We value your Privacy
Last update: 19th of April 2021
About MG. MG is a management consulting firm. MG offers executive search services to help companies recruit new employees. MG offers leadership development solutions, management consulting, succession planning solutions, and other Human Resources related consulting services.
2. Personal data that we collect
2.1 Types of personal data that we collect
Personal data is information that identifies you as an individual or relates to an identifiable individual. MG is a management consulting firm and for these purposes, we collect a variety of personal data necessary to provide such services in a secure and highly confidential way. We make sure that we respect data minimization principles and we do not collect any personal data that is excessive. Below, you can find an overview of the types of personal data that we collect, the instances in which we do so, the purposes for which we use your personal data, and the legal bases on which we rely when processing your personal data.
Your CV. When you submit your CV for assessment and recruitment purposes through the Site, during events, by email, post, or other means, we collect your full name, gender, nationality, e-mail address or postal address, telephone number, employer details, employment history, education, certificates, professional credentials, memberships in professional bodies, skills, assessments and interview records, work experience, testimonials, background checks, financial compensation, personal preferences, interests and hobbies, and all information that you choose to share with us in your CV or accompanying documents. We use such data to process your CV for recruitment purposes, share it with your potential employers, contact you, if necessary, and maintain our business records. The legal bases on which we rely are (i) ‘performing a contract with you', (ii) 'your consent’ (for optional personal data), and (iii) ‘pursuing our legitimate business interests (i.e. to administer our business).
Publicly available data. If you contact us for recruitment purposes, we may also collect information about you from third parties, including the social media account ID, images, video, audio, and other data publicly available on the Internet, in addition to your CV. We use such data for recruitment purposes, share it with your potential employers, and contact you, if necessary, and maintain our business records. The legal bases on which we rely are (i) 'performing a contract with you' and (ii) ‘your consent' (for optional personal data).
Your feedback. We may collect your reviews, feedback and opinions about our services. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records). We use such data to develop and improve our business activities. The legal basis on which we rely is 'pursuing our legitimate business interests'.
Enquiries. When you contact us by email, we collect your name, email address, and any information that you decide to include in your message. When you contact us by using the contact form available on the Site or through the chat, we collect your name, email address, organization/company name, country, and any other information that you decide to provide in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e. to grow and promote our business) and ‘your consent’ (for optional personal data).
IP address. When you browse the Site, we or our third-party analytics service providers (as explained below) collect your IP address. We use your IP address to analyze the technical aspects of your use of the Site, prevent fraud and abuse, and ensure the security of the Site. The legal basis on which we rely is ‘pursuing our legitimate business interests’ (i.e. to analyze and protect the Site).
2.2 Sensitive data.
We request that you do not send us, and you do not disclose to us sensitive data, such as biometric characteristics, information related to your health background, criminal records, racial related information, religious beliefs, ethnic origin, political opinions, sexual orientation, gender identity or gender expression, trade union membership, social security numbers, and credit cards details. If you decide to provide such data to us voluntarily, you do it at your own discretion and such voluntarily provision substitutes your consent.
The Site is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal data from minors. If you become aware that a minor has provided us with his or her personal data and you are a parent or a legal guardian of that minor, please contact us immediately and we will remove the minor’s personal data from our systems.
2.4 Refusal to provide personal data.
If you refuse to provide us with your personal data when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Site, receive our services, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.
2.5 Other uses of personal data.
If we decide to re-purpose your personal data (i.e. to use it for other purposes than the initial purposes), we will ask for your consent. For example, we may use your personal data with your consent in press releases and marketing materials.
3. Non-personal data that we collect
3.1 Types of non-personal data.
When you browse the Site, we automatically collect certain technical non-personal data related to your use of the Site. Such data does not allow us to identify you in any manner. The non-personal data includes the following information:
Your activity on the Site;
Your browser type and version;
Your operating system;
URL addresses from which you access the Site;
The date and time when you access the Site;
Your internet service provider; and
Your other online behavior.
3.2 Purposes of non-personal data.
We will use non-personal data for the following purposes:
To analyze what kind of users use the Site;
To examine the relevance, popularity, and engagement rate of the content available on the Site;
To investigate and help prevent security issues and abuse; and
To develop and provide additional features to the Site.
3.3 Aggregated and de-identified data.
In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.
4. Disclosure of personal data
4.1 Prospective employers.
We provide your personal data to prospective employers (our clients), only if it is necessary for processing your CV for recruitment purposes or if you authorize us to do so. Your personal data is disclosed to our clients via a secured portal to which our clients will have access only during conducting our services.
4.2 Legal requests.
We may disclose personal data in order to comply with applicable laws, respond to requests from government authorities or public authorities or regulatory authorities including those outside of your country of residence and in accordance with, or required by, any applicable law. We may disclose personal data in order to protect the rights and trademarks of MG or to enforce our legal terms.
4.3 Disclosure of non-personal data.
We may disclose aggregate or de-identified data that is not personally identifiable to third parties.
4.4 Our data processors.
Our hosting service provider WIX.COM LTD, located in 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel;
Our email service provider Microsoft Ireland Operations Limited, located in One Microsoft Place, South County Business Park Leopardstown Dublin 18, D18 P521 Ireland
Our chat service provider WIX.COM LTD, located in 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel;
Our analytics service provider Google Analytics (https://analytics.google.com/analytics) located in the United States; and
Our independent contractors and consultants.
