The correct, lawful and safe handling of the data you provide in job applications which we process in recruitment projects on behalf of our clients is very important to us. For this reason, we have taken appropriate steps to ensure that all applicable data privacy laws are complied with, not only by ourselves but also by our external providers and business partners.
The information we collect during your application process, and the way it is used, are as follows:
Legal Framework
Your personal data are processed in accordance with the General Data Protection Regulation (GDPR), the 2018 law amending the data protection act (Datenschutz-Anpassungsgesetz 2018) as well as other relevant data privacy regulations.
Personal Data
Personal data are single data on the personal or factual situation of a given or identifiable natural person, including information such as name, address, phone number and birth date.
Collecting and Processing Personal Data
We process the following data:
- Family name, first name
- Contact data (e.g. e-mail address, postal address, phone number)
- Complete application papers (including CV, certificates, references)
Legal Basis for Data Processing
Your personal data are processed on one of the following legal grounds:
- Your agreement (if provided to us) to the processing of data (Art. 6 par. 1 point a GDPR). Your consent may be withdrawn any time with prospective effect.
- Performance of a contract, or execution of steps taken prior to entering into a contract (Art. 6 par. 1 point b GDPR). We process your personal data for the purposes of handling a specific recruitment process only
- Compliance of legal obligations to be met by the controller (Art. 6 par. 1 point c GDPR).
Use and Disclosure of Personal Data
We enter your job application into a separate electronic folder for further viewing and processing.
The personal data you transmit are exclusively used for processing and evaluating your application for a job that we offer on behalf of our client. Your data are only disclosed to our client upon your approval.
Your personal data may also include
- the data processors that we engage (Art. 28 GDPR) (e.g. for IT, logistics and printing services, external data processing centres, support/maintenance of computer/IT applications)
- public-sector bodies and institutions, if there is a statutory or official obligation to provide information, to give notice or disclose data; or if data disclosure is in the public interest
- public bodies and institutions, on the basis of our legitimate interest or the legitimate interest of the third party (e.g. to public bodies, courts, consultants and supervisory bodies)
We do not implement solely automated decision-making processes (pursuant to Article 22 GDPR).
Data Storage and Deletion
We retain your data for as long as we manage a given recruitment project for a job you have applied for, not exceeding the duration of six months following the completion of the recruitment project – unless you agreed to longer-term retention of your data; or if we have any other legitimate interest to do so. Other legitimate interest within this meaning would be our obligation to furnish evidence in a procedure conducted under the Federal Equal Treatment Act (GlBG). If you agreed to be kept on record, we continue to retain your data even after the selection process is closed. You may, however, request the deletion of these data at any time. For this purpose, please send an e-mail to our data controller (see contact details below).
It is worth noting that we have made arrangements with our clients ensuring that upon completion of a given recruitment project, or expiry of any statutory retention period, these clients would also delete your data.
Security
We take all necessary technical and organisational security measures to protect your personal data against loss and misuse. This means that your data are stored in a secure operating environment that is not accessible to the public.
Your Data Privacy Rights
You are entitled to information according to Art. 15 GDPR, rectification according to Art. 16 GDPR, deletion according to Art. 17 GDPR, restriction of processing according to Art. 18 GDPR and data portability according to Art. 20 GDPR. You also have a right to lodge a complaint with a supervisory authority (Art. 77 GDPR). In Austria, this is the Data Supervisory Authority.
Person Responsible for Compliance with Data Privacy Laws (Controller)
Dr. Klaus Posani
Auhofstrasse 15/4/8
A-3032 Eichgraben
+43 664 39 65 994
office@posani.com