Skip to content

Enterprise Mobility team member sitting across another team member, who has a laptop open in front of her.

Doing right by everyone we work with

Candidate Privacy Policy

CANDIDATE PRIVACY POLICY 

Enterprise Mobility, Inc., through our subsidiaries operating the Enterprise Rent-A-Car, National Car , Alamo Rent A Car and Flex-E-Rent, brands as well as ARMS Business Solutions Limited and City Car Club Limited, (collectively, "Enterprise Mobility"), is committed to the responsible management, use, and protection of personal data. 

This Applicant Privacy Policy (this “Policy”) is intended to ensure that you are aware of what personal data Enterprise Mobility holds in relation to you, and how the relevant Enterprise entity to whom you have applied for a role (the "Enterprise Engager") as identified in Schedule 1 to this policy use that data. In each case, Enterprise Mobility Inc. and the Enterprise Engager will both act as controllers (together, "Enterprise" or "we"). Please read the following carefully to understand our use of your personal data. 

This Policy applies to all applicants, candidates and prospects (including those who may be unsuccessful in the application process) and third parties whose information you provide to us in connection with any application. 

Where we refer to 'candidate personal data', 'employee' or 'employment' in this Privacy Notice, we do so for convenience only and this should in no way be interpreted as purporting to confer employment status. This Policy does not form part of any contract of employment or engagement and does not confer any contractual right on you or place any contractual obligation on us. 

This Policy applies to all personal data collected, maintained, transmitted, stored, retained, or otherwise used (i.e. processed) by us regardless of the media on which that personal data is stored. 

DATA PROTECTION PRINCIPLES 

We will comply with data protection law. This says, among other matters, that the personal data we hold about you must be: 

  • used lawfully, fairly and in a transparent way; 
  • collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes; 
  • relevant to the purposes we have told you about and limited only to those purposes; 
  • accurate and kept up to date; 
  • kept only as long as necessary for the purposes we have told you about; and 
  • kept confidential and secure. 

WHAT IS PERSONAL DATA 

This Policy covers any Personal data submitted to apply to or search for an employment opportunity / position at Enterprise Mobility. 'Personal data' is defined as any data relating to a living individual who can be identified directly from that data or indirectly in conjunction with other information. We hold some or all of the following types of personal data in relation to candidates: 

  • name, address, and contact information; 
  • date of birth, civil status; 
  • education information and previous employment background / work experience; 
  • Curriculum Vitae, résumé, cover letter and/or application form; any other information you have provided on our application form, including date of birth and gender; 
  • employment preferences, willingness to relocate, desired salary; criminal record checks (only where applicable – see below for further details); 
  • interview notes and records, together with any information you provide to us during interviews; 
  • professional and other work-related licenses, permits and certifications held; language and other relevant skills; 
  • awards and professional memberships; 
  • eligibility to work in country where applicant’s job is located and available start date; 
  • general correspondence; and 
  • signed confidentiality agreements. 

HOW WILL WE COLLECT YOUR PERSONAL DATA? 

We collect personal data about candidates through the application and recruitment process from the following sources: 

  • you, the candidate; 
  • Yello, our mobile recruiting app; 
  • recruitment agencies and services, from which we collect your CV information and contact data; 
  • for certain specified roles only where we consider it appropriate or we are obliged to obtain this information in the context of the role for which you are applying, (and where we will notify you in advance), credit reference agency from which we collect details of your credit history and position; 
  • for the UK and Ireland only, our pre-employment screening provider and the DBS from whom we collect information regarding criminal convictions (UK only) where relevant to the role for which you are applying; 
  • and your named referees, from whom we collect a formal reference. 

Where we collect information from third parties, including former employers (and for the UK and Ireland only, our pre-employment screening provider), we will let you know before we do so. 

We also collect the following data from publicly accessible third-party sources such as LinkedIn, Job Boards and CV databases, and other job seeking sites where you have made your profile and job seeking interests publicly available. 

