PRIVACY NOTICE FOR CANDIDATES AND APPLICANTS (RECRUITMENT)

This Privacy Notice, also referred to as Data Privacy Policy explains how the Beiersdorf group of companies (each Beiersdorf entity being "we", "us", "our") process your personal data when you apply for a position advertised by us. It also describes your data protection rights, including the right to object to some of Beiersdorf’s processing operations.

For more information on your rights and how you can exercise them, please refer to the section “Legal rights in relation to personal data and how to exercise them”.

Where applicable, this Privacy Notice supplements our existing General Privacy Notice, which gives you specific information on how we process personal data obtained from you when visiting our website and when we process your personal data in relation to non-application-specific topics.

For certain regions, we provide supplementary information about our use and processing of your personal data in accordance with the laws of the respective jurisdictions. If you reside in or work from any of these regions, please also review the respective annexes (see also section 8. Supplementary information for certain regions).

List of Content

  1. Data controller and contact details
  2. Collection of personal data
  3. Purposes of and legal bases for processing
  4. Data Sharing
  5. Legal rights in relation to personal data and how to exercise them
     5.1. Right of access
    5.2. Right to rectification and erasure
    5.3. Right to restriction of processing
    5.4. Right to data portability
    5.5. Right to object
    5.6. Right to withdraw consent
  6. Data retention
  7. Objection or Withdrawal of your consent to the Processing of Personal Data
  8. Supplementary Information for Certain Regions

 

1. DATA CONTROLLER AND CONTACT DETAILS

Responsible for the processing of personal data within the meaning of Article 4 (7) of the General Data Protection Regulation ("GDPR") or the equivalent under applicable data protection laws is the company stated in the job application and with regard to global HR management and management of global HR systems, Beiersdorf AG, Beiersdorfstraße 1-9, 22529 Hamburg, Germany, Tel.: +49 40 4909-0, E-Mail: dataprotection[at]Beiersdorf.com.

You can find the contact details of the Data Protection Officers of the Beiersdorf AG under the following link: https://www.beiersdorf.de/meta-pages/datenschutzerklaerung/beiersdorf-datenschutzbeauftragter-webseite.

2. COLLECTION OF PERSONAL DATA

Within the recruitment process, we collect and store the following categories of personal data about you:

  • Data which you have provided to us in your candidate profile, including first and last name, gender, nationality, address, country, e-mail, phone number ("Candidate Profile Data").
  • Data which you have entered on our candidate application form, including desired annual salary, your motivation, information about disabilities (if and to the extent that it is relevant for the job offered) ("Application Form Data").
  • Data which you have provided to us in your application documents (curriculum vitae CV, cover letter) including work experience, qualifications and language skills ("Application Documents Data").
  • Data from online assessments (e.g. personality tests, cognitive ability tests) and video interviews (if applicable) ("Online Assessment Data").
  • Data provided to us by your referees (if applicable). These are reference points that you have given us to contact ("Referee Data").

During the recruitment we may evaluate the results of cognitive ability tests using relevant reference groups considering your profession and level of experience.

We collect personal data directly from you or from our external partners, e.g. headhunters. We can also obtain information from professional social networks, such as LinkedIn, job boards and from other publicly accessible sources (only information relevant to your professional life) for the purposes of actively approaching you with job offers or for the purpose of confirming the accuracy of the information presented by you within the course of the application ("Public Professional Data").

Providing your personal data as part of the application process is voluntary. However, the provision of personal data that is marked as mandatory is necessary for the processing of your application or the conclusion of an employment contract with us.

If you provide personal data of another person (e.g. referees) to us, you should show them a copy of this Privacy Notice prior to providing us with their personal data. 

3. PURPOSES OF AND LEGAL BASES FOR PROCESSING

We process your personal data to make our hiring decision, operate our business and comply with our legal obligations. More specifically, we process your personal data for the purposes and rely on the legal bases set forth in the table below, subject to applicable data protection laws. Where relevant, the legitimate interest is included in the table below as well.

