We take the protection of your personal data very seriously and strive to provide you with comprehensive information about the processing of your personal data. The following privacy policy explains how and for what purposes we process your personal data when you visit our website or contact us.

As a rule, the personal data of yours that we collect is obtained directly from you. The statutory basis is, in particular, the EU General Data Protection Regulation (GDPR).

A. Website schwarz.jobs.schwarz and application portal

The information contained in this chapter is valid for our websites https://schwarz.jobs.schwarz as well as all corresponding sub-domains or sub-pages. This also comprises our application portal.

1.    Controller

The controller within the meaning of Article 4(7) GDPR is:

Schwarz Dienstleistung KG
Stiftsbergstraße 1
74172 Neckarsulm, Germany

E-mail: recruiting@mail.schwarz

2.    Accessing website and application portal

When you access our websites, various information is exchanged between your end device and our server. This may also involve personal data. The information collected in this way is used to optimize our website or to display ads in your end device's browser.

2.1.    Purposes of data processing / legal bases:

When accessing our websites, the browser used on your end device will – automatically and without any action on your part – send
•    the IP address of the accessing Internet-enabled device;
•    the date and time of access;
•    the name and URL of the requested file;
•    the website / application from which the access occurred (referrer URL);
•    the browser and, where relevant, the operating system of your Internet-enabled computer as well as the name of your access provider
to our website server and this information will be stored temporarily in what is known as a log file for the following purposes:
•    to ensure a fault-free connection;
•    to ensure the comfortable use of our website / application;
•    to analyze system security and stability.

Provided you have consented to what is known as geolocalization in your browser or in the operating system or if other settings made on your end device allow geolocalization, we will use this function in order to offer you individual services based on your current location (e.g., the location of the nearest event). We will process the data relating to your location solely for this purpose.

The legal basis for the data processing is Article 6(1)(f) GDPR. The purposes of data processing listed above constitute our legitimate interest.

2.2.    Storage time / criteria for determining storage time:

Data will be stored for a period of seven months and automatically deleted thereafter. If you stop using our website, the geolocalization data will be deleted.

3.    Use of cookies and other similar techniques to process usage data

We at Schwarz Dienstleistung KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, process data as a data controller in connection with the use of so-called cookies and other similar technologies used to process usage data on our websites https://schwarz.jobs.schwarz as well as all corresponding sub-domains or sub-pages. This also comprises our application portal.

Provided you have consented to use of cookies and other similar technologies (see below) on one of the aforementioned websites or one of the corresponding sub-domains or sub-pages, this consent shall also extend to the use of cookies and other similar technologies used to process usage data on the other website as well as all corresponding sub-domains or sub-pages.

Cookies are small files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our websites. Cookies do not cause any damage to your end device, nor do they contain any viruses, trojans or other malware. The cookie stores certain information that results in connection with the specific end device deployed. This does not mean, however, that we will obtain direct knowledge of your identity.

3.1.    Purpose of data processing / legal bases:

Cookies and the other technologies used to process usage data are deployed for the following purposes, depending on the categories of cookie / other technologies:

•    Technically necessary: These are cookies and similar technologies without which you cannot use our services (e.g., for the correct display of our websites / functions requested by you, to record you signing in).
•    Preferences: Using these methods, we can take into account your actual or perceived preferences to enhance the user experience. For example, we can use your settings to display our websites in a language relevant to you. They also mean we can avoid displaying products that may not be available in your region.
•    Statistics: These technologies enable us to tailor the design of our services by producing anonymized statistics about how they are used. For example, we can use them to determine how better to adapt our websites to user habits.
•    Marketing: These enable us to display relevant advertising content based on an analysis of your usage behavior. Your usage behavior can also be tracked over various websites, browsers or devices via a user ID (unique identifier).

Please click here for an overview of the cookies and other technologies we use, including their function, expiration, and any third party providers involved.