You must have the lawful right to provide any information you submit. If you intend to provide us with details of a reference or any other third party as part of your CV/résumé, it is your responsibility to obtain consent from that third party prior to providing the personal data to us. 

WHAT IF YOU DO NOT PROVIDE CERTAIN PERSONAL DATA? 

Providing personal data on the careers sites is voluntary, and you are similarly not obliged to provide any information in respect of any further requests as part of our application processes. However, please note that if you fail to provide sufficient information, Enterprise Mobility and/or the local Enterprise entity to whom you are applying for a role may not be able to process your job application, or consider your suitability for a particular role, comply with our legal obligations or manage our business. We will tell you when we ask for information which is a contractual requirement or needed to comply with our legal obligations. 

PURPOSE AND BASIS FOR PROCESSING 

Applicants should consult Schedule 2 of this document for further detail in relation to the purpose and basis for processing. We will only hold, process and disclose personal data provided by you and by any recruitment agency or other third party in respect of your application, to the extent necessary for the following purposes, as permitted by local law: 

  • for the purpose of recruitment / appointment to a role you have applied for, including processing your application, assessing your skills, qualifications and suitability for a role or type of work, and communicating with you in respect of your application; 
  • for the purpose of carrying out pre-employment screening and reference checks, where applicable (for the UK and Ireland only); 
  • for the purpose of facilitating your use of the career sites, subject to your consent; 
  • in order for you to be engaged by us as an employee, contractor, worker or otherwise; 
  • for record keeping in relation to our hiring process; 
  • in order to comply with any legal or regulatory obligations
  • for the Company's legitimate business interest in monitoring and promotion of equal opportunities, review of gender breakdown and progression (in some cases, for equal opportunity monitoring purposes), and provided our interest are not overridden by your interests (see below for further details on this); and 
  • for the Company's legitimate business interest in managing its business including legal, personnel, application management, administrative and management purposes, and exercising our right to defend, respond or conduct legal proceedings and for the prevention and detection of crime provided our interest are not overridden by your interests. 

If we wish to rely on your consent in order to process your personal data, we will seek your explicit consent in writing to do so. You have the right to withdraw your consent to that processing at any time. 

If we elect to make you an offer of employment or engagement and you accept that offer and become an employee of Enterprise Mobility, the personal data provided or obtained as part of your application process may (i) be transferred to and incorporated into our human resources system, (ii) be used to manage the new-hire process, (iii) become part of your employment file, and (iv) may be used for other employment or work-related purposes. Further details of the treatment of employee personal data are set out in our employee privacy policy, which will be made available to you where appropriate. 

SPECIAL CATEGORIES OF PERSONAL DATA 

Certain categories of your personal data are regarded as 'special'. We only process such data where necessary for the purpose of carrying out the obligations in the field of employment and social security and social protection law, and exercising specific rights, of the Company or of an employee under employment law or for the assessment of your working capacity. If we wish to rely on your consent to process your special personal data, we will seek your explicit consent in writing and you have the right to withdraw your consent to that processing at any time. 

Sensitive data includes information relating to your: 

  • physical or mental health; 
  • trade union membership; 
  • ethnic or racial origin, gender or sexual orientation. 

Please note that we do not collect this information in all countries and will only collect this where we are entitled to do so in accordance with national legislation. 

In the UK, France, Germany, Ireland and Spain, we will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during any assessment or interview. 

In the UK, Germany, Ireland and Spain, we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting. Data that Enterprise Mobility uses for these purposes will be collected on an anonymous basis. Staff members are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so. 

CRIMINAL RECORDS 

UK 

We carry out basic criminal record checks on all candidates to whom an offer of employment has been made and on all re-hires on the basis that employment or engagement with Enterprise Mobility requires a high degree of trust and integrity since the roles involve dealing with confidential or sensitive information, restricted areas, high values of customer or company money, company assets or client personal details. In these circumstances, we will only receive details of any unspent convictions. 