The relevant legal bases include:

  • Processing necessary to take steps at your request prior to entering into a contract (i.e. processing necessary to make a hiring decision and enter into an employment contract with you) (Article 6 (1) b) GDPR or the equivalent basis under applicable data protection laws).
  • Compliance with legal obligations (Article 6 (1) c) GDPR or the equivalent basis under applicable data protection laws).
  • Legitimate interests (Article 6 (1) f) GDPR or the equivalent basis under applicable data protection laws).
  • Consent (Article 6 (1) a) GDPR or the equivalent basis under applicable data protection laws).

Where we process special categories of personal data (e.g. data concerning health) it will be justified by one of the abovementioned legal bases and one of the following additional conditions:

  • The processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security, social protection law, as well as any other applicable law (Article 9 (2) b) GDPR or the equivalent basis under applicable data protection laws).
  • The processing is necessary for the establishment, exercise or defense of legal claims (Article 9 (2) f) GDPR or the equivalent basis under applicable data protection laws).
  • In exceptional circumstances the processing may be carried out subject to your explicit consent (Article 9 (2) a) GDPR or the equivalent basis under applicable data protection laws).
  • The processing relates to personal data which are manifestly made public by you (Article 9 (2) e) GDPR or the equivalent basis under applicable data protection laws).
Purpose of processing
 Legal basis
 Legitimate interest (where relevant)
 Categories of personal data
To communicate with you within the recruitment process.
 Taking steps at your request prior to entering into a contract.
 Not applicable ("N/A")
 Candidate Profile Data
To assess your application for the job you applied for, to make a decision whether to offer you employment and to provide the employment contract if an offer is accepted.
 (i) Compliance with legal obligations (e.g., ensuring that we do not unlawfully discriminate in our hiring decisions) or (ii) taking steps at your request prior to entering into a contract where (i) does not apply.
 N/A
 Candidate Profile Data, Application Form Data, Application Documents, Referee Data
To consider adjustments or accommodations for the recruitment process if you have a disability.
 Consent

In case you voluntarily provide us with the information that you have a disability we process this information only to the extent this is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law.
 N/A
 Application Form Data,  Application Documents
To verify your qualifications and suitability for the job you applied for (as permitted under applicable law and necessary for the specific position).We may use software (including Artificial Intelligence) that assists us to extract skills from your CV and to evaluate whether they match with the job requirements.

In exceptional cases we may also rely on professional information available about you on professional social networks, job boards, and other publicly accessible sources for his purpose.
 Legitimate interests

Should any special categories of personal data on professional social networks, job boards, and other publicly accessible sources be processed in this context, this will be limited to such data which was manifestly made public by you.
 We have a legitimate interest to find suitable candidates for our vacancies.
 Candidate Profile Data, Application Form Data, Application Documents, Referee Data, Public Professional Data
To carry out tests in order to assess your suitability for a role

Note: Participating in a personality test is voluntary.

Otherwise, tests are generally only carried out for specific roles (such as cognitive ability test).
 (i) consent or (ii) taking steps at your request prior to entering into a contract

We process special categories of personal data in this context only to the extent (i) we received your explicit consent and/or (ii) that is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law.
 N/A
 Candidate Profile Data, Online Assessment Data
To contact you in case there are (alternative) career opportunities with us and/or at the Beiersdorf group of companies.

Note: you can restrict the visibility of your candidate profile to the team involved in your current application or grant it to Beiersdorf’s recruiters worldwide.
 Consent

In respect to the processing of professional information about you on professional social networks, job boards, and other publicly accessible sources: Should such processing include processing of special categories of personal data, the processing is limited to such data which was manifestly made public by you.
 N/A
 Candidate Profile Data, Application Form Data, Application Documents, Public Professional Data
We may proactively approach you based on professional information available about you on professional social networks, job boards, and other publicly accessible sources.
 (i) Legitimate interests or (ii) consent where we obtained consent for this purpose.

In respect to the processing of professional information about you on professional social networks, job boards, and other publicly accessible sources: Should such processing include processing of special categories of personal data, the processing is limited to such data which was manifestly made public by you.
 We have a legitimate interest in finding suitable candidates for our vacancies and other entities of the Beiersdorf group.
 Public Professional Data
To ask you for feedback about your experience with the recruitment process.
 Consent
 N/A
 Candidate Profile Data
To safeguard our rights.
 (i) Legitimate interests or (ii)  where processing is necessary for our regular exercise of rights in judicial, administrative or arbitration procedures.

