December 2018

Dear Candidate,

We are happy to welcome you at GEA and are looking forward to receiving your job application.

When you register a candidate home account on our Workday Portal and submit an application to us or otherwise interact with us in connection with your interest in GEA job opportunities, you will provide us with your personal data. We will process your information only for the purpose of processing your application and the recruitment process. This notice explains to you what we do with your personal data and what rights and options you have in this context. Please be assured that GEA will handle your information with utmost care, diligence and confidentiality.

Responsible controller

Any personal data provided by you to us during the recruitment process will be controlled by the hiring GEA Group entity(herein referred to as "us" or "GEA") who is responsible for the security and integrity of your personal data. 

In addition, other GEA affiliates may control your personal data where we are required or permitted by law to share your personal data with them for the purposes described below or you have given us permission to do so. Please click here for a list of the GEA affiliates with contact details.

How we use your personal information

We will process your personal data strictly only for purposes of processing your application and the recruitment process, in particular the following:

  • Processing your application, including review and assessing your suitability for the job you applied for, confirming your references and educational background, communication with you, conducting assessment centers and any other evaluation methods, expense reimbursement and organization of any travel required;
  • Strategic business planning and organizational purposes, including planning, controlling, budgeting, benchmarking and restructuring;
  • Security purposes, where you visit or use our facilities, including maintaining and protecting our property, ensuring integrity and security of and controlling access to our premises, facilities, IT and communication systems, platforms and secured websites and applications websites and other systems or facilities (including monitoring by camera or other means of surveillance), investigating, preventing and detecting security threats, fraud, theft or other criminal or malicious activities;
  • Legal documentation purposes, to ensure compliance with legal documentation and document retention obligations (such as our record keeping obligations);
  • Organizational compliance, in particular monitoring and assessing compliance with our policies and standards;
  • Regulatory compliance, ensuring compliance with our legal and regulatory obligations and regulations;
  • Solving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims

Where you have expressly given us your consent, we may also use your personal data for the following purposes:

  • Including you in our job applicant data base, including considering your suitability for any of our current or future employment opportunities and to provide you by email, telephone or other communication channels you permitted us to use with information about exciting job opportunities at GEA and to store and process and share with our GEA Group affiliates any personal data you submitted with your applications for this purpose.
  • Sending you GEA information and updates, through updates by email about news, announcements and invitations to programs, surveys or other events from GEA, including from our affiliates (see above).

We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.

The legal bases for processing of your personal data are set forth in Article 6 GDPR. Depending on the above purposes for which we use your personal data, the processing is either necessary for the performance of your application, freelancing or other agreement with GEA, necessary for compliance with our legal obligations (e.g. to keep pension records or records for tax purposes), necessary to protect you or another person's vital interests or necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. In addition, the processing may be based on your consent where you have expressly given that to us. We will in each case inform you about the processing of your data and your related rights prior to obtaining your consent.Personal data is stored in a cloud environment on servers which are located in Dublin, Ireland. Access to your personal data will be granted to a strictly limited group of GEA group staff members such as your Hiring Manager, HR Business Partner and other staff members involved in hiring as well as our shared service center but strictly limited on a need-to-know basis as required for the recruitment process.

Types of personal data

Unless otherwise agreed with you, we will collect only personal data which are required in connection with our application for the above purposes. This includes any information you provide to us directly with your application and any information which is derived from such collected data or otherwise collected or generated in the course of your application process.

This typically includes the following categories of data:

  • Application Data: Any personal data you provide us with during the recruitment process including name, contact details, picture, educational background, professional background, answers to questionnaires or given in interviews
  • Assessment and Test Data: Any personal data resulting from assessments and tests, including comments and ratings from interviewers, results of logic, psychological and other tests in accordance with applicable data protection laws.
  • Background Check Data: Any personal data resulting from background checks conducted to the extent necessary or required for the respective position you applied for.
  • Results of Reference Checks: Any personal data resulting from verification of job references you provide us with during the recruitment process

How we collect your personal data

We will collect your personal data primarily directly from you when you interact with us in the course of your application, e.g. when you complete job applicant questionnaires, visit our intranet, our website or other communication or working platforms and when you communicate with us in relation to your application. In addition, we will generate personal data about you in the course of your application for the above permitted purposes (e.g. expense reimbursement, assessment centers and other performance reviews, recording and monitoring of your entrance and use of our premises, facilities and communication and IT systems).

