Privacy Policy for Job Applicants BAUER Group

We hereby inform you regarding the processing of your personal data as an applicant for employment in the BAUER Group and the rights to which you are entitled under data protection law.

Who is the controller for data processing and who is the data protection officer?

 

The controller and first point of contact for data processing is 
BAUER Aktiengesellschaft
BAUER-Straße 1, 86529 Schrobenhausen, Germany
Phone +49 8252 97-0, Fax +49 8252 97-1359
Email: info@bauer.de 

 

You can reach our data protection officer at

BAUER Aktiengesellschaft - Data protection officer
BAUER Straße 1, 86529 Schrobenhausen, Germany
Phone +49 8252 97-0, Fax +49 8252 97-1329
Email: bag-datenschutz@bauer.de 

 

The joint controllers for data processing are BAUER Aktiengesellschaft, which as the Group holding company provides services for personnel recruitment with a central HR department, and the relevant affiliated company with the vacant position to which your application is addressed. 

 

What personal data are processed?

We process the data that you and/or personnel recruiters submit to us in connection with your application (master applicant data, contact details, qualifications, documents, nationality if relevant, work and residence permit, health data, application photo) to review your suitability for the job (or other open positions in our company, where relevant), to conduct the application process and to proceed with hiring if relevant.

 

Who receives your data?

Within our company, as a rule, only those persons and entities (e.g. specialist department, works council, disability representatives, HR department) who are involved in the hiring decision will receive your personal data. 

We have also outsourced data processing to an external provider for application processes using our online application tool. We have concluded a contract processing agreement with this provider.

In addition, contract processors and agents or other third parties engaged by us in particular for data storage and communication may receive data for the purposes outlined above. These include companies in the following categories: Sales partners, IT services, accounting services, logistics, payment services, telecommunications, public entities and institutions (e.g. financial and customs authorities, law enforcement authorities, courts) if there is a statutory or official obligation, insolvency administrators in the context of insolvency proceedings, insurance companies, auditors, tax consultants, lawyers.

Other potential recipients include other Group companies if you have consented to be included in our applicant pool, or other data recipients based on consent you have granted for that purpose. 

 

For what purpose and on what legal basis is your data processed? 

We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR) as well as the German Federal Data Protection Act (BDSG) for the following purposes: 

 

  1. Fulfilment of contractual obligations (Article 6 (1)(b) GDPR)

    The processing of personal data occurs in order to implement the application process as a precontractual step before establishing an employment/work contract, and for the performance of such a contract in the event of hiring. 

     

  2. For health care or occupational health (Art. 9 (2)(h) GDPR, Section 22 (1)(b) BDSG)

    The processing of health data may be required in order to assess your capacity to work pursuant to Art. 9 (2)(h) in conjunction with Section 22 (1)(b) BDSG.

     

  3. Based on legitimate interest (Art. 6 (1)(f) GDPR)

    As far as necessary, we will continue to process your data after the normal fulfilment of the contract in order to pursue our own legitimate interests or the interests of third parties, such as review based on compliance requirements as well as for the assertion of and defense against legal claims.

     

  4. Based on your consent (Art. 6 (1)(a) GDPR)

    If you have granted consent to the processing of personal data, that particular consent is the legal basis for the processing outlined therein. After granting consent, this may be withdrawn at any time with effect for the future and with no formal requirements, without affecting the lawfulness of processing based on consent before its withdrawal. 

     

  5. Based on legal obligations (Art. 6 (1)(c) GDPR)

    Insofar as we are subject to legal obligations (e.g. resolution of works council and/or disability representatives, money laundering law, tax laws, export control regulations, anti-terrorism regulations) and need to fulfill the requirements of supervisory or investigating authorities as well as inspection and reporting duties under tax laws, personal data are also processed for the purpose of compliance with legal obligations and legitimate official requirements. 

 

Will your data be transferred to a third country or an international organization?

Transfer of data to locations in countries outside the EU or the EEA (third countries) takes place if this is necessary for the application process and hiring, primarily for a Group company with its place of business in a third country, if you have granted us your consent for this purpose or in the context of contract data processing. Nevertheless, transfer will only occur if the EU Commission has determined that the third country has an adequate level of data protection, if other suitable data protection guarantees are provided (such as standard contracting clauses) or if an exception is provided under the terms of Art. 49 GDPR. 

 

For how long will your data be stored? 

We store your personal data for as long as this is necessary for the decision regarding your application. If the application process is concluded and we do not hire you, we will save your data for an additional six months as a rule, unless longer storage is required due to legal disputes and/or unless you have granted us your consent for longer storage (applicant pool). 

If you send us an unsolicited application or have consented to being included in our applicant pool, we will store your data for a period of two years in order to consider you for jobs that become available in the future.

In the case of hiring, we will transfer your application documents into your personnel file. After the end of the employment relationship, those personal data which we have a legal obligation to retain will be stored for a longer period of time. This is generally the result of legal obligations of retention and documentation, which are governed for example by the Commercial Code and Fiscal Code. The retention periods amount to up to ten additional years. It is also possible that personal data will be stored for the period during which claims may be asserted against us (statutory period of limitation for three or up to thirty years).

 

Is there an obligation to provide data?

Within the framework of the application process and to establish an employment/work contract, you are only required to provide personal data that is necessary for applicant selection and establishing an employment/work contract, or which we are legally entitled or obligated to collect. Without these data it is possible that we will decline to establish an employment/work contract.


