Policy

Privacy Policy

1. Purpose

This Policy aims to explain the framework for handling personal data of recruitment candidates to ensure the highest level of protection for their personal data. It commits to collecting, processing, and storing such data in accordance with best practices, data protection standards, and applicable regulations.

2. Scope and Applicability

This Policy applies to all data collected from applicants for employment and training at IMCTC Center, whether collected through the website, email, paper forms, interviews, or any other means.

3. Policy Provisions

3.1 Consent to the Privacy Policy

Your consent to this Privacy Policy means your agreement to all privacy terms and conditions provided by IMCTC Center to candidates during the recruitment process, whether through email or any of its channels. You may review these provisions and any ongoing amendments made based on the need and nature of work through the Center’s official website.

3.2 Changes to the Privacy Policy

IMCTC Center reserves the right to amend this Policy at any time. Accordingly, you are advised to read and review the Policy published on the Center’s website periodically to stay informed of any amendments or updates. Any changes or amendments shall become effective immediately upon publication of the updated Policy.

By reading this Policy, you acknowledge your acceptance of all changes contained in any updated version thereof.

3.3 Legal Basis for Collecting and Processing Personal Data

The explicit consent provided by the candidates for the collection and processing of their personal data for a specific purpose stated in the Privacy Policy.

Achieving a legitimate interest, provided it does not prejudice the rights of the data subject or clash with their interests, and provided the data is not sensitive.

Processing for real benefit of the personal data subject where contacting him/her is impossible or difficult.

Achieving the public interest, the parameters, and terms of this purpose in accordance with the Center’s regulations and the laws of the host country.

Implementation of an agreement in which the data subject is a party.

3.4 Personal Data Collection Methods

IMCTC Center collects personal data from candidates directly or indirectly using various methods, including, but not limited to:

Direct methods:

Data and documents collected as part of the recruitment process.

Filling out any paper, electronic form, or providing information through the Center’s communication channels, email, or social media applications.

Indirect methods:

Obtaining data during background and eligibility checks, such as security clearance data and medical examination results.

Obtaining data through communication with reference checking.

Data collected though cookies.

3.5 Types of Personal Data Collected by IMCTC Center

Data provided directly by candidates:

The Center collects the following data directly from candidates during recruitment procedures:

Basic information: full name, date of birth, age, gender, nationality, marital status, and personal photo.

Contact information: residence, neighborhood, national address, telephone number, mobile phone number, and email address.

Educational information and qualifications: academic background, training, and language proficiency.

Employment information and qualifications: concise resume, performance-related information, employment history (employers, job titles, employment duration), employment record, job skills, and personal interests.

Verification, background information, and documents include diplomas, certificates, clearance letters from previous employers, salary certificate, copy of national ID, driver's license, copy of vehicle registration, passport, social insurance documents, and graduation certificate.

Reference materials and documents: Job references and recommendation letters.

Health data: medical conditions and chronic diseases

Personal data and contact details of dependents, such as:

National ID.

Full name in English.

Relationship between employee and dependents.

Nationality.

Financial data, such as a copy of the bank account (IBAN), salary and benefits certificate from the previous employer, a statement of contribution periods and wages, and the account number.

Relatives: personal information about relatives working at IMCTC Center.

Emergency contacts: name, relationship, and mobile phone number.

Note: If you provide personal information about another person, you must have their permission to share their data with us.

Indirectly collected data about candidates:

Medical examination data and results, including verification of communicable and chronic diseases, toxicology screening, and all clinical examinations.

Security clearance data and results.

Data collected through cookies.

3.6 Purposes for Collecting and Using Personal Data

IMCTC Center collects, stores, and processes personal data for various legitimate purposes related to recruitment and training procedures, as well as for organizational, developmental, and improvement reasons, including:

Completing the required data for recruitment and training procedures.

Stay in touch with potential candidates to keep them in the loop about recruitment opportunities, such as notifying them of vacancies or requesting additional information regarding their suitability for a position, upon need.

Communicating with third parties provided candidates to evaluate their previous performance.

Monitoring and developing our recruitment process, we may use your personal data to enhance recruitment procedures and related services.

Meeting legal and regulatory requirements.

3.7 Disclosure of Personal Data

IMCTC Center reserves the right to disclose personal data in the following cases, in accordance with the Personal Data Protection Law in the host country:

Upon the candidate’s explicit consent to disclose personal data.

When data is collected from open and publicly available sources.

In case of sharing personal data with competent authorities.

3.8 Personal Data Retention Period

IMCTC Center undertakes to destroy personal data once the purpose for which it was collected has been fulfilled. However, the Center may retain such data after the purpose of collection has ended if such data is required for a specific period due to business needs. The data will then be destroyed upon the expiry of the period or the end of the purpose for which it was collected, whichever occurs first.

3.9 Your Rights Concerning the Processing of Your Personal Data

The Center ensures that you are aware of your rights as set out in the Personal Data Protection Law and other regulatory requirements, as follows:

Right to be informed: This Privacy Policy is designed to inform you of all matters required to be disclosed to the data subject before or at the time of data collection. You may obtain a copy thereof by sending an email to: Cybersecurity@imctc.org.

Right of access to your personal data: including the right to review, request correction, completion, updating, obtain a clear copy thereof, restrict its processing, transfer it, object to its processing, or request destruction of data that is no longer needed, provided this does not contravene the legal bases and legitimate interests as set out in the Personal Data Protection Law. You may exercise these rights by sending an email to: Cybersecurity@imctc.org.

Right to withdraw your consent to the processing of your personal data at any time, unless there are statutory or judicial requirements that mandate otherwise under the Personal Data Protection Law. This may be exercised by sending an email to: Cybersecurity@imctc.org.

3.10 Data Security

The Center ensures that appropriate steps are taken to safeguard personal data shared by applicants/candidates with IMCTC Center’s personnel. The Center implements preventive administrative, technical, and physical protective measures to protect personal data provided by applicants against damage, loss, alteration, unauthorized access, disclosure, unintended use, or unlawful or unauthorized processing, keeping in mind that the security measures are subject to periodic review to keep abreast with changes in business, technologies, and regulatory requirements.

Personal data shall be made available to authorized IMCTC Center’s employees who require access and processing as part of their responsibilities, as per "need to know basis" and "least privilege" principles.

When external service providers’ assistance is sought to store or process data, IMCTC Center requires them to adhere to the same applicable internal security standards. The Center takes all necessary steps to ensure the protection of personal data, regardless of where such data are transferred or stored.

3.11 External Links

IMCTC Center’s website may contain external links to other websites, which may collect information about users by providing their services or setting cookies. The interaction of users with such websites shall be subject to the privacy policies (terms of service) set forth by those service providers.

4. References

IMCTC Center’s Data Protection and Privacy Policy

Personal Data Protection Legislation in the Host Country

Personal Data Protection Law in the Host Country

Implementing Regulations of the Personal Data Protection Law in the Host Country

Personal Data Protection Policy in the Host Country

Ministry of Communications and Information Technology in the Host Country