PRIVACY STATEMENT FOR JOB APPLICANTS

This Privacy Statement explains how ITW Fastener Products GmbH, ITW España S.A. and ITW Metal Fasteners, S.L.U. (hereinafter referred to as “we”) processes, transfers and protects your personal data. Personal data is all information that concerns you.

1   Purposes of Data Processing, Categories of Personal Data, Legal Basis and Data Retention

1.1 Categories of Personal Data and Purposes of Data Processing
We shall particularly process the following categories of personal data over the course of your application process. We shall only use information which you provide to us or which we can obtain through publicly accessible sources:
(i)
Basic data (e.g. name, contact details, marital status, date of birth, gender, nationality, citizenship);
(ii)
Sensitive data like religion and/or confession or any severe disability (only if you provide this information);
(iii)
Education, professional career, references, skills, abilities and other information from your CV or cover letter;
(iv)
Willingness to relocate following employment;
(v)
Class of driving licence, including any courses and certificates for the management and use of company cars and/or vehicles for business purposes;
(vi)
Personal data contained in log files or safety reports (especially IP address, user name, password, location and time of access to our network); this information is used to protect our system, and to monitor and log the use of our network, in order to guarantee the security of the same.
1.2   Legal Basis for the Processing of Your Personal Data
The fundamental legal basis is Article 6(1) (b) of the EU General Data Protection Regulation 2016/679 (GDPR) in conjunction with Section 26 of the German Federal Data Protection Law (BDSG); these provisions allow us to process your personal data to execute pre-contractual measures.
If we do not require your information for this, we will only process your personal data with your consent in accordance with Article 6(1) (a) of the GDPR.
If we have to carry out certain compliance measures, the legal basis shall be Article 6(1) (c) and (f) of the GDPR, as the processing of personal data may be necessary to satisfy our legitimate interests. We have a legitimate interest in receiving notifications of relevant infringements and investigating the observance of applicable laws.
If we disclose your personal data to other companies within our group – not including our group-wide IT service providers – and this is not done with a “processor”, such data shall be transferred on the basis of Article 6(1) (f) of the GDPR. Our legitimate interests in this respect are (i) a global, centralised IT approach with harmonised processes and (ii) financial savings created by the operation of a centralised IT service.
Article 6(1) (c) may also be the applicable legal basis if we are legally obliged to process your personal data.
1.3   Do you have to share or provide us with your personal data?
You are required to provide us with your personal data as part of the application and employment process. If you do not want to send us the necessary information, we cannot consider you for the advertised Position.
1.4  Will we make automated decisions about you?
We will not make any decisions based solely on automated processing, including profiling, which have legal ramifications for you.
1.5  Retention Periods
We shall use the following criteria to determine the applicable retention period for your personal data: Your personal data shall be stored (i) for as long as necessary for the application process; (ii) beyond the application process if necessary and/or you have consented to this; (iii) in accordance with the applicable statutory retention periods; or (iv) until you revoke your consent.
If your application is unsuccessful, your details will generally be stored for 6 months and then deleted or destroyed.

2   Transfer of Personal Data to Third Parties

2.1   Transfer of Your Data
We shall only forward your personal data to any departments that require your information to perform our duties. We may require the support of service providers for such processes. Furthermore, your personal data may need to be passed on to other divisions within our corporate group. Your application documents may also be passed on to other divisions within our corporate group if vacancies arise that match your application/qualifications. We will observe data protection regulations when disclosing such information. Your personal data may especially be passed on to the following recipients:
·          IT service providers;
·          Waste disposal services;
·          Public authorities, administrative bodies, banks;
·          Other service providers who support us with things like the recruitment
process.
2.2   Transfer of Personal Data to Third Parties in Countries outside the
European Union
If we transfer your personal data to third parties as per Section 2.1 above, these may be located outside the European Union. If the European Commission has not passed any relevant resolutions on the respective country (this means the level of data protection in this country is no longer comparable to the level of data protection in the European Union), we shall use suitable measures to protect your personal data. We shall use the EU’s so-called “standard contractual clauses” when transferring your personal data to third countries that do not have an adequate level of data protection. If you have any questions, please get in touch with the Data Protection Officer.

