitment process in the particular Group Undertaking, or for the purpose of administration support and organization of recruitment process in our company;
      • third-party service providers administering our IT systems and providing IT services utilized for the purpose of administration and organization of the recruitment process;
      • third-party service providers providing recruitment services and advertising of job positions;
      • public authorities or other third parties, if it is necessary to comply with the applicable law.
    2. Safeguards

      We have entered into Data Processing agreements with the recipients who Process the Personal Data as Processors (with the exception of cases where the conclusion of such agreement is not obligatory; for example, when transferring Personal Data to public authorities), which we have verified to ensure at least the same level of protection thereof as this Privacy Policy.

      We ensure that the access of recipients to Personal Data is limited to the scope necessary for the purpose for which the Personal Data is shared, in accordance with the applicable laws and, with respect to Processors, our instructions.

      If the Personal Data is transferred outside of the European Economic Area and the United Kingdom, we ensure that such transfers are based on a valid mechanism required under the applicable Data Protection Laws, including in particular, the Standard Contractual Clauses.

  7. Data Security

    With regard to the possible impending risk of harm to you as the Data Subject, we have implemented and maintain appropriate technical and organizational measures, internal controls, and information security processes in accordance with the applicable Data Protection Laws and best business practices. At the same time, we take into consideration the state of technological development with the goal of protecting your Personal Data from accidental loss, destruction, alterations, and unauthorized disclosure or access. Such measures may, among other things, include taking reasonable steps to ensure adequate management of access roles, using encrypted communication channels, the liability of relevant employees who have access to your data, training of employees, regular backups, procedures for data renewal and management of incidents, and software protection for devices on which Personal Data are stored.

  8. Your Rights As A Data Subjects

    In accordance with applicable Data Protection Laws, you have the right to request access to your Personal Data that we are Processing, the right to their rectification, erasure or portability, the right to object to the Processing of your Personal Data; as well as the right to request restriction of Processing conducted by us. You can also withdraw consent to the Processing of certain Personal Data at any time if you have granted us such consent.

    If you wish to exercise your rights and/or obtain detailed information, please contact us via the contact details set out in Article 4 of this Privacy Policy. We will consider all such requests and provide our response within the given time period stated by applicable Data Protection Laws. We may request you provide us with information necessary to confirm your identity if we are not able to do so based on the Personal Data that we already Process.

    If you exercise any of your rights according to this Article or the applicable Data Protection Laws, we will inform each recipient with whom your Personal Data has been shared according to Article 6 of this Privacy Policy, of the measures taken to exercise your request, if such a notification is possible and/or does not involve disproportionate effort.

    Please find the respective rights described in detail below:

    1. Rectification of Your Personal Data

      You have the right to rectify the Personal Data that we Process about you if you find that it is inaccurate or incomplete.

    2. Erasure of Your Personal Data

      You can request erasure of your Personal Data at any time. If you contact us and make this request, we will erase all your Personal Data that we have without undue delay, unless we need it for the fulfillment of statutory obligations or the establishment, exercise, or defense of our legal claims.

      Further, if you withdraw your consent, we will also erase all your Personal Data.

    3. Withdrawal of Consent

      Granted consent to the Processing for the purposes described above can be withdrawn at any time without giving a reason. Please note that the withdrawal of your consent shall not affect the lawfulness of Processing based on consent before its withdrawal.

    4. Access to and Portability of Your Personal Data

      You have the right to obtain confirmation as to what Personal Data we Process or do not Process with respect to you. You can also request a copy of your Personal Data that we Process. In addition, you may exercise your right to portability. In such case, we can send some of your Personal Data (namely the data that we process on the basis of the contract and/or your consent) directly to a third party (i.e., another Controller) whom you specify in your request, provided that it is technically feasible and does not affect the rights and freedoms of other persons.

    5. Objection to Processing

      If we Process some of your Personal Data on the basis of our legitimate interest, you have the right to object at any time, to the Processing of Personal Data. If significant legitimate interests for Processing — that override the interests or rights and freedoms of you as the Data Subject — are not proven on our part, or further Processing is not necessary for the establishment, exercise or defense of our legal claims, we will cease the Processing of your Personal Data.

    6. Restriction of Processing

      If you request restriction of Processing of your Personal Data (e.g., in the event that you question the accuracy or lawfulness, or our need to Process your Personal Data), we will restrict the Processing of your Personal Data to the necessary minimum (storage), and we may only Process it for the establishment, exercise or defense of legal claims, or on grounds of the protection of the rights of another natural person or legal entity or other reasons prescribed by applicable legislation. If a restriction of Processing is lifted and we continue to Process your Personal Data, we will inform you without undue delay.

    7. Complaint to the Office for Personal Data Protection

      You may also lodge a complaint pertaining to our Processing of your Personal Data with the competent supervisory authority if you believe that your rights regarding our use of your Personal Data have been violated:

      • If you wish to submit a complaint in relation to Processing carried out by IDC Undertakings, (i) within the European Economic Area, the supervisory authority is the Czech Office for the Protection of Personal Data (in Czech: Úřad pro ochranu osobních údajů), more information can be found at: www.uoou.cz, (ii) in the United Kingdom, the supervisory authority is the Information Commissioner’s Office, more information can be found at: https://ico.org.uk.
      • If you wish to submit a complaint in relation to Processing carried out by Foundry Undertakings, (i) within the European Economic Area, the supervisory authority is the Irish Data Protection Commission, more information can be found at: https://www.dataprotection.ie/, (ii) in the United Kingdom, the supervisory authority is the Information Commissioner’s Office, more information can be found at: https://ico.org.uk.
  9. Updates To The Privacy Policy

    We may modify or update the Privacy Policy from time to time. Any changes to this Privacy Policy shall become effective when published on the relevant website of IDG and/or its Group Undertakings.

    This Privacy Policy was last updated on September 23, 2024.

Questions?

For all matters related to privacy and the collection, processing, use and storage of your personal data, please contact our Privacy Team at dataprivacy@idg.com.