Iventa privacy policy for candidates

How is my data collected?

In the process of applying to Iventa online via the Iventa website, by e-mail or after an interview with Iventa, I declare my consent, that Iventa may electronically store and process my personal data that I have provided, as well as the application documents that I have uploaded or sent by e-mail in a specialised and secure database.

What data is processed and how?

Iventa processes my personal data that I sent to Iventa for my application or that I made available to them on generally accessible social media platforms (e.g. XING or LinkedIn). This generally includes my name, address, contact details, information about education and professional background, particular specialisations such as skills, family status, citizenship and application documents sent by me. I have been informed that Iventa does not request for or save any sensitive data (data relating to racial and ethnic background, political opinions, religious or philosophical beliefs, union membership, health or sex life). I am free to voluntarily disclose these details in my application. If these are required by exception, I will be asked in advance for my explicit consent to the processing of sensitive data. I agree that references about me as a person can be obtained from previous employers once I have been consulted about this.

Purpose of data use/who has access to it?

Inclusion in the database and further processing take place exclusively for the purpose of advising me during my current application process or contacting me with any future offers, if I am being considered as a potential candidate based on the data provided here. My application will be provided to the client as part of a specific project/job posting if I have actively applied to it or if I was approached by Iventa about it. I am aware that Iventa has obligated the client to comply with data protection provisions accordingly. I also agree that my personal data is exclusively sent to affiliated companies in the Iventa Group for the above-mentioned purposes, and that it may be processed by these companies.

Registration of my data with Iventa, or the sending of my application documents, does not give rise to a contractual relationship between me and Iventa. Iventa’s liability to me is excluded, where legally permissible.

When processing, using and sending stored data relating to me, Iventa must comply with the provisions of the GDPR (EU 2016/679), as well as the Austrian Data Protection Act 2000 in its applicable version (DSG 2000). Iventa would like to expressly state that all Iventa employees are obligated to comply with data secrecy.

I have been made aware that Iventa does not share my data with third parties for purposes other than those intended. Third parties may technically process data, by order of Iventa and in compliance with all data protection provisions.

My rights – storage of data/duration

I can revoke this consent at any time. My data is electronically stored by Iventa until storage is revoked, or until the statutory retention period (as of 05/2018 – 7 years) expires, at the latest. Iventa also reserves the right to delete parts of, or all of, my data at any time without consultation and without stating any reasons. Iventa is not obligated to include my data in a search and selection process, and there is no legal claim to the use of my data by Iventa.

If I am applying for an anonymous advert (i.e. the client is not specified in the advert), I am aware that my documents may be shared with the client once non-disclosure notices have been reviewed in specialist projects, and may also be electronically processed there. Iventa may not disclose the client’s name during the project in order to protect the customer. My data will be protected by Iventa through review of non-disclosure notices when being sent to the client. My right of access is undisputed – as such, it can be processed accordingly once the project comes to an end.

At my request, I can be availed information relating to my personal data that is being processed, and incorrect data can be rectified or erased, in accordance with the legal provisions of the GDPR (EU 2016/679) Section 2 Articles 13-15.

If I believe that the processing of my data or the outcome of my right of access breaches data protection laws or my claims under data protection law in some way, I may initially contact the contact person for data protection at Iventa, datenschutz@iventa.at, or if there are further breaches, I may contact the supervisory authorities – in the case of Austria, this is the Austrian Data Protection Authority.

If specific data is shared with third parties after I have given consent, I am personally responsible for exercising my right of access, and right to rectification or erasure with them accordingly.

How is my data protected?

Iventa shall take all necessary measures that are intended to prevent access to my personal data, its misuse, loss or unauthorised access to it. Data is stored by processors. Iventa obligates any processors to comply with data protection provisions.