We process special categories of personal data in this context only to the extend necessary for the purpose of establishment, exercise and defense of legal claims.
 We have a legitimate interest in the establishment, exercise and defense of legal claims.
 Candidate Profile Data, Application Form Data, Application Documents, Referee Data, Online Assessment Data, Public Professional Data
To comply with legal obligations to which we are subject (e.g. deriving from tax law, foreign trade law or sanctions regulations).
 (i) Compliance with legal obligations or (ii) legitimate interests where the compliance with legal obligations legal basis does not apply.

We process special categories of personal data in this context only to the extent that is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law.
 We have a legitimate interest in complying with legal obligations to which we are subject, i.a. to avoid sanctions that may result from non-compliance.
 Candidate Profile Data, Application Form Data, Application Documents, Referee Data, Online Assessment Data, Public Professional Data
For any of the above listed purposes it might be necessary to transfer data to other entities of the Beiersdorf group of companies. 
 (i) Consent where the relevant processing activity listed above relies on consent or (ii) taking steps at your request prior to entering into a contract where (i) and (iii) do not apply or (iii) legitimate interests where (i) and (ii) do not apply.
 We, as part of the Beiersdorf group of companies, have a legitimate interest in transferring your personal data within the group for internal administrative purposes where this is necessary for the purposes of effective recruitment.
 Candidate Profile Data, Application Form Data, Application Documents, Referee Data, Online Assessment Data, Public Professional Data

4. DATA SHARING

We may transfer your personal data to companies affiliated with us provided this is permissible within the scope of the purposes and legal bases outlined above. For the processing activities in our online recruiting system Beiersdorf Group companies are jointly responsible. The essence of the arrangement of this joint determination is that Beiersdorf AG, Germany, is predominantly responsible to fulfill information duties according to data protection law and provide information on the joint processing. We might share your candidate profile with other recruiting teams in the Beiersdorf Group if you chose this option in the application form. You can manage the visibility options of your profile by selecting whether your profile should be visible to the recruiting team involved in your current application or recruiting teams within the Beiersdorf Group worldwide. If you do not wish to be further considered for relevant job offerings, you can request the deletion of your candidate profile or use the self-service function.”).

Furthermore, personal data may be processed on our behalf on the basis of data processing agreements pursuant to Article 28 GDPR, or other applicable laws, especially by providers of systems for candidate management and selection procedures. We do not share data with third parties that have no reference to our application management and application procedures or other use cases we describe in this privacy notice.

Where applicable such transfers may involve the transfer of personal data to recipients outside the European Union / European Economic Area. Standard contractual clauses (from the implementing decision (EU) 2021/914 of 4 June 2021) have been concluded with these recipients, unless they are based in countries with an adequacy decision pursuant to Article 45 GDPR (a list of these countries is available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) or GDPR provides for an exception under Article 49 GDPR. Where the transfer in this context is made to a recipient acting as a processor for us (i.e., processing personal data on our behalf), Module Two (transfer from controller to processor) of the standard contractual clauses is relevant; where the transfer is made to third party controllers, Module One (transfer from controller to controller) is relevant. In case the transfers are carried out by a service provider, which we have engaged as a processor, to a sub-processor, Module Three (transfer from processor to processor) may be implemented to govern such transfers.

To request a copy of standard contractual clauses (to the extent we rely on such) you may contact us (see section "Data controller and contact details"). Please note that such copy may be redacted to the extent necessary to protect business secrets or other confidential information.

Further recipients can be found in the general recipients section 1.4 of the General Data Privacy Policy.

In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies to comply with legal obligations or this is necessary to safeguard our rights.

5. LEGAL RIGHTS IN RELATION TO PERSONAL DATA AND HOW TO EXERCISE THEM

Depending on where you are located or the location of the entity to which you are applying, you may have the following rights in relation to your personal data. If the entity is located in the European Economic Area, you have these rights provided that the relevant legal requirements under GDPR are met.

