This Privacy Statement explains how ITW Fastener Products GmbH, ITW España S.A. and ITW Metal Fasteners, S.L.U. (hereinafter referred to as “we”) processes, transfers and protects your personal data. Personal data is all information that concerns you.

1   Purposes of Data Processing, Categories of Personal Data, Legal Basis and Data Retention

1.1 Categories of Personal Data and Purposes of Data Processing
We shall particularly process the following categories of personal data over the course of your application process. We shall only use information which you provide to us or which we can obtain through publicly accessible sources:
Basic data (e.g. name, contact details, marital status, date of birth, gender, nationality, citizenship);
Sensitive data like religion and/or confession or any severe disability (only if you provide this information);
Education, professional career, references, skills, abilities and other information from your CV or cover letter;
Willingness to relocate following employment;
Class of driving licence, including any courses and certificates for the management and use of company cars and/or vehicles for business purposes;
Personal data contained in log files or safety reports (especially IP address, user name, password, location and time of access to our network); this information is used to protect our system, and to monitor and log the use of our network, in order to guarantee the security of the same.
1.2   Legal Basis for the Processing of Your Personal Data
The fundamental legal basis is Article 6(1) (b) of the EU General Data Protection Regulation 2016/679 (GDPR) in conjunction with Section 26 of the German Federal Data Protection Law (BDSG); these provisions allow us to process your personal data to execute pre-contractual measures.
If we do not require your information for this, we will only process your personal data with your consent in accordance with Article 6(1) (a) of the GDPR.
If we have to carry out certain compliance measures, the legal basis shall be Article 6(1) (c) and (f) of the GDPR, as the processing of personal data may be necessary to satisfy our legitimate interests. We have a legitimate interest in receiving notifications of relevant infringements and investigating the observance of applicable laws.
If we disclose your personal data to other companies within our group – not including our group-wide IT service providers – and this is not done with a “processor”, such data shall be transferred on the basis of Article 6(1) (f) of the GDPR. Our legitimate interests in this respect are (i) a global, centralised IT approach with harmonised processes and (ii) financial savings created by the operation of a centralised IT service.
Article 6(1) (c) may also be the applicable legal basis if we are legally obliged to process your personal data.
1.3   Do you have to share or provide us with your personal data?
You are required to provide us with your personal data as part of the application and employment process. If you do not want to send us the necessary information, we cannot consider you for the advertised Position.
1.4  Will we make automated decisions about you?
We will not make any decisions based solely on automated processing, including profiling, which have legal ramifications for you.
1.5  Retention Periods
We shall use the following criteria to determine the applicable retention period for your personal data: Your personal data shall be stored (i) for as long as necessary for the application process; (ii) beyond the application process if necessary and/or you have consented to this; (iii) in accordance with the applicable statutory retention periods; or (iv) until you revoke your consent.
If your application is unsuccessful, your details will generally be stored for 6 months and then deleted or destroyed.

2   Transfer of Personal Data to Third Parties

2.1   Transfer of Your Data
We shall only forward your personal data to any departments that require your information to perform our duties. We may require the support of service providers for such processes. Furthermore, your personal data may need to be passed on to other divisions within our corporate group. Your application documents may also be passed on to other divisions within our corporate group if vacancies arise that match your application/qualifications. We will observe data protection regulations when disclosing such information. Your personal data may especially be passed on to the following recipients:
·          IT service providers;
·          Waste disposal services;
·          Public authorities, administrative bodies, banks;
·          Other service providers who support us with things like the recruitment
2.2   Transfer of Personal Data to Third Parties in Countries outside the
European Union
If we transfer your personal data to third parties as per Section 2.1 above, these may be located outside the European Union. If the European Commission has not passed any relevant resolutions on the respective country (this means the level of data protection in this country is no longer comparable to the level of data protection in the European Union), we shall use suitable measures to protect your personal data. We shall use the EU’s so-called “standard contractual clauses” when transferring your personal data to third countries that do not have an adequate level of data protection. If you have any questions, please get in touch with the Data Protection Officer.

3    Your Rights

You may assert the following rights against us in accordance with the provisions of the EU General Data Protection Regulation:
·          Right of access;
·          Right to rectification;
·          Right to the restriction of processing;
·          Right to erasure / the right to be forgotten (in certain circumstances);
·          Right to data portability (in certain circumstances);
·          Right to object to data processing.
If your consent is required for the processing of personal data, you may also revoke your consent without this affecting the legality of our data processing carried out with your consent before your revocation.
If you would like to exercise one of your rights listed above, or if you believe we are unlawfully processing your personal data, please get in touch with
You may also contact a Data Protection Supervisory Authority. The local competent Supervisory Authority is: Agencia Española de protección de datos C/ Jorge Juan, 6. 28001 – Madrid..