For some roles, we may be legally required or otherwise entitled to carry out a standard or enhanced criminal record check and we perform an enhanced criminal records check for senior level roles in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. In particular: 

  • certain roles are listed on the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (SI 1975/1023) or and is also specified in the Police Act 1997 (Criminal Records) Regulations (SI 2002/233) and so are eligible for a standard or enhanced check from the Disclosure and Barring Service; and 
  • certain roles require a significantly high degree of trust and integrity since they involve dealing with confidential or sensitive information, restricted areas, high values of customer or company money, company assets or client personal details and so we would like to ask you to seek a disclosure of your criminal records history. 

We will only process data relating to an applicant's criminal convictions or involvement in criminal proceedings when requested or permitted by law, or where the candidate has provided their express consent. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data, available here: Pre-Employment Screening Policy

We will only carry out criminal record checks on existing employees in limited circumstances. For example, if an existing employee wishes to participate in a volunteering initiative in a school, then a standard or enhanced check (depending on the circumstances) is legally required 

In each case, criminal record data will be accessed only for limited and proper purposes by those who have our permission. Data will be held securely on the employee's personnel file in accordance with our IT Security Policy and retained in accordance with our Data Retention Policy. 

For further information on how we use the data resulting from criminal record checks, please see our Pre-Employment Screening Policy

Ireland 

We may be required or otherwise entitled to ask for self-declaration of unspent convictions for certain roles, in order to satisfy ourselves that you are suitable for the role for which you are applying. Certain roles require a high degree of trust and integrity since they involve dealing with confidential or sensitive information, restricted areas, high values of customer or company money, company assets or client personal details. We will only process data relating to an applicant's declaration when permitted or required by law. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. 

Germany 

We may be required or otherwise entitled to ask for a certification of good character for certain roles, in order to satisfy ourselves that you are suitable for the role for which you are applying. Certain roles require a high degree of trust and integrity since they involve dealing with confidential or sensitive information, restricted areas, high values of customer or company money, company assets or client personal details. We will only process data relating to an applicant's certificate of good character when permitted or required by law. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

DRUG TESTING 

We will ask any applicants to consent to undergoing a drug test carried out by an authorized testing facility where they are initially hired as a Level II or above. Employment will be conditional on the successful passing of such test. 

Consent will be sought before an applicant or employee is submitted for a drug test. Although testing is not mandatory, adverse inferences may be drawn from an applicant or employee's refusal and may result in withdrawal of an offer of employment or disciplinary action up to and including dismissal. 

Why do we require drug testing? 

Level II employees and above are typically employees with supervisory responsibilities. They help ensure we fulfil our legal duties to have a safe and healthy work environment for colleagues, and to ensure safety of customers and visitors. Many Level II employees are either assigned a company car or have access to a company car during work hours for business purposes. Many also supervise employees who drive company vehicles during the work day, such as drivers, management trainees, management assistants, and car preps. Some group or UK corporate administrative office Level II employees do not have an assigned company car, work driving responsibilities, or employees in driving roles, but still have a supervisory role in terms of health and safety of their staff and customers. 

Additionally, Level II and above employees have access to a larger amount of, and more sensitive, data. For example, as a supervisor, a Level II or above has more access to their direct reports’ personal data, or greater amounts of customer data such as access to credit card numbers. These Level II and above employees have the additional responsibility to properly handle this sensitive data and ensure others are properly handling sensitive data. 

Tests will produce a positive or negative result. If the test produces a positive result, then the employee may not be hired, may be refused a promotion, or may be notified that disciplinary proceedings are to be commenced against them, as appropriate. Disciplinary outcomes may include dismissal. 

All drug test results are kept only in hard copy and stored securely in the employee’s file. Access to the employee’s file is restricted to the group’s HR department. 

RECIPIENTS OF YOUR PERSONAL DATA 

Your Personal Data may be collected, used, transferred and disclosed by employees, consultants and/or service providers of our global recruitment functions. We may disclose your Personal Data to members of our HR team and the relevant team managers in respect of the role you are applying for in order to take hiring decisions, and other employees who have a business need to access such personal data. 