5.1. Right of access

You can request information about your personal data (commonly known as data subject access request). You can exercise this right by contacting us under the above mentioned contact details of the controller.

5.2. Right to rectification and erasure

If you wish to update the personal data provided to us, you can send us an email to RC[at]Beiersdorf.com or you modify the data yourself in the relevant application within your candidate profile. Under certain conditions, you can ask us to erase your personal data. 

5.3. Right to restriction of processing

Under certain conditions you have the right to restrict the processing of your personal data, e.g. when you want us to verify the accuracy of your personal data. You can adjust the visibility of your profile at any time or opt out of notifications.

5.4. Right to data portability

Under certain conditions you have the right to receive the personal data concerning you which you provided to us in a structured, commonly used and machine-readable format.

5.6. Right to withdraw consent

You have the right to withdraw consent we have obtained from you at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. For more information see section “Objection or Withdrawal of your consent to the Processing of Personal Data”.To exercise your rights, you may contact us (see section "Data controller and contact details") or log in to your Candidate Profile and use the self service function for rectification, erasure and access to your account data.

6. DATA RETENTION

Your personal data will generally only be stored until the personal data are no longer necessary in relation to the purposes for which they were collected (or otherwise processed).We retain your Candidate Profile Data for as long as your candidate profile is active. We delete such profile and related Candidate Profile Data after 12 months of inactivity.

Application Form Data, Application Documents Data, Online Assessment Data, Referee Data and Public Professional Data regarding a specific application will be retained for 6 months after finalizing the recruitment process related to a specific application and deleted afterwards.

We further retain your personal data in that period in case there is a relevant job offering for which you will be a fitting candidate and you set the visibility of your candidate profile as described in 4 Data sharing. In addition, you can request the deletion of your candidate profile or the withdrawal of your application by contacting our recruitment experts at RC[at]Beiersdorf.com.

As an exception, personal data may be stored longer where their processing is necessary for compliance with a legal obligation – including compliance with statutory retention periods – to which we are subject or for the establishment, exercise or defense of legal claims.

You can access your Candidate Profile and the information stored there via the link you received in our Mails. You can also unsubscribe from the Beiersdorf Job Agent and stop receiving information on current job postings in the menu of your candidate profile.

In case your application is successful we may store your personal data within the subsequent employment in compliance with the applicable legal regulations. More information can be found in the Privacy Notice for employees that we will provide to you on acceptance of the job or during your onboarding.

7. OBJECTION OR WITHDRAWAL OF YOUR CONSENT TO THE PROCESSING OF PERSONAL DATA

If you have given your consent (Article 6 (1) a) GDPR or the equivalent basis under applicable laws) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have given it to us.

If we base the processing of your personal data on legitimate interests (Article 6 (1) f) GDPR or the equivalent basis under applicable laws), you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the Section Purposes of and Legal Bases for Processing. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.

8. SUPPLEMENTARY INFORMATION FOR CERTAIN REGIONS

If you are located or are applying to work outside of the European Union/EEA, please also review the Annexes applicable to your region for further information about our collection, use and processing of your personal data:

Annex – Asia Pacific (“APAC Annex”)

In the event of conflict between the content of this Privacy Notice and the applicable regional annex, the latter shall prevail.

Annex – Asia Pacific (“APAC Annex”)

DATA CONTROLLER AND CONTACT DETAILS

The Beiersdorf entity that you are making an application to work for is the data controller collecting and processing your personal data as described in this Privacy Notice.  Details of the relevant Beiersdorf entity is available here: Global Business | About Us - Beiersdorf

You can find the contact details of the Data Protection Officers (if appointed) or representative of the relevant Beiersdorf entity on our website.

COLLECTION OF PERSONAL DATA

Personal data, as stated in this Privacy Notice and APAC Annex, shall be deemed to include reference to sensitive personal data unless the context otherwise requires.

If you provide personal data of another person (e.g. referees) to us, you should show them a copy of this Privacy Notice and APAC Annex and obtain their consent prior to providing us with their personal data.

If it is mandatory for you to provide certain personal data to us, we will indicate this to you (for example, by an asterisk in an application form) and if you do not provide such mandatory data, we may not be able to respond to your enquiries or process your application, and we and/or you will not be able to comply with applicable laws.