Depending on the purpose, the use of cookies and similar technologies to process usage data involves processing the following types of personal data in particular:

Technically necessary:
•     Consent to cookie preferences
Preferences:
•    Settings for optimized display of maps
Statistics:
•    Pseudonymized usage profiles containing information on the use of our website. These contain in particular:
o    browser type / browser version;
o    operating system used;
o    referrer URL (i.e. the page previously visited);
o    host name of the accessing computer (IP address);
o    time of the server request;
o    individual user ID; and
o    events triggered on the website (web browsing behavior).  
•    IP addresses are routinely anonymized, which in principle means it is no longer possible to identify you.
•    In itself, we cannot use the user ID to identify you. We may potentially share the user ID and associated usage profiles with third parties via providers of advertising networks.
Marketing:
•    Pseudonymized usage profiles containing information on the use of our website. These contain in particular:
o    IP address;
o    individual user ID;
o    products potentially of interest;
o    events triggered on the website (web browsing behavior).
•    IP addresses are routinely anonymized, which in principle means it is no longer possible to identify you
•    In itself, we cannot use the user ID to identify you. We may potentially share the user ID and associated usage profiles with third parties via providers of advertising networks.

The legal basis for using preference, statistics and marketing cookies is your consent given pursuant to Article 6(1)(a) GDPR. The legal basis for using technically necessary cookies is Article 6(1)(f) GDPR since we have a legitimate interest in offering you a fully functional website.

You may withdraw / modify your consent at any time with effect for the future. Just click here and make your selection. Simply uncheck the respective box to withdraw your consent for the given data processing purpose.

3.2.    Recipients / categories of recipient

When using cookies and similar technologies to process usage data, we may on occasion retain specialized service providers, particularly from the field of online marketing, to process data. They process your data on our behalf as processors. Each has been carefully selected and bound by contract in accordance with Article 28 GDPR. All of the companies listed as service providers in our cookie policy act as processors on our behalf.

In the context of our cooperation with Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, the aforementioned data is generally also processed for statistical and marketing purposes on servers located in the U.S.

3.3.    Storage time / criteria for determining storage time:

For information on the duration of storage for cookies, see our cookie policy. If "persistent" is entered in the "expiration" column, the cookie will be stored permanently until the corresponding consent is withdrawn. The storage period for data stored in session storage is limited to the respective session and ends when the browser is closed.

4.    Communication by e-mail

4.1.    Purpose of the processing and legal basis

We treat all personal data that we receive from you by e-mail confidentially. We use your data solely for the limited purpose of processing your inquiry.

The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the interest in responding to your inquiries so that the satisfaction of our website users is ensured and promoted.

4.2.    Recipients/categories of recipients
        
As a rule, we do not transfer the data to third parties outside Schwarz Dienstleistung KG. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR.

Data that you send us in the context of inquiries about the application process or related topics will be transmitted to the HR department of the specific Schwarz IT country. The SIT country is itself responsible for the associated data processing.

4.3.    Storage time/criteria for determining storage time

We delete or securely anonymize all personal data we receive from you when you make inquiries no later than four months after the final response is sent to you. The information is retained for four months in case you contact us again after a receiving a response from us on the same matter and we need to refer to our previous correspondence. Based on experience, we generally do not receive any questions concerning our responses after 90 days. If you assert your rights as a data subject, your personal data will be stored for three years after the final response in order to document the fact that we provided you with comprehensive information and that the legal requirements have been met.

5.    Data transfer to recipients in a third country

If we transfer data to recipients in a third country (located outside of the European Economic Area), this will be evident in the information on the recipients / categories of recipient in the description of the respective data processing. Some third countries have been certified by the European Commission through so-called adequacy decisions as having a level of data protection comparable to that offered in the European Economic Area. A list of these countries is available at  http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html. If and insofar as there is no comparable data protection standard in effect, we will ensure that data protection is adequately guaranteed by other measures. These include, for example, binding company policies, standard contractual clauses for data transfers issued by the European Commission, certificates, or recognized codes of conduct. For further information, please contact our data protection officer.

B. Application and recruitment process

1. Controller

After you send your job application through the application portal, by e-mail or through any other means described under this Policy, your personal data is processed by:

SCHWARZ GLOBAL SERVICES HUB SOCIETATE ÎN COMANDITĂ (hereinafter "Schwarz Global Services Hub Romania")
Bulevardul Dimitrie Pompeiu 6 E, 020335 Bucureşti, Romania
protectiadatelor@mail.schwarz.

Schwarz Global Services Hub Romania processes your data, as a data controller within the meaning of Article 4(7) GDPR, as detailed below.

