Privacy Statement for Job ApplicantsPetra Heidrich2022-05-04T11:00:23+02:00
PRIVACY STATEMENT FOR JOB APPLICANTS
This Privacy Statement explains how ITW Fastener Products GmbH, ITW España S.A. and ITW Metal Fasteners, S.L.U. (hereinafter referred to as “we”) processes, transfers and protects your personal data. Personal data is all information that concerns you.
1 Purposes of Data Processing, Categories of Personal Data, Legal Basis and Data Retention
1.1 Categories of Personal Data and Purposes of Data Processing
We shall particularly process the following categories of personal data over the course of your application process. We shall only use information which you provide to us or which we can obtain through publicly accessible sources:
Basic data (e.g. name, contact details, marital status, date of birth, gender, nationality, citizenship);
Sensitive data like religion and/or confession or any severe disability (only if you provide this information);
Education, professional career, references, skills, abilities and other information from your CV or cover letter;
Willingness to relocate following employment;
Class of driving licence, including any courses and certificates for the management and use of company cars and/or vehicles for business purposes;
Personal data contained in log files or safety reports (especially IP address, user name, password, location and time of access to our network); this information is used to protect our system, and to monitor and log the use of our network, in order to guarantee the security of the same.
1.2 Legal Basis for the Processing of Your Personal Data
The fundamental legal basis is Article 6(1) (b) of the EU General Data Protection Regulation 2016/679 (GDPR) in conjunction with Section 26 of the German Federal Data Protection Law (BDSG); these provisions allow us to process your personal data to execute pre-contractual measures.
If we do not require your information for this, we will only process your personal data with your consent in accordance with Article 6(1) (a) of the GDPR.
If we have to carry out certain compliance measures, the legal basis shall be Article 6(1) (c) and (f) of the GDPR, as the processing of personal data may be necessary to satisfy our legitimate interests. We have a legitimate interest in receiving notifications of relevant infringements and investigating the observance of applicable laws.
If we disclose your personal data to other companies within our group – not including our group-wide IT service providers – and this is not done with a “processor”, such data shall be transferred on the basis of Article 6(1) (f) of the GDPR. Our legitimate interests in this respect are (i) a global, centralised IT approach with harmonised processes and (ii) financial savings created by the operation of a centralised IT service.
Article 6(1) (c) may also be the applicable legal basis if we are legally obliged to process your personal data.
1.3 Do you have to share or provide us with your personal data?
You are required to provide us with your personal data as part of the application and employment process. If you do not want to send us the necessary information, we cannot consider you for the advertised Position.
1.4 Will we make automated decisions about you?
We will not make any decisions based solely on automated processing, including profiling, which have legal ramifications for you.
1.5 Retention Periods
We shall use the following criteria to determine the applicable retention period for your personal data: Your personal data shall be stored (i) for as long as necessary for the application process; (ii) beyond the application process if necessary and/or you have consented to this; (iii) in accordance with the applicable statutory retention periods; or (iv) until you revoke your consent.
If your application is unsuccessful, your details will generally be stored for 6 months and then deleted or destroyed.
2 Transfer of Personal Data to Third Parties
2.1 Transfer of Your Data
We shall only forward your personal data to any departments that require your information to perform our duties. We may require the support of service providers for such processes. Furthermore, your personal data may need to be passed on to other divisions within our corporate group. Your application documents may also be passed on to other divisions within our corporate group if vacancies arise that match your application/qualifications. We will observe data protection regulations when disclosing such information. Your personal data may especially be passed on to the following recipients:
· IT service providers;
· Waste disposal services;
· Public authorities, administrative bodies, banks;
· Other service providers who support us with things like the recruitment
2.2 Transfer of Personal Data to Third Parties in Countries outside the
If we transfer your personal data to third parties as per Section 2.1 above, these may be located outside the European Union. If the European Commission has not passed any relevant resolutions on the respective country (this means the level of data protection in this country is no longer comparable to the level of data protection in the European Union), we shall use suitable measures to protect your personal data. We shall use the EU’s so-called “standard contractual clauses” when transferring your personal data to third countries that do not have an adequate level of data protection. If you have any questions, please get in touch with the Data Protection Officer.
3. Social Media
We maintain publicly accessible profiles on various social networks. Your visit to these profiles triggers a variety of data processing operations. In the following, we will give you an overview of your personal data that we collect, use, and store when you visit our profiles. Personal data is information that can be assigned to you as a specific person (e.g. name, age, address, photos, e-mail addresses, and possibly also IP addresses). Furthermore, we inform you about the rights you have with us with regard to the processing of your personal data. You are not obliged to provide us with your personal data. However, this may be necessary for certain individual functionalities on our social network profiles. If you do not provide us with your personal data, these functionalities will not be available to you or will only be available to a limited extent.
3.2 Information on the collection of personal data
(i) The Data Controller within the meaning of section 4 paragraph 7 of the GDPR: ITW Fastener Products GmbH, Am Pulverhaeuschen 7, 67677 Enkenbach-Alsenborn, Telefon: +49 (0)6303 805-0, Email: firstname.lastname@example.org.
(ii) The contact details of the Data Protection Officer are: email@example.com, or our postal address with the addition „att.: Data Protection Officer“.
(iii) If you visit our profiles on social networks, we process the following personal data: Last name, first name, residence, phone no., Email address. We process this data for contact purposes. The legal basis for the processing of this data is section 6 paragraph 1 lit. (b) of the GDPR.
(iv) If you use our profiles on social networks to contact us (e.g. by making your own posts, reacting to one of our posts, or by sending us private messages), the data you provide us with Last name, first name, residence, phone no., Email address will be processed by us exclusively for the purpose of contacting you. The legal basis for data collection is therefore Section 6 Paragraph 1 lit. a) and b) of the GDPR. We delete stored data 6 months after completion of the application process, as soon as its storage is no longer necessary or as soon as you request that we delete it; in the case of statutory storage obligations, we will restrict the processing of the stored data accordingly.
(v) We transmit your personal data within the scope of what is permitted under Section 6 Paragraph 1 of the GDPR to internal units within the Company.
4 Your Rights
You may assert the following rights against us in accordance with the provisions of the EU General Data Protection Regulation:
· Right of access;
· Right to rectification;
· Right to the restriction of processing;
· Right to erasure / the right to be forgotten (in certain circumstances);
· Right to data portability (in certain circumstances);
· Right to object to data processing.
If your consent is required for the processing of personal data, you may also revoke your consent without this affecting the legality of our data processing carried out with your consent before your revocation.
If you would like to exercise one of your rights listed above, or if you believe we are unlawfully processing your personal data, please get in touch with firstname.lastname@example.org.
You may also contact a Data Protection Supervisory Authority. The local competent Supervisory Authority is: Agencia Española de protección de datos C/ Jorge Juan, 6. 28001 – Madrid..