PURPOSES OF AND LEGAL BASES FOR PROCESSING

We will process your personal data for the purposes set out in the Collection of Personal Data section of the Privacy Notice. We may also use your personal data for the purposes of data analytics.

Where required by applicable law, we will obtain your consent to the processing of your personal data where we wish to do so for a purpose not set out in the Privacy Notice.

In Asia Pacific, where the legal basis set out in the Purposes of and Legal Basis for Processing section in the Privacy Notice above does not apply under applicable law, and where required by applicable law, we will obtain your consent to the collection, use, transfer and other processing of your personal data.

DATA SHARING

With your consent as required by applicable law, we will share and disclose your personal data as described in the Data Sharing section of the Privacy Notice and described as below in this APAC Annex.

Recipient’s Name
 Recipient’s Purpose of Use
 Items of Personal Data to be Provided
 Period of Retention and Use by Recipient
Beiersdorf's affiliates and Group companies

List of Beiersdorf group companies
 For the purposes as described in the Purposes of and legal bases for processing section of the Privacy Notice 
 Candidate Profile Data, Application Form Data, Application Documents, Data, Referee Data
 For the retention period expires as described in the Data Retention section in the Privacy Notice 

Where we share your personal data with third parties, we will put in place adequate measures such as contractual arrangements with them to ensure they process your personal data in accordance with our instructions and applicable laws and to adopt appropriate security measures to protect your personal data.

DATA SHARING – OVERSEAS TRANSFERS
To the extent required by applicable law, and where we will be sharing, transferring, or storing your personal data outside of the location where you reside, including in the EU, US, and other jurisdictions where we our affiliates, vendors and providers have operations, we will ensure that the recipient entities provide an adequate level of data protection that is at least comparable to the protection set out under applicable law to protect and safeguard your personal data before transferring personal data by execution of appropriate data transfer agreements or confirming there are in place adequate security measures and other controls. 

You may have the right to request that your data not be transferred internationally as described above. If so, you may request this by contacting us. However, in such case, we may not be able to proceed with your application or enter into an employment/contractual relationship with you.

LEGAL RIGHTS IN RELATION TO PERSONAL DATA AND HOW TO EXERCISE THEM

Depending on where you are located, you may have one or more of the following data subject rights:

  • right to be informed of personal data processing and right to give consent;
  • right to access and obtain a copy of your personal data;
  • right to correct inaccurate data;
  • right to limit or withdraw consent to our processing of your personal data and/or to deregister your account;
  • right to object, restrict or discontinue the processing of, or deletion of data (in certain circumstances);
  • right to data portability (where technically feasible);
  • right to refuse automated decision-making without any human involvement, and to request an explanation of the automated decision.

We reserve the right not to comply with your request if it is permitted by the applicable law.

If you have a complaint about the way in which we have handled any privacy issue, including a request to access any of your rights under the data protection laws, or have any questions on whether you have, or how to exercise these rights, please contact the Data Protection Officers or representative of the relevant Beiersdorf entity using the contact details under "Data controller and contact details" above.

We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation. You may also approach an independent advisor or contact your local data protection supervisory authority.

DATA RETENTION

Where the purposes for which your personal data was collected and used have been fulfilled or the retention period has expired, your personal data will be destroyed in an irreversible way, unless we are required to retain it for a longer period under applicable laws. Furthermore, we will take measures to store your personal data in a separate database or at a different place.

The processing of your personal data will start from the moment of collection and will continue until the end of the retention period as described in the Data retention section of the Privacy Notice.

DATA SECURITY

We store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you may also be recorded in paper files that we store securely.

We use appropriate technical and organizational measures aimed to protect your personal data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. However, the risk of such incidents always remains. In such a case, you could potentially suffer from emotional distress, reputational risk, etc.

CHANGES

We may make changes to this Privacy Notice from time to time. Any changes to our policy will be published on our website. In case of material changes and where required by applicable law, we will seek your consent to these changes as required by applicable law. If this Privacy Notice is translated into, or appear in a language other than English (as may be required under applicable local language laws), the English language version shall control and the non-English language version shall be deemed to be automatically amended.