We may share personal data about you with selected service providers or consultants acting on our behalf in their capacity as data processors, such as third parties assisting us with the operation of the career sites (including Yello, Inc. and iCIMS, Inc., which host career sites). Those third parties will be required to use appropriate measures to protect the confidentiality and security of personal information. 

Where appropriate, we may transfer your personal data to departments within the group outside the local Enterprise Mobility entity with whom you have applied for a role, or third parties, as set out below. 

  • Your personal data will be received by other departments within the local Enterprise Mobility entity with whom you have applied for a role: HR, finance, information technology, compliance, legal, executives, other employees, and managers for the above mentioned purposes on a need-to-know basis. 
  • Furthermore, your personal data may be transferred to other intra-group companies worldwide, including the European Head Office (Enterprise Mobility UK Limited) and the U.S. Head Office based at Enterprise Mobility, Inc. 
  • It may be necessary from time to time for us to disclose your personal data to third parties or agents outside Enterprise Mobility, including without limitation to the following:  
    • recruiters and recruitment software and systems providers; 
    • technical services personnel, or their designees; 
    • professional advisors, service providers and other third parties or agents of clients to assist in the administration, processing and management of certain activities pertaining to prospective employees including external reference agencies (such as employee vetting and screening agencies) and travel and expense management service providers; 
    • relatives or legal representatives of prospective employees; 
    • regulatory bodies to whom we are obliged or required to disclose information including courts and court-appointed persons; 
    • relevant Government departments and agencies; and 
    • (for the UK and Ireland only) pre-employment screening providers where relevant (and we will confirm with you in writing where we will do so in advance). 

We will inform you in advance if we intend to further process or disclose your personal data for a purpose other than the purposes set out above. We take all reasonable steps, as required by law, to ensure the safety, privacy and integrity of such data and information and, where appropriate, enter into contracts with such third parties to protect the privacy and integrity of such data and any information supplied. 

TRANSFERS OF PERSONAL DATA 

The information that you submit in your application on the career sites will be stored in the United States (as the servers for the application we use are located in the United States, see below for further details) and in the relevant country in which you are applying for a position. 

For EEA nationals and applicants for roles within the EEA – transfer of Personal Data outside the EEA

The local Enterprise Mobility subsidiaries for EEA countries are as set out in Schedule 1. Please note that the personal data that we collect from you in connection with your application personal data may be provided to the local Enterprise Mobility employer entity for the role you are applying for and may also be transferred to and stored in a destination outside the EEA, for the purposes described above, as set out below. 

  • The servers for our application app, Yello, are located in the US. 
  • The servers for our application management system, iCIMS, are located in the US. 
  • Due to the global nature of our business, as part of the application and decision-making process your personal data may be disclosed to members of our group, primarily our US head office which oversees management of the business including legal, personnel, application management, administration and management, and our European head office located in the UK, which performs a similar intermediary role at European level. 
  • If you choose to apply to a position outside of your country of residence, personal data in connection with your application may be also transferred or accessible to Enterprise Mobility entities in the relevant country where the role is located. 

We will only transfer your personal data outside the EEA to the United States on grounds of standard data protection clauses adopted by the Commission or by a supervisory authority and approved by the Commission. 

Wherever your personal data is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal information. 

  • In respect of data transfers from the EEA to the US within Enterprise Mobility (and for clarity to the UK), we have EU Standard contractual clauses in place setting out the legal basis of such transfers. 
  • Our contracts with the applications mentioned above contain appropriate safeguards and compliance obligations. 

You can obtain information concerning such safeguards from the HR Department at donnaw.miller@ehi.com, where applicable. 

DATA RETENTION 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for another legitimate and lawful purpose. 