2. Purpose of data processing / legal bases

We process the personal data you provide in the context of the application process solely for the purpose of selecting and hiring candidates. The legal basis for this process is art. 6 para. 1(a) and art. 9 para. 2 para. a) of the GDPR (for health data, if applicable), consent expressed by the submission of the application. During the actual recruitment stage, when Schwarz Global Services carries out activities specific to the recruitment process in relation to candidates of interest, other than  CV analysis, such as interviews, tests, phone calls, Schwarz Global Hub processes the data based on its legitimate interest to perform and document the specific steps of the recruitment process and to demonstrate compliance with legal requirements (e.g. avoidance of discrimination), pursuant to Article 6 para. 1 lit. f) GDPR).

Schwarz Global Services also processes data relating to the family relationship between the employee recommending a candidate and the candidate in question for the purpose of analyzing a potential contradiction between the private interests of the employee in question and the interests of the company (conflict of interest), pursuant to art. 6 para. 1 lit. f) of the GDPR.

Referral Program - What happens to your data and the data of the employee who refers you?

If your application is as a result of a referral from a Schwarz Global Services employee under the Referral Programme, we will process your first and last name and, if applicable at a later date, your employee number, job title and date of employment for the purpose of settling the referral bonus to the referring employee.

The legal basis for this processing is article 6 para. 1(f) of the GDPR i.e. the legitimate interest to implement the referral program as well as to reward employees who help us to expand our potential candidate database and increase Schwarz IT Hub as an employer.

3. Recipients / categories of recipient

As a rule, we do not transfer the data to third parties outside Schwarz Global Services. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract pursuant to Article 28 GDPR.

In the event of contract signing by means of electronic signature, your data becomes available to all parties involved in the approval and signing of said contract, as these parties receive a log upon contract signing listing all processing steps including e-mail address, IP address, date and time of the processing. In addition, your data may be accessible to these external service providers that we use for the corresponding digital signature procedure. For Adobe Sign this is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West, Business Campus, Saggart D24, Dublin, Ireland.

4. Storage time / criteria for determining storage time:

If your application is rejected, your data will be stored for 6 months after you are informed thereof/after you withdraw your application. Your data will then be erased.

You can withdraw your request at any time and request the deletion of your data before the expiry of this period. You can make your request by contacting us on our website and/or by contacting our DPO.

5. Are you obliged to provide us with data?

There is no legal or contractual obligation to provide us with personal data. However, without this data, we cannot contact you and we cannot carry out the recruitment process.

Your account and data stored in our online application system will continue to be stored in the system regardless of whether you are in the process of applying for a specific position. This allows you to also apply for other positions online. Your account will be automatically deleted if it has been inactive for 12 months and you do not have any open applications. However, you can delete your account at any time. Any applications you may have submitted will be withdrawn and your account will be deleted. Your account will be deleted immediately; the applications are automatically deleted in accordance with applicable law.

6. Creating an account in the online application system

We use an app that allows you to quickly and easily enter your account data in our online application system.

You can upload your CV (either as a PDF or Word file) to our online application system. The app automatically analyses your document on the basis of various criteria and uses this information to prepopulate your account profile to a certain degree. You can correct or delete this automatically prepopulated information at any time. The app only reads and does not store your CV.

7. Uploading documents to the online application system

You can upload the requisite documents for your application from your computer or mobile device. Alternatively, you can upload the documents directly from your Dropbox to our online application system.

The privacy policies of these service providers shall apply.

8. Applying on the online application system via XING and LinkedIn

You can also easily apply with us via the online platforms XING (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany) or LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).

To do so, you must grant XING or LinkedIn your consent to share the data in your account with us. Simply log in to your XING or LinkedIn account and grant consent that the respective platform operator may transmit to us the data from your account that we also need for our online application system, e.g., first and last name, URL of your platform account, e-mail address and professional background. This allows us to automatically store your data in our online application system and speed up the application process.

XING SE is responsible for providing and transmitting the data via XING. XING's privacy policy applies. LinkedIn Inc. is responsible for providing and transmitting the data via LinkedIn. LinkedIn's privacy policy applies. You can correct or delete the data transmitted to our online application system at any time prior to submitting your application.

