Data Protection Information for Applicants
The protection of your personal data is important to us. We therefore process your personal data (short "data") exclusively on the basis of legal regulations. With this data protection information, we would like to inform you about the processing of your data in our company and the data protection rights to which you are entitled in the sense of the EU General Data Protection Regulation (GDPR).1
1. Who is the data controller and point of contact for your questions/concerns?
Based on the GDPR, other applicable data protection laws in EU member states and other data protection regulations, the data controller is the legal entity to which you are applying or have applied. If you have applied in response to a specific job advertisement, you can find the hiring legal entity on there.
You can contact the data protection officer via email@example.com.
2. What kind of data is processed and where does the data come from?
We process the data that we have received from you in the course of the application process.
This generally includes the following data/types of data:
First name and last name, address, contact data (e-mail address, phone number), date of birth and data from CVs, certificates or other submitted application documents.
Moreover, if necessary, we may also process the following other personal data of you:
Other data that we have received from you in the course of the application process (e.g. in job interviews)
The documentation of your declaration of consent to keep your documents for future references
If you have submitted your data to a recruiter/personnel consultant ("headhunter"), we receive your data from this person as data controller in compliance with data protection regulations.
3. For which purposes and on what legal basis is the data processed?
We process your data in compliance with the provisions of the GDPR and the national data protection regulations in the respective applicable versions:
3.1 For fulfilling (pre-)contractual obligations (Art. 6(1)(b) GDPR):
The processing of your data is primarily carried out for evaluation purposes and communication with you in the course of the application process as pre-contractual measures in accordance with Art. 6(1)(b) GDPR.
3.2 For complying with legal obligations (Art. 6(1)(c) GDPR):
The processing of your data is necessary for the compliance with legal obligations. These include for example notifications to tax authorities in case of employment.
3.3 For protecting legitimate interests (Art. 6(1)(f) GDPR):
Due to a balancing of interests, data processing may take place beyond the actual fulfillment of the contract in order to protect our legitimate interests or those of third parties. Such legitimate interest exists, for example, in the exercise and pursuit of rights.
3.4 As part of your consent (Art. 6(1)(a) GDPR):
If you have given us your consent to process your data, e.g. for keeping your data for future references, the data is processed on this basis. You can revoke your declaration of consent at any time without giving reasons.
3.5 Local law
If the applicable local law provides individual regulations in addition to the GDPR, processing can also be based on the local regulations. In Germany, this would apply to § 26 BDSG.
4. Who receives my data?
Within the SSI SCHAEFER Group, only authorized employees in the HR department and the respective departments responsible for the specific application have access to your application documents. Due to the organizational matrix structure of the SSI SCHAEFER Group, it may be possible that employees of other legal entities of the SSI SCHAEFER Group also have access to your application documents, as employees of other legal entities may share the respective responsibilities within the departments. The legal basis for such forwarding and processing for internal administrative purposes is our legitimate interest in an effective collaboration between the individual departments within the Group, in accordance with Art. 6(1)(1)(f) of the GDPR.
However, retention for possible future job advertisements, keeping the application in an applicant pool or forwarding the application to another legal entity or department for a job advertisement other than the one to which you have applied, is generally not done without your consent.
SSI SCHAEFER takes appropriate and reasonable technical and organizational measures to protect your data.
If we use a service provider as processor, we remain responsible for the protection of your data. All processors are contractually obligated to protect your data by taking appropriate measures and to only process your data for the fulfillment of the contract. This includes for example IT service providers who are required for the operation and safety of our IT systems.
Also Microsoft (Microsoft Ireland Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18, P521, Ireland) is considered to be a processor that we might use for your application, for example when we invite you to a job interview via Microsoft Teams. The data processing may also take place in countries outside the EU and the EEA. There is the risk that authorities in third countries may access the data for safety and monitoring purposes without informing you or without you being able to file an appeal. We therefore take measures in accordance with Art. 44 et seq. of the GDPR to ensure an adequate level of data protection despite these risks.
5. For how long will my data be stored?
We process your personal data for as long as: it is necessary to achieve the mentioned purposes, a longer retention period is expressively recognized by the authorities, statutory retention periods exist, it is necessary for our legitimate interests such as the defense and enforcement of legal claims or we have your separate declaration of consent for a longer storage.
6. Is personal data transferred to a third country?
We do not actively transfer your data to a third country ourselves. However, we use service providers (e.g. Microsoft) from so-called third countries. In doing so, access to your personal data cannot be ruled out. There is the risk that authorities in third countries may access the data for safety and monitoring purposes without informing you or without you being able to file an appeal. We therefore take measures in accordance with Art. 44 et seq. of the GDPR to ensure an adequate level of data protection despite these risks.
7. What data protection rights do I enjoy?
For your data protection rights, please refer to the data protection declaration on our website.
8. Encrypted application
If you wish you can also send us your application documents in a password-protected ZIP archive per e-mail. In this case, please give us the password by phone.
1 For better readability, this text does not include references to male, female or diverse individuals (m/f/d). Any reference to one gender is also applicable to the others.