For applicants for roles within the European Economic Area ("EEA", and EEA here is deemed to include the UK): 

  • Successful applicants: If your application for employment or engagement is successful, personal data gathered during the recruitment process will be transferred to our HR management system and retained during your employment in accordance with our staff privacy and retention policies; and 
  • Unsuccessful applicants: If your application for employment or engagement is unsuccessful, we will hold your data on file for 6 months after the end of the relevant recruitment process to the extent necessary to enable the Company to comply with any legal obligations or for the exercise or defence of legal claims, subject to any applicable legal or regulatory obligations to retain such information. If you agree to allow us to keep your personal data on file, we will retain your data for further periods of 6 months (or until such time you withdraw consent if sooner) for consideration for future employment opportunities. At the end of that period (or if you withdraw your consent prior to this), your data will be deleted or destroyed. 

In case any court actions or other legal proceedings are pending or impending, personal data will be deleted after termination of the court action or legal proceeding. Personal data of candidates applying for jobs in other parts of the world will be retained in accordance with local law. 

If you are a Spanish national or are applying for a role in Spain, we will keep your personal data blocked only at the disposal of Courts, the public prosecutor or competent public authorities when it is rectified or erased. This blocked data shall only be processed by those entities to establish responsibilities derived from the processing during their statute of limitations, after which we will completely delete your personal data from our systems. 

In some circumstances we may anonymise your personal data so that you are no longer identifiable, in which case we may use such information without further notice to you. 

SECURITY 

We take steps that we believe are reasonably appropriate to protect its security, both internally and from outsiders, from loss, misuse, unauthorised access, disclosure, alteration and destruction, and to ensure the integrity of the data we collect.

We use a combination of technological, physical, administrative and policy methods as well as organisational controls and non-disclosure or confidentiality agreements to protect this data. Access to our application management software is controlled, and access to personal data (including special data) in both electronic and paper form is restricted to members of the HR Department and employees who have a legitimate and justifiable reason to view such data. 

If you have a user name and password for any of the features on our websites, you have the responsibility of keeping your password secret. You should not reveal your password to anyone. We will not ask you in an unsolicited telephone call or email for your password. In addition, you should take reasonable precautions when using a computer that is not your own or in a public setting. 

CANDIDATE RESPONSIBILITIES 

You should use all reasonable endeavours to keep us informed of any changes to your personal data.  If you become aware of a data breach or a potential data breach in respect of personal data please report the matter immediately to the Security Operations Department at securityoperations@ehi.com. 

YOUR DATA RIGHTS 

If you choose to register on the recruitment app or applicant tracking system, you may access, review, and change some of the personal data collected about you and stored on our application management system by logging into the applicant tracking system and choosing to update your account information. 

The updated profile will be used as the default the next time you apply for a job using your account online. To change personal data that you already have submitted for consideration for a specific position, please resubmit your application to update personal data about you that is associated with that job application. 

You may request access to, object to, or modify the use of personal data as permitted by applicable local law. Please note that certain personal data may be exempt from such access, correction, or objection rights pursuant to local data protection laws. Please contact us at jobsprivacy@ehi.com with any such requests. 

For EEA nationals and applicants for roles within the EEA – additional data rights 

You have several rights in relation to your personal data. You have a right to: 

  • access a copy of your personal data held by the Company; 
  • request rectification of your personal data if it is inaccurate or incomplete; 
  • request erasure of your personal data in certain circumstances; 
  • restrict our use of your personal data in certain circumstances; 
  • move (or port) personal data which you have given us to process on the basis of your consent or for automated processing; and 
  • withdraw your consent to processing as set out above. 

You also have the right to object to the processing of your data where our legal basis for processing your data is our legitimate interests. 

However, these rights may not be exercised in certain circumstances, such as when the processing of an applicant’s data is necessary to comply with a legal obligation or for the exercise or defence of legal claims. If you wish to exercise any of your rights in this regard please contact us at donnaw.miller@ehi.com. We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after of receipt of your request. We may request proof of identification to verify your request.