9. Notice of consent: "Recruiters can view and consider your account profile for all vacant positions of all listed companies"

Your application is for a position advertised at one of the companies listed above. Your application documents are generally only analyzed and considered for the specific position for which you have applied.
If you are interested in positions other than the one for which you have specifically applied, you can submit further applications to the other companies listed above from your online account.

Alternatively, you can consent online in our system to be automatically considered for other vacant positions at the aforementioned companies. You may revoke this consent at any time, for example, by changing your account settings. If you withdraw your consent to allow recruiters to view and consider your account profile for all vacant positions of all listed companies, your application will only be considered for the position.

C. Your rights as a data subject

1. Right of information pursuant to Article 15 GDPR

Pursuant to Article 15(1) GDPR, you have the right to request information, free of charge, on the personal data stored about you. This particularly includes:
•    the purposes for which the personal data is processed;
•    the categories of personal data that are being processed;
•    the recipients or categories of recipient to whom personal data concerning you has been or will be disclosed;
•    the planned duration of the storage of the personal data concerning you or, if it is not possible to give any specific details, the criteria used to determine the storage duration;
•    the existence of a right to rectification or erasure of the personal data concerning you, a right to request from the controller that processing be restricted or a right to object to this processing;
•    the right to lodge a complaint with a supervisory authority; all available information regarding the origin of the data if the personal data is not being collected from the data subject;
•    the existence of any automated decision-making processes including profiling pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information regarding the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
If personal data is transferred to a third country or an international organization, you have the right to be notified about appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

2. Right to rectification pursuant to Article 16 GDPR

You have the right to request the immediate rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3.    Right to erasure pursuant to Article 17 GDPR

You have the right to obtain from us the erasure of any personal data concerning you without undue delay where one of the following grounds applies:
•     the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
•    you withdraw your consent on which the processing pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR was based and there is no other legal ground for the processing;
•    you object to the processing pursuant to Article 21(1) or (2) GDPR, and in the case of Article 21(1) GDPR there are no overriding legitimate grounds for the processing;
•    the personal data was unlawfully processed;
•    the erasure of personal data is necessary in order to comply with a legal obligation;
•    the personal data was collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Where we have made the personal data public and are obliged to erase it, taking account of available technology and the cost of implementation we will take reasonable steps to inform any third parties processing your data of the fact that you have requested the erasure by such third parties of any links to, or copies or replications of, such personal data.

4.    Right to restriction of processing pursuant to Article 18 GDPR

 You have the right to require us to restrict the processing where one of the following applies:
•    you contest the accuracy of the personal data;
•    the processing is unlawful and you request the restriction of the use of the personal data rather than its erasure;
•    the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims or
•    you have objected to the processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.

5.    Right to data portability pursuant to Article 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller without hindrance by us, where
•    the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) GDPR and
•    the processing is carried out by automated means.

In exercising your right to data portability you have the right to have the personal data transmitted directly from us to another controller where technically feasible.

6.    Right to object pursuant to Article 21 GDPR

Provided the requirements of Article 21(1) GDPR are met, you may object to the data processing on grounds relating to your particular situation.

The aforementioned general right to object applies to all processing grounds set out in this privacy policy, which are processed on the basis of Article 6(1)(f) GDPR. In contrast to the specific right to object to data processing for promotional purposes (see above, in particular section 3), the GDPR only obliges us to act on such objection if you cite grounds of overriding importance, e.g., a possible risk to life or health.

7.    Right to lodge a complaint with the data protection supervisory authority pursuant to Article 77 GDPR

 You also have a right to lodge a complaint with the competent data protection supervisory authority at any time. In order to do this, you can contact the data protection supervisory authority of the state where you have your place of residence or the authority of the state of Baden-Württemberg as the state where Schwarz Dienstleistung KG is headquartered.

D. Data protection officer contact information

For further questions concerning the processing of your data or the exercise of your rights, please contact the controller's competent data protection officer.

Schwarz Dienstleistung KG
– Data Protection Officer –
Stiftsbergstraße 1
74172 Neckarsulm, Germany

E-mail: datenschutz@mail.schwarz

Schwarz Global Services Hub Romania
– Data Protection Officer –
Bulevardul Dimitrie Pompeiu 6 E,
020335 Bucureşti, Romania

E-mail: protectiadatelor@mail.schwarz