Below we would like to inform you about the processing of your personal data when applying for a job position at us.
The responsible party for the collection, processing and use of your personal data within the meaning of the General Data Protection Regulation (GDPR) is the respective company of the PHOENIX group to which you have applied (hereinafter “PHOENIX”). Below you will find the respective contact details of the PHOENIX Group company. If you would like to reach out to our Data Protection Officer please use contact details inserted in our privacy notice.:
We process personal data of applicants in order to carry out an application procedure for announced positions as well as for initiative applications.
All data of your application will be collected and processed in order to select the suitable applicant for the job position advertised with us. You determine the data we process yourself, as you initiate the data transfer yourself. For the purpose of applicant selection, the respective application will also be forwarded to managers of the respective department and we can create notes as part of the application process to support applicant selection. The representative body for severely disabled persons or persons with disabilities will also make use of this right in the case of severely disabled applicants or applicants with equal status.
The legal basis for this is § 26 para. 1 FDPA n.v. in connection with Art. 6 para. 1 lit b), Art. 88 GDPR. –
Provided the relevant consents have been given, we will also process your data to be able to include you in our pool of applicants. After you contact us (either by applying for a job or sending an open application letter) you will be asked via email you have used to apply if you are accepting to be in our pool of applicants for two years, after which your application will be deleted permanently from our archives.
The legal basis here is § 26 para. 2 FDPA n.v. in connection with Art. 6 para. 1 lit. a), Art. 88 GDPR.
In the case of an employment relationship between you and one of our companies, we may process the data you have provided for the purpose of the employment relationship. The processing is then carried out for the implementation or termination of the employment relationship. The legal basis is § 26 FDPA n.v. in connection with Art. 6 para. 1 lit. 1 b), Art. 88 GDPR.
Special categories of personal data will only be processed by PHOENIX if you have provided it to us so that we can consider your application as it stands or if there is a legal obligation to do so. This information will not be taken into account in the application process unless there is a legal obligation to do so. The legal basis is then Art. 9 para. 2 lit b), e) GDPR.
Insofar as necessary, personal data is processed and stored for the defense, perception of claims and defense against recourse claims. The legal basis is the legitimate interest according to Art. 6 para. 1 lit. f) GDPR. To exercise your right to object in accordance with Art. 21 GDPR, you can contact us by e-mail.
After we received your application documents and if we are interested in an interview with you, we will contact you and ask whether an online interview using the service “Microsoft Teams” (MS Teams) is an option for you or whether you prefer another communication channel. When using MS Teams, data transmission is encrypted and protected from unauthorised access. Conversations conducted using MS Teams are not recorded. Please familiarise yourself with the settings options in your MS Teams account. For example, you have the option to choose a background.
If you would like to have an online interview with us via MS Teams regarding your application, we will send you an invitation. When using MS Teams, the following data will be processed:
Conducting the conversation using MS Teams is voluntary and you can also choose to have a conversation with us via another communication channel. However, your options to choose from do not mean that we are asking you for your consent to data processing, but only that other communication channels are available to you for communicating with us.
We process the above-mentioned data in connection with online meetings about your application based on our legitimate interests within the meaning of Art. 6 para. 1 lit f) GDPR. We have a legitimate interest in conducting an online conversation with applicants who have themselves chosen to conduct an online conversation with us using MS Teams regarding their application and in creating an online meeting and sending invitations using MS Teams.
The recipients of the data processed when conducting an online conversation using MS Teams include Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18, Ireland); parent company Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399 USA) and the subcontractors used by Microsoft to provide MS Teams. Microsoft provides an up-to-date list of subcontractors at the following URL under “List of subprocessors” and indicates which subcontractors are involved in which Microsoft services: https://www.microsoft.com/en-us/trust-center/privacy. More information on data processing by Microsoft itself can be found at the following URL: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy?view=o365-worldwide.
When using MS Teams, data transfers outside the EU / EEA are carried out based on the EU standard contractual clauses (available here: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en). Furthermore, additional safeguards have been agreed with Microsoft which apply to data transfers outside the EU / EEA.
The retention period of data processed using MS Teams varies. Our criterion for determining the retention period is the necessity of the retention for pursuing a legitimate purpose. Application-related data exchanged via MS Teams will be retained for a maximum period of 6 months.
The processing includes applicant basic data, qualifications, certificates, interview notes.Special categories of data are only processed if their collection is required by law or if you provide us with such data voluntarily and the requirements of Art. 9 para. 2 GDPR are met.
We only use data received from you directly.
We process your data for the following purposes:
Depending on the position you have applied, we share your data with the following recipients:
In some cases, we use carefully selected external service providers to process your data, as well as internal service providers of the PHOENIX group, who, for example, operate the maintenance and administration of our IT systems or support the application process. Should data be passed on to service providers within the framework of so-called data processing, this is done based on Art. 28 GDPR. Our processors are carefully selected, are bound by our instructions and are regularly monitored by us.
Information is only passed on to state institutions and authorities entitled to receive such information within the framework of mandatory legal provisions or if we are obliged to do so by a court order.
Some of our competence centers are located in Serbia, so data processing takes place outside the EU / EEA, however an adequate level of data protection exists. Serbia has its own data protection laws and we have secured the necessary standard contractual clauses when processing personal data with our affiliate in Serbia. Personal data will not be transferred to any other third countries without your consent.
The data will be erased or locked as soon as the purpose of the storage no longer applies. The data may also be stored if this has been provided for by European or national legislators in Union regulations, laws or other provisions. Blocking or deleting will also take place if a retention period prescribed by the standards mentioned expires, unless there is a necessity for the continued storage of the data for the conclusion of a contract, the fulfilment of a contract or a documentation obligation. We do not store application data for longer than a maximum of 6 months after rejection for the purpose of carrying out the application procedure. Storage beyond this period may be based on consent or for the purpose of defending claims. In the event of consent, your personal data will be stored in our applicant pool for one year as part of the application.
Below we would also like to inform you about your rights under the GDPR.
You can request information from the controller about the processing of your data.
You have the right to have data corrected in accordance with Art.16 GDPR if the data concerning you is incorrect or incomplete.
You have the right to erasure, provided that the requirements of Art. 17 GDPR are met and there are no reasons why processing is still necessary.
You have the right to restriction of processing in accordance with the requirements of Art. 18 GDPR, insofar as the processing does not serve to assert, exercise or defend legal claims.
Under the conditions of Art. 20 GDPR, you have the right of data portability.
You have a right of objection under Art. 21 GDPR, unless there are demonstrably compelling legitimate grounds for the processing or the processing serves the assertion, exercise or defence of legal claims
Furthermore, you have the option of submitting a complaint to the above-mentioned data protection officer or to a data protection supervisory authority. In accordance with Art. 77 GDPR, you have the right to file a complaint with the responsible supervisory authority.