CHILDREN 

Our applications, career websites and online recruitment are not directed to, and we do not knowingly collect personal data from, children under the age of 16 (or your country’s age of minority). Nevertheless, if you believe that your child has provided us with their personal data and you need to let us know to delete it, please email us at jobsprivacy@ehi.com

CHANGES TO THIS POLICY 

We may update this Policy to reflect changes to our information practices and will notify you in writing of any changes by email (sent to the email address specified in your account) or by means of a notice on this site prior to the change becoming effective.  We encourage you to periodically review this page for the latest information on our privacy practices. 

COMPLAINTS 

We have appointed a data protection officer (DPO) to oversee compliance with this policy. If you have any questions about this policy or how we handle your personal information, please contact the DPO at DPO@ehi.com

You have the right to lodge a complaint with a national supervisory authority if you are unhappy with how your personal data is being handled. 

CONTACT US 

If you require any further clarification regarding this policy or you have questions or requests, please feel free to contact us at jobsprivacy@ehi.com.

SCHEDULE 1 

Local data controller contact information  

Your local data controller will be the local Enterprise Mobility entity with whom you have applied for a job (these are set out below – please identify the relevant entity). 

You can contact the local data controller by contacting us at privacy@ehi.com

Country
Data Controller
Contact Information
United States of America
Enterprise Mobility Holdings, Inc.

Enterprise Mobility Privacy – Recruiting 

600 Corporate Park Drive 
St. Louis, MO 63105

United Kingdom
Enterprise Mobility UK Limited

Enterprise Mobility Privacy Questions 

Enterprise House 
Melburne Park, Vicarage Road 
Egham, Surrey, United Kingdom 
TW20 9FB

United Kingdom
ARMS Business Solutions Limited

ARMS BS Privacy Questions 

Enterprise House, 
Melburne Park, Vicarage Road, 
Egham, Surrey, United Kingdom 
TW20 9FB

United Kingdom
City Car Club Limited

City Car Club Privacy Questions 

Enterprise House, 
Melburne Park, Vicarage Road, 
Egham, Surrey, United Kingdom 
TW20 9FB

Ireland
ERAC Ireland Limited

Enterprise Mobility Privacy Questions  

Unit 4 Lyncon Court  
Snugborough Road  
Blanchardstown Business Park, Dublin 15

Germany
Enterprise Mobility Autovermietung Deutschland B.V. & Co. KG

Enterprise Mobility Privacy Questions  

Mergenthaler Allee 35-37, 65760, Eschborn

France
Enterprise Mobility Holdings France S.A.S.

Enterprise Mobility Privacy Questions  

37 rue du Colonel Pierre Avia, 75015, Paris

Spain
Autotransporte Turistico Espanol, S.A.

Enterprise Mobility Privacy Questions 

Avenida del Ensanche de Vallecas 37, 28051 Madrid

SCHEDULE 2 

Purpose and lawful basis for processing of personal data 

This table sets out: 

  • what personal and sensitive data we process; 
  • what we use that data for; and 
  • the lawful basis for the processing. 

This table forms part of our privacy policy which you should also read. 

Recruitment: 

Purpose/Activity
Type of data
Lawful basis for processing
  • Making a decision about your recruitment or appointment.

  • Determining the terms on which you work for us.

  • Performing pre-employment screening.

Personal details: Name, title, home contact details (email, phone numbers, physical address), language(s) spoken, gender, date of birth, national identification number, social security number, disability status, emergency contact information (for you and any next of kin) and photograph.

Recruitment: Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process), previous employment pre-employment screening, education history, professional qualifications, language and other relevant skills, certification, certification expiration dates, information necessary to complete pre-employment screening.

Necessary step prior to entering into an employment contract with you (Art. 6 para. 1 sentence 1 lit. b) GDPR and Sec. 26 para. 1 German Federal Data Protection Act).

Compliance with a legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR).

If pre-employment screening is performed:

  • consent (where specifically sought and obtained only, Art. 6 para. 1 sentence 1 lit. a) GDPR)

  • compliance with a legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR)

  • legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR): interest of the employer to develop and improve its product and services.

