Which of your data do we process? And to what end?
We process the data you provide us with during your application so as to be able to assess your suitability for the vacancy (or any other suitable vacancies within the New Work Group) and to conduct the application process. This includes your application documents (CV, cover letter and certificates) as well as the following personal data:
When you fill out a job application, we set a session cookie which allows us to link entries to a specific user. This in turn allows the same data to be reloaded in the application form when refreshing the page, thereby reducing the amount of typing needed to complete the form. Data is stored for a period of 7 days and deleted after that.
When submitting an application, you may be asked to confirm your application via your e-mail address. This is a technical requirement of the onlyfy by XING application management tool. This means that your completed application will be stored by onlyfy by XING for up to 7 days and will only be submitted once you click on the link in the confirmation e-mail.
During the course of an application process, we may ask applicants to take an online personality diagnostics test to enable us to gauge their personality, e.g. for social skills or specific character traits. We have commissioned the following company to organise and evaluate these tests within the scope of a commissioned data processing agreement: The Predictive Index, LLC, 101 Station Drive, Westwood, Massachusetts 02090, USA. We have concluded the EU’s standard contractual clauses with this service provider.
To make it quick and easy for you to arrange appointments with us during your application process, we offer you the option of using an online scheduling service called Calendly, which is operated by Calendly LLC, BB&T Tower, 221 17th ST NW, Atlanta, GA 30363, USA, https://calendly.com. By using this service, your data will be sent to a third country.
We have concluded a data processing agreement with Calendly that includes the EU’s standard contractual clauses. More information about this is available on https://calendly.com/pages/dpa.
This privacy notice and the provider’s privacy notice apply to data collected via the Calendly service.
Provided you grant us your consent to do so, which you can revoke at any time, we also add the data and application documents you send us to our TalentPool so we can contact you at a later date regarding future vacancies.
We also send out surveys from time to time as part of our quality assurance process, meaning that we may contact you after your job application process.
We will notify you if we intend to process your personal data for any purpose other than that for which it was originally collected.
What is the legal basis of this?
When we process your personal data in connection with your job application, we do so primarily on the basis of Section 6(1)(b) GDPR or, when processing data in Germany, on the basis of Section 26 of the German Federal Data Protection Act (BDSG) which permits data processing for employment-related purposes where necessary for hiring decisions.
Should this data be required following completion of the application process in order to comply with a legal obligation, data may be processed in line with the recitals provided in Article 6 GDPR, particularly for the purposes of legitimate interests as set out in Section 6(1)(f) GDPR. In such cases, our interest pertains to the assertion or defence of claims.
How long is the data saved for?
Your data will be deleted once it is no longer required for its intended purpose.
In the event of an unsuccessful application, candidate data is deleted after a period of six (6) months.
In the event that you provide the corresponding consent, we will add your data to our TalentPool. There, your data will be deleted after a period of two (2) years. We will contact you before this period expires to ask you if you’d like us to continue saving your data in our TalentPool.
Should your application result in an employment relationship with New Work SE or another New Work Group company, the data from the job applicant system will be transferred to our employee information system.
To which recipients are the data passed on?
We use a specialised software provider for our application process. This service provider acts on our behalf and may also gain access to your personal data in connection with maintaining and updating its systems. We have concluded a commissioned data processing agreement with this provider to ensure that data is processed in a lawful manner.
Following receipt, your application data will be screened by our HR department. Suitable applications will then be forwarded internally, possibly also within the New Work Group, to the head of the department looking to fill the vacancy. The subsequent steps will then be taken accordingly. Your data will only be made available to people within the company who need access to ensure correct handling of our application process.
To the extent permitted for the above purposes, we also send your personal data to our affiliates.
Otherwise, personal data may be processed on our behalf on the basis of commissioned data processing agreements by providers of applicant selection process systems, e.g. personality diagnostics.
Where is the data processed?
Unless stated otherwise, your data is processed solely at data centres within the European Union.
Data may be transferred to third countries. This, however, shall always take place in compliance with the admissibility requirements stipulated by law. In cases where the transfer of data to a third country does not serve the fulfilment of contractual obligations, if we have not received consent from you, if the transfer is not necessary for the establishment, exercise or defence of legal claims, and if no other exemption clause applies, we shall only transfer your data to a third country when an adequacy decision pursuant to Article 45 of the GDPR or appropriate safeguards pursuant to Article 46 of the GDPR are in place. In general, we put in place appropriate safeguards as Article 46 of the EU General Data Protection Regulation (GDPR) along with an adequate level of data protection. by agreeing with the receiving entity on standard contractual clauses (SCCs) issued by the European Commission. Copies of the standard contractual clauses are available on the website of the European Commission.
Your rights as a “data subject”
You have to right to receive information about which of your personal data we store and process.
Requests not submitted in writing may be subject to identity checks.
You also have the right to rectification or erasure of your personal data, and/or the right to restriction of processing provided you are legally permitted to do so.
You also have a right to object to processing to the extent permitted by law. The same applies to your right to data portability.
Right to lodge a complaint
Irrespective of an administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority. This right applies, in particular, in the Member State of your place of residence, your place of work, or the place of the alleged infringement should you be of the opinion that your personal data is not being processed in line with the GDPR.
Last updated: July 2020