5. International transfer of personal data
MG is an international consulting firm. Sharing data cross-border may be essential to the services you may receive at the same high-quality wherever you are located. As a result, we may, subject to law, transfer personal data outside your country (for example, if you reside in a country belonging to the EEA, we may need to transfer your personal data to the United States). We may transfer personal data in order to comply with applicable laws, respond to requests from government authorities or public authorities including those outside of your country of residence and in accordance with, or required by, any applicable law. For the purposes of providing our services we may transfer your personal data between and among MG subsidiaries. Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. If the country in which the recipient of your personal data is located does not guarantee an adequate level of protection, we will conclude an agreement with it that ensures such protection (e.g. a data processing agreement based pre-approved standard contractual clauses).
6. Choices, access and removal of personal data
6.1 Your rights.
If you would like to ask how we handle your personal data, or you wish to exercise your rights listed below, please contact us at firstname.lastname@example.org or by post at 280 Madison Avenue #912, New York, NY 10016, United States. We will comply with your request as soon as reasonably practicable, but no later than 30 days. You have the following rights (unless the law provides for some exceptions):
Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
Right to rectification: you can rectify inaccurate personal data that we hold about you;
Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;
Right to restriction: you can ask us to restrict the processing of your personal data;
Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;
Right to object: you can ask us to stop processing your personal data;
Right to withdraw consent: you have the right to withdraw your consent if you have provided one; or
Right to complaint: you can submit your complaint regarding our processing of your personal data.
If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 2 weeks). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
6.3 Opt-out from marketing-related emails.
If you wish no longer to receive marketing-related emails, you may unsubscribe, or follow the instructions in any such email you receive from us or inform us by email at email@example.com.
7. Retention of personal data
8. Security of personal data
To protect your personal data MG has in place reasonable technical and organizational measures to prevent unauthorized or accidental access or unlawful destruction or loss, alteration, unauthorized disclosure, or erasure of your personal data. Our security measures include secured networks, VPN, multi-factor authentication, access management, limited access to your personal data by our staff, encryption, and anonymization of personal data (when possible).
Unfortunately, no data transmission over network or information system or storage system can be guaranteed to be 100% secure. Therefore, our liability for any security breach will be limited to the highest extent permitted by the applicable law.
8.1 Data Loss Prevention.
MG uses a specialized data processing service provided by a third-party partner (Microsoft Corporation) allowing us to protect your data by Data Loss Prevention (DLP) that can identify over 80 common sensitive data. In addition, DLP allows us to configure actions to be taken upon identification to protect sensitive information and prevent its accidental disclosure.
MG uses Advanced Data Governance intelligence and machine-assisted insights that help us to find, classify, set policies on, and take action to manage the lifecycle of the data that is most important to protect.
MG uses Customer Lockbox that can help us meet compliance obligations for explicit data access authorization during service operations and actions taken are logged and accessible to us so that they can be audited.
8.2 Advanced Threat Protection.
MG uses a system that safeguards data and identifies when a data breach occurs include, also MG uses Advanced Threat Protection that helps protect our email communication.
MG uses Microsoft Threat Intelligence that helps us proactively uncover and protect against advanced threats and helps us quickly and effectively enable alerts, dynamic policies, and security solutions.
Advanced Security Management enables us to identify high-risk, potential breaches. MG uses a system that allows us to monitor and track user and administrator activities across the Online platform, which helps with early detection and investigation of security and compliance issues.
8.3 SSL encryption.
To prevent unauthorized access, maintain the accuracy of data and ensure proper use of information, MG has put in place appropriate physical, electronic and managerial security procedures to safeguard all information collected online by implementing industry-standard SSL encryption.
8.4 Hybrid cloud workloads protection
MG uses Azure Defender to protect hybrid cloud workloads including servers, data, storage, containers and IoT.
9. Third-party links and tracking technologies
9.1 Third-party website redirection.
9.3 Visitor Analytics
Visitor Analytics is a simple website analytics service which measures the traffic on our website and website visitors' general details. We collect statistics like which pages visitors visit and when, where they are approximately located, where they land first or if they are coming from a specific referral, to make our website visitors' experience better.
As a website operator using Visitor Analytics, we process information about our visitors' device type and screen size/resolution, approximate location, browser, OS, IPs, page visits, bounce rate, conversions, conversion funnels, average sessions per visitor, average pages per session, average session duration, time spent on the website and preferably visited content on the website. All this data is pseudonymized and Visitor Analytics will not use the collected data to identify individual users or to match the data with additional information on an individual user.
9.4. Visitor Recordings
Visitor Recordings is an additional feature to Visitor Analytics (described above) in the form of a simple website replay tool that records in statistics where our website visitors scrolled to and what they clicked on our website. We can see this information in playbacks and so called “heatmaps”. Collecting these statistics helps us to make our website more user-friendly as well as to reproduce and fix technical errors.
Basically, as a website operator using Visitor Recordings, we are using a snippet of tracking code to collect data about our visitors’ journey on our websites, which subpages they visit, what they clicked on, where they moved their mouse cursor to and where they scrolled. All this data is pseudonymized and Visitor Analytics will not use the collected data to identify individual users or to match it with additional information on an individual user.
10. Changes & questions