For special categories of personal data (e.g. disability status):

  • consent (where specifically sought and obtained only, Art. 9 para. 2 lit. a) GDPR);

  • necessary for the performance of carrying out the obligations and exercising certain rights in the field of employment, social security and social protection law (Art. 9 para. 2 lit. b) GDPR and Sec. 26 para. 3 German Federal Data Protection Act).

 

 

  • Checking you are legally entitled to work in the EU.

 

 

 

 

Documentation required under immigration laws: Citizenship, passport data, details of residency or work permit.

 

 

 

 

Compliance with a legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR).

 

 

 

Communications: 

Purpose/Activity
Type of data
Lawful basis for processing
  • Facilitating communication with you.

Personal details: Name, title, home contact details (email, phone numbers, physical address), language(s) spoken, disability status and photograph.

Necessary step prior to entering into an employment contract with you (Art. 6 para. 1 sentence 1 lit. b) GDPR and Sec. 26 para. 1 German Federal Data Protection Act).

Compliance with a legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR).

For special categories of personal data:

  • consent (where specifically sought and obtained only, Art. 9 para. 2 lit. a) GDPR);

  • necessary for the performance of carrying out the obligations and exercising certain rights in the field of employment, social security and social protection law (Art. 9 para. 2 lit. b) GDPR and Sec. 26 para. 1 German Federal Data Protection Act).

 

Quality control/business development: 

Purpose/Activity
Type of data
Lawful basis for processing
  • Managing product and service development and improving products and services.

We anonymise all information and individuals cannot be identified based on this data.
Legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR): interest of the employer to develop and improve its product and services.

 

Compliance: 

Purpose/Activity
Type of data
Lawful basis for processing
  • Compliance with legal and other requirements, such as income tax and national insurance deductions, record-keeping and reporting obligations.

  • Conducting audits, and compiling audit trails and other reporting tools.

  • Maintaining records relating to business activities.

  • Budgeting, financial management and reporting.

  • Equal opportunities monitoring.

Personal details: Name, title, home contact details (email, phone numbers, physical address), language(s) spoken, date of birth, national identification number, social security number, disability status.

Recruitment: Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process), previous employment background, education history, professional qualifications, language and other relevant skills, certification, certification expiration dates, information necessary to complete a background check.

Documentation required under immigration laws: Citizenship, passport data, details of residency or work permit.

Necessary step prior to entering into an employment contract with you (Art. 6 para. 1 sentence 1 lit. b) GDPR and Sec. 26 para. 1 German Federal Data Protection Act).

Compliance with a legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR).

For special categories of personal data:

  • necessary for the performance of carrying out the obligations and exercising certain rights in the field of employment, social security and social protection law (Art. 9 para. 2 lit. b) GDPR and Sec. 26 para. 3 German Federal Data Protection Act);

  • necessary for the establishment, exercise or defence of a legal claim (Art. 9 para. 2 lit. f) GDPR).

  • Compliance with government inspections and other requests from government or other public authorities.

  • Responding to legal process such as subpoenas and pursuing legal rights and remedies.

Personal details: Name, title, home contact details (email, phone numbers, physical address), language(s) spoken, gender, date of birth, national identification number, social security number, marital/civil partnership status and dependents, domestic partners, dependants, disability status and photograph.

Recruitment: Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process), previous employment background, education history, professional qualifications, language and other relevant skills, certification, certification expiration dates, information necessary to complete a background check. 

Documentation required under immigration laws: Citizenship, passport data, details of residency or work permit.

 

 

Compliance with a legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR).

 

 

For special categories of personal data:

 

 

  • necessary for the establishment, exercise or defence of a legal claim (Art. 9 para. 2 lit. f) GDPR).

 

Protection of our systems: 

Purpose/Activity
Type of data 
Lawful basis for processing 

 

 

  • To ensure network and information security, including preventing unauthorised access to our application, computer and electronic communication systems and preventing malicious software distribution. 

 

 

 

 

System and application access data: Information about your use of our application systems, information required to access application systems and application forms. 

 

 

 

 

Legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR): employer has a legitimate interest to protect its IT systems.