elanders Print & Packaging Logo
Bildmarke von elanders Print & Packaging

Data Protection Information on the Processing of Your Applicant Data

I. Preliminary Remarks

Personal data means all information relating to you as an individual. We process the data you provide and transmit to Elanders GmbH as part of your application. This generally includes:

 

  • First name and surname, salutation and title,
  • Your contact details: contact information such as address, telephone number, fax number, e-mail address, and, where applicable, professional position,
  • Your application data consisting of a covering letter, curriculum vitae and the usual certificates and references.

The controller pursuant to Article 4(7) of the GDPR for the processing of data within the scope of your application is:

 

Elanders Donauwörth GmbH
Am Stillflecken 4
86609 Donauwörth
Telephone: +49 906 70634–0
E-mail: donauwoerth@elanders.com

 

For any data protection enquiries, please contact the above address, adding “For the attention of the Data Protection Officer”, or send an e-mail to: datenschutz@elanders-germany.com

II. Information on the Processing of Applicant Data
 
1. Categories of Data

(1) The categories of personal data processed include your master data (such as first name, surname, name affixes), contact details (e.g. private address, mobile or telephone number, e-mail address), all data contained in your application documents (including health data, if provided), and, where applicable, bank details (for the reimbursement of travel expenses).

 

(2) Your personal data are usually collected directly from you during the application process. In addition, we may have received data from third parties (e.g. employment agencies). We also process personal data lawfully obtained from publicly accessible sources (e.g. professional networks).

 

 

2. Purposes and Legal Bases of Data Processing

(1) We process your personal data in compliance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other relevant laws (e.g. Working Hours Act, etc.).

 

(2) The processing of data is carried out solely for the purpose of deciding whether to establish an employment relationship. The primary legal basis for this is Article 6(1)(b) GDPR in conjunction with Section 26(1) BDSG.

 

(3) Additionally, your explicit consent pursuant to Article 6(1)(a) and Article 7 GDPR in conjunction with Section 26(2) BDSG may serve as a legal basis. Where your application documents contain photographs or other data voluntarily submitted by you, we regard this as implied consent to the processing of such data. The legal basis in that case is Article 6(1)(a) GDPR in conjunction with Section 26(2) BDSG. You may withdraw this consent at any time.

 

(4) If you have granted permission for your personal data to be retained beyond the recruitment process for a defined period, or for your data to be used within the Elanders Group for similar recruitment procedures, the legal basis is Article 6(1)(a) GDPR in conjunction with Section 26(2) BDSG.

 

(5) Where special categories of personal data (in particular health data, such as information on a severe disability) are processed under Article 9(1) GDPR, this is done in accordance with Article 9(2) GDPR, e.g. to fulfil obligations under Section 164 of the German Social Code Book IX (SGB IX).

 

3. Terror Lists

(1) Under EU Anti-Terror Regulations 2580/2001 and 881/2002, we are required to screen employee data against the so-called “EU Terror Lists” to ensure that no funds or economic resources are made available for terrorist purposes. The legal basis is Article 6(1)(c) GDPR in conjunction with Section 26(2) BDSG, or where applicable, Article 6(1)(f) GDPR. For this screening, the HR department prepares a list of employees using internal data processing systems, containing only the following data of the affected persons:

  • Title,
  • First name(s) and surname,
  • Date of birth,
  • Place of birth,
  • Nationality,
  • Employee number.

This list is updated monthly or quarterly.

 

(2) For applicants whose recruitment is imminent, a comparable applicant dataset containing the same information is created as required.

 

(3) This list is compared with the most recent consolidated list of individuals, groups and organisations subject to financial sanctions as published by the EU.

 

(4) Upon request, employees may obtain information at any time regarding the data used in the screening, the frequency, and the software applied.

 

(5) In the event of a match, the data subject is immediately notified and invited to comment. The data subject has the right to review the data before providing a statement.

 

(6) If no match is found, the screening software does not store any employee data. In such cases, only the process itself is documented for compliance purposes.

 

(7) In the event of a confirmed match, data are retained for documentation purposes for a period of five years. Employees are notified accordingly. “False positive” matches are placed on a whitelist to prevent recurrence of erroneous matches.

 

(8) Where special categories of personal data (in particular health data, such as information on a severe disability) are processed under Article 9(1) GDPR, this is done solely to meet our obligations under Section 164 SGB IX.

 

(9) Should we wish to process your personal data for any purpose not listed above, we will inform you beforehand, including the relevant legal basis.

 

 

4. Data Sharing

Within Elanders GmbH, only those persons and departments responsible for the specific recruitment procedure will have access to your personal data. These include HR staff, managers and supervisors involved in filling the position, and, where applicable, the works council. External service providers commissioned by us (so-called processors under Article 28 GDPR) may also process data for the purposes stated above.

 

 

5. Transfer to a Third Country

We do not transfer personal data to recipients outside the European Economic Area (EEA).

 

 

6. Retention Period

(1) In the absence of statutory retention requirements, data are deleted as soon as storage is no longer necessary or the legitimate interest in their retention ceases to exist. Where no employment results, this is generally no later than six months after the conclusion of the application process.

 

(2) In individual cases, certain data (e.g. travel expense reimbursements) may be retained for a longer period. The duration of storage will then comply with statutory retention obligations, e.g. under the Fiscal Code (six years) or the Commercial Code (ten years).

 

(3) Where you have consented to your data being stored beyond the application process for a defined period, this period shall apply.

 

 

7. Automated Decision-Making or Profiling

We do not use purely automated decision-making processes – including profiling – in connection with decisions about establishing an employment relationship.

 

 

8. Necessity of Providing Data

During the recruitment process, you must provide the personal data necessary for the assessment of your application. Without these data, we will not be able to evaluate your application or communicate with you. If we cannot process your application, it cannot be considered during the ongoing recruitment procedure.

III. Data Protection Rights

 

(1) As a data subject, you have the following rights:

  • Right of access under Article 15 GDPR,
  • Right to rectification under Article 16 GDPR,
  • Right to erasure under Article 17 GDPR,
  • Right to restriction of processing under Article 18 GDPR,
  • Right to data portability under Article 20 GDPR, and
  • Right to object to processing.
  • Restrictions under Sections 34 and 35 BDSG apply to the rights of access and erasure.

 

(2) You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Article 6(1)(f) GDPR (data processing on the grounds of legitimate interests).

 

(3) You may withdraw your consent at any time with future effect. The lawfulness of the processing carried out prior to withdrawal remains unaffected.

 

(4) You also have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR in conjunction with Section 19 BDSG if you believe that your personal data are being unlawfully processed.

 

(5) The competent supervisory authority for us is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27 (Castle)
91522 Ansbach

 

Telephone: +49 (0)981 53 1300
Fax: +49 (0)981 53 98 1300
E-mail: poststelle@lda.bayern.de

 

(6) We will fulfil all your rights free of charge and without undue delay. Please contact us directly or our Data Protection Officer at the contact details provided above regarding any such matters or further questions.

Stand: 09/2023