3.  Social Media

3.1  General
We maintain publicly accessible profiles on various social networks. Your visit to these profiles triggers a variety of data processing operations. In the following, we will give you an overview of your personal data that we collect, use, and store when you visit our profiles. Personal data is information that can be assigned to you as a specific person (e.g. name, age, address, photos, e-mail addresses, and possibly also IP addresses). Furthermore, we inform you about the rights you have with us with regard to the processing of your personal data. You are not obliged to provide us with your personal data. However, this may be necessary for certain individual functionalities on our social network profiles. If you do not provide us with your personal data, these functionalities will not be available to you or will only be available to a limited extent.
When you visit our profiles, your personal data is collected, used, and stored not only by us but also by the operators of the respective social network. This happens even if you yourself do not have a profile on the respective social network. The individual data processing procedures and their scope differ depending on the operator of the respective social network and they are not necessarily comprehensible to us. Details about the collection and storage of your personal data as well as the type, scope, and purpose of its use by the operator of the respective social network can be found in the data protection declaration or privacy policy of the respective operator:
–   The privacy policy for the social network Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, can be viewed at https://www.facebook.com/about/privacy/update?ref=old_policy;
3.2  Information on the collection of personal data
(i) The Data Controller within the meaning of section 4 paragraph 7 of the GDPR: ITW Fastener Products GmbH, Am Pulverhaeuschen 7, 67677 Enkenbach-Alsenborn, Telefon: +49 (0)6303 805-0, Email: info@itwfasteners.com.
(ii) The contact details of the Data Protection Officer are: datenschutz@itw-efc.com, or our postal address with the addition „att.: Data Protection Officer“.
(iii) If you visit our profiles on social networks, we process the following personal data: Last name, first name, residence, phone no., Email address. We process this data for contact purposes. The legal basis for the processing of this data is section 6 paragraph 1 lit. (b) of the GDPR.
[As an example, for a Facebook fan page: As the operator of a Facebook fan page, we can only view the information stored in your public Facebook profile, and only if you have such a profile and are logged into it when you access our fan page. In addition, Facebook provides us with anonymous usage statistics that we use to improve the user experience when visiting our fan page. We do not have access to the usage data that Facebook collects to compile these statistics. Facebook has made a commitment to us to assume the primary responsibility under the GDPR for the processing of this data, to fulfil all obligations under the GDPR with regard to this data, and to provide Data Subjects with the essentials of this commitment. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our fan page in a manner appropriate to the target group. The legal basis for the data processing is Section 6 Paragraph 1 lit. f) of the GDPR. In addition, Facebook uses so-called cookies, which are stored on your device when you visit our fan page, even if you do not have your own Facebook profile or are not logged into it during your visit to our fan page. These cookies allow Facebook to create user profiles based on your preferences and interests and to display advertising (on Facebook or in other locations) tailored to these. Cookies remain on your device until you delete them. For details, please refer to the Facebook Privacy Policy].
(iv) If you use our profiles on social networks to contact us (e.g. by making your own posts, reacting to one of our posts, or by sending us private messages), the data you provide us with Last name, first name, residence, phone no., Email address will be processed by us exclusively for the purpose of contacting you. The legal basis for data collection is therefore Section 6 Paragraph 1 lit. a) and b) of the GDPR. We delete stored data 6 months after completion of the application process, as soon as its storage is no longer necessary or as soon as you request that we delete it; in the case of statutory storage obligations, we will restrict the processing of the stored data accordingly.
(v) We transmit your personal data within the scope of what is permitted under Section 6 Paragraph 1 of the GDPR to internal units within the Company.


4   
Your Rights

You may assert the following rights against us in accordance with the provisions of the EU General Data Protection Regulation:
·          Right of access;
·          Right to rectification;
·          Right to the restriction of processing;
·          Right to erasure / the right to be forgotten (in certain circumstances);
·          Right to data portability (in certain circumstances);
·          Right to object to data processing.
If your consent is required for the processing of personal data, you may also revoke your consent without this affecting the legality of our data processing carried out with your consent before your revocation.
If you would like to exercise one of your rights listed above, or if you believe we are unlawfully processing your personal data, please get in touch with gdpr@itwfasteners.com.
You may also contact a Data Protection Supervisory Authority. The local competent Supervisory Authority is: Agencia Española de protección de datos C/ Jorge Juan, 6. 28001 – Madrid..