How we protect your personal data

We maintain physical, electronic and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect your personal data from unauthorized access or intrusion. These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption. We will at all times strictly comply with applicable laws and regulations regarding the confidentiality and security of your personal data.

Sharing of your personal data We may share your personal data with affiliates within GEA Group if and to the extent required for the recruitment process. As an example, we would share your personal data with an affiliate if your responsible Hiring Manager was employed by that affiliate or if the responsible HR Business Partner was located in another GEA company. Any such transfer will be strictly in compliance with the requirements of the applicable data protection laws and these affiliates will then use the personal data for the same purposes and under the same conditions as outlined in this data privacy notice.  We may also share your personal data with third parties who process your personal data on their own behalf but in connection with a service provided to us or you on our behalf for the described purposes (such as background check providers or third parties from whom we request a reference). We may also instruct service providers (so called data processors) within or outside of GEA Group, domestically or abroad, (e.g. shared service centers, payroll or other service providers, including cloud providers) to process personal data for the recruitment process on our behalf and in accordance with our instructions only. Furthermore, we may also share your personal data with courts, regulators, law enforcement or other competent authorities or legal advisors if legally permitted and necessary to comply with a legal obligation or for the establishment, exercise or defense of legal claims. Otherwise, we will only disclose your personal data when you direct or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or when we suspect fraudulent or criminal activities.

We will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.

Where we process your personal data GEA is a globally active enterprise. In the course of our business activities, we may transfer your personal data also to recipients in countries outside of the European Economic Area (“third countries”), in which applicable laws do not offer the same level of data protection as the laws of your home country. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data, in particular by entering into the EU Standard Contractual Clauses. These clauses are available here.

You may contact us anytime using the contact details below if you would like further information on such safeguards.

Your data protection rights Subject to certain legal conditions, you may  request access to, rectification, erasure or restriction of processing your personal data. You may also object to processing or request data portability. In particular you have the right to object to our processing of your data based on our legitimate interests. In this case, we will not process your data for these purposes anymore unless our legitimate interests override your rights and freedoms or the processing is necessary for the establishment, exercise or defense of legal claims. You may also request a copy of the personal data that we hold about you. If you make this request repeatedly, we may make an adequate charge for this. Please refer to Articles 15-22 GDPR for details on your data protection rights. 

If you have any questions regarding your rights or if you have any specific requests relating to your personal data please contact us. For any of the above requests, please send a description of your personal data concerned stating your name and your home account credentials as proof of identity to the contact details below. We may require additional proof of identity to protect your personal data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the competent data protection supervisory authority in your country. You may approach either the supervisory authority which is locally competent for you or the supervisory authority which is locally competent for us.

If you have given us your consent for the processing of your personal data you can withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process the personal data where there is another legal ground for the processing.

Retention of your personal data

Your personal data will be retained for as long as required for the permitted purposes, unless otherwise required by law or to protect GEA's legitimate interests, i.e.:

  • If you enter into an employment relationship with GEA we will store your personal data for the term of your employment.
  • Otherwise, we will keep your personal data for 6 months after the end of the recruiting process and delete any of your Personal Information afterwards.
  • Statutory retention, deletion and limitation periods will be observed.

Requirement to provide personal data

As a general principle, you will provide us with your personal data entirely voluntary.

However, in certain circumstances we are required to collect certain personal data or in which GEA cannot take action without certain of your personal data. If, in these cases, you do not provide us with your relevant personal information, we may be unable to properly administer your application, assign certain tasks to you or permit you to participate in certain activities or services offered in connection with your application.

Amendments to data privacy statement

We reserve the right to change this data privacy notice from time to time in compliance with applicable data protection law. The date of the latest update is stated above.

Questions?

If you have questions regarding the recruitment process and the protection of your personal data, please contact us via the Data Protection Officer of GEA Group Aktiengesellschaft at: boris.schmidt-rathmann@gea.com.