To what extent are automated decision-making processes used in individual cases, or profiling measures? 

We do not use any fully automated processing operations to make decisions. 

 

Use for cookies for application form in Career portal

The personal data and files you submit in the Career portal are used for registering and processing your online application. Data and files marked as mandatory fields are necessary for our internal requirements. This means that you will not be able to participate in the online application process unless you provide us with this information.

This website uses cookies and comparable technologies. Cookies are small data packets that are necessary for website navigation, and which your browser saves temporarily on the hard drive of your device. Cookies often contain an anonymous, unique identifier created using a random generator that is stored on your device. Some of these identifiers lose their validity at the end of the website session, some of them remain on the device for longer periods of time. Cookies that are technically required are placed automatically. Other cookies (or comparable technologies) are only used if you have granted your consent in advance.

We use cookies and other tracking technologies for the following purposes:

 

Essential cookies

These cookies safeguard the proper function of the website and cannot be deactivated in your systems. Generally, these cookies are only placed as a reaction to actions you carry out that require a service request, such as defining your privacy settings, logging in or filling out forms. You can change your browser settings to block these cookies or send you notifications about these cookies. In this case, some sections of the website may not work properly.

 

Cookie: amplitude_id_*
Purpose of cookie: The amplitude cookie is used to differentiate users and provider information for troubleshooting and optimization of the portal and the user experience.
Period of validity: 300 days
Provider: Cornerstone
Cookie domain:  .csod.com

 

Cookie: ASP.NET_SessionId
Purpose of cookie: This is standard cookie that is required to load ASP-based websites. Without this cookie, our website does not function properly. This cookie contains the unique session identifier. This cookie does not contain any personal information.
Period of validity: Session
Provider: Cornerstone
Cookie domain: btc.csod.com

 

Cookie: AWSALB
Purpose of cookie: This cookie is used for the administration of load distribution in our data center environment.
Period of validity: 7 days
Provider: Cornerstone
Cookie domain: btc.csod.com

 

Cookie: AWSALBCORS
Purpose of cookie: This cookie is used for the administration of load distribution in our data center environment.
Period of validity: 7 days
Provider: Cornerstone
Cookie domain: btc.csod.com

 

Cookie: cscx
Purpose of cookie: This cookie supplies our global power management system with regional statistics around the clock to ensure that our websites load quickly and uniformly. This cookie contains the name of the portal to which the user is logged in as well as an identifier for the logged-in user.
Period of validity: Session
Provider: Cornerstone
Cookie domain: btc.csod.com

 

Targeting cookies

These cookies can be set via our website by us and/or our advertising partners, including social media companies. They can be used to create a profile of your interests. This is based on the information that is collected when you visit a website, including the unique identification of your browser and/our Internet device, in order to display relevant content or advertisements to you on our website and other websites. Our website uses the plug-in button “Apply with LinkedIn” or “Share”. If you interact with this plug-in, for example by clicking on “Apply”, the plug-in uses cookies to identify you and to identify your application. If you do not allow these cookies, you will be shown ads that are less targeted.

 

Cookie: JSESSIONID
Purpose of cookie: This cookie is used to protect against cross-site request forgery (CSRF) and to verify the URL signature.
Period of validity: Session
Provider: LinkedIn
Cookie domain: .www.linkedin.com

 

Cookie: lidc
Purpose of cookie: This cookies simplifies the selection of data centers.
Period of validity: 24 hours
Provider: LinkedIn
Cookie domain: .www.linkedin.com

 

Cookie: li_gc
Purpose of cookie: This cookie is used to save the user’s consent to the use of non-essential cookies.
Period of validity: 6 months
Provider: LinkedIn
Cookie domain: .www.linkedin.com

 

Cookie: bcookie
Purpose of cookie: This cookie for browser detection is used for unique identification of devices that access LinkedIn to detect misuse the platform and for the purpose of diagnostics.
Period of validity: 1 year
Provider: LinkedIn
Cookie domain: .www.linkedin.com

 

Cookie: bscookie
Purpose of cookie: This cookie detects that a registered user was verified with two-factor authentication and has already logged in.
Period of validity: 1 year
Provider: LinkedIn
Cookie domain: .www.linkedin.com

 

Cookie: lang
Purpose of cookie: This cookie saves a user’s language settings and ensures that LinkedIn.com is displayed in the language which the user has selected in their settings.
Period of validity: Session
Provider: LinkedIn
Cookie domain: .www.linkedin.com

 

What rights can you assert as a data subject?

You have the right to access information (section 15 of the GDPR), the right to rectification (section 16 of the GDPR), the right to erasure (section 17 of the GDPR), the right to restriction of processing (section 18 of the GDPR), the right to object against the processing (section 21 of the GDPR) and the right to data portability (section 20 of the GDPR). The restrictions of sections 34 and 35 of the Federal Data Protection Act (BDSG) apply for the right to access information and the right to erasure. To exercise your rights, please contact the data protection officer listed above. 

Where processing of personal data is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

You also have the right to lodge a complaint with the data protection officer listed above or with a data protection supervisory authority.

 

Information regarding your right to object pursuant to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you that is based on Art. 6 (1) letter (e) or (f) of the GDPR. After you object, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if processing is necessary for the establishment, exercise or defense of legal claims. This objection can be submitted to the data protection officer indicated above without any formal requirements.