Responsible for the internet pages of SyntegonTechnology GmbH

Legal Note of Syntegon Technology GmbH

© Copyright
All rights reserved. Text, images, graphics, sound, animations and videos as well as the arrangement of the same on Syntegon websites are protected by copyright and other commercial protective rights. The content of these websites may not be copied, disseminated, altered or made accessible to third parties for commercial purposes. In addition, some Syntegon websites contain images that are subject to third-party copyrights.

Trademark information
Unless specified otherwise, all trademarks on Syntegon websites are protected by trademark law. This applies in particular to Syntegon brands, nameplates, company logos and emblems. The brands and design elements used on our pages are the intellectual property of Syntegon Technology GmbH, Germany.

Warranty information
This website was compiled with utmost care. Nonetheless, the accuracy or correctness of the information contained cannot be guaranteed. Any liability for damage resulting directly or indirectly from use of this website is precluded, unless caused intentionally or in gross negligence by Syntegon.

Licence information
The intellectual property contained in the Syntegon website such as patents, marks and copyrights, is protected. This website does not grant a licence for utilising the intellectual property of companies of Syntegon or third parties.

Online dispute resolution (ODR)
Information regarding online dispute resolution (ODR): The European Commission offers a platform for the resolution of online disputes. This platform is dedicated to facilitating the out-of-court settlement of disputes concerning contractual obligations in online sales and service agreements.

The platform can be found at http://ec.europa.eu/consumers/odr

We do not engage in out-of-court settlements before consumer arbitration bodies.

Data protection notice for the applicant management process at Syntegon Group

We want you on our team!
In this privacy notice, we inform you how your personal data is processed in the applicant management process at Syntegon Group. Additionally we inform you about your rights under applicable data privacy laws.

Syntegon respects your privacy
Protecting your personal data and ensuring the security of all our business data are important concerns for us. We always consider these concerns in our business processes. The personal data collected when you apply online is treated confidentially and strictly in accordance with the statutory provisions.

Data privacy and information security are an integral part of our corporate policy.

Data controller
The Syntegon Group legal entity to which you submit your application using the application management system is responsible for processing your data. You will find the contact details of that legal entity in the job advertisement in the application management system. The respective addresses of the Syntegon legal entities can also be found in the Annex 1 of this data privacy notice.

Data categories processed
The following are the main categories of personal data processed:

• Master data (e.g. name, date of birth, nationality, place of residence)
• Documents (e.g. references, certificates, résumés)
• Education and training details (e.g. data about school education, university, professional qualification)
• Organizational data in case of internal applications (e.g. personnel number, cost center, department)
• Claims for travel expenses (e.g. bank account details)
• Communication data (e.g. e-mail address, (cell) phone number, IT user ID, audio and film recordings)
• Log data recorded while using IT systems

These may also include special categories of personal data such as health data, details about religion or trade union membership etc. as per Art. 9 para. 1 GDPR.

Purposes of processing and legal bases
We process your personal data in compliance with the EU’s General Data Privacy Regulation (GDPR), with the national data privacy laws and with any other applicable national laws.

The personal data processing takes place during the applicant management process particularly for the purpose of preparation for an employment relationship with a legal entity of the Syntegon Group.

The main legal basis for this purpose is GDPR Article 6 para. 1(b) (“in order to take steps at the request of the data subject (in this case applicant) prior to entering into a contract”).

Other legal bases are:

• GDPR Article 6 para. 1(a) (Consent): e.g. for Syntegon applicant community as part of the applicant management system
• GDPR Article 6 para. 1(f) (Legitimate interests): e.g. for HR evaluations (controlling, analytical reporting)

As far as special categories of personal data as per GDPR Article 9 para. 1 (e.g. data concerning health) are processed, such processing are carried out in accordance with GDPR Article 9 para. 2(b). Furthermore, it may be necessary to process this data in order assess your ability to work in accordance with GDPR Article 9 para. 2(h) along with the relevant national legislation.

Application process
The easiest way to apply for a job at Syntegon is a direct application for a position advertised on one of our job portals, where you enter your data in the candidate profile created individually for the advertised position. You hereby have the possibility to send us the data be connecting to a social network, by a manual input and/or by using “CV Parsing” (Transferring some data from your CV to our job portal).

We keep you up to date on the status of your application via e-mail.

During the application process, we will ask you whether we are allowed to forward your application data to other suitable open positions. If applicable, we may also offer you membership in a Syntegon applicant community.

Participation in Syntegon recruiting events
Some Syntegon locations organize Recruiting-Events in order to win potential candidates for multiple, similar job advertisement. Special event pages on different internet platforms inform about the contents of these events. You may apply for participation in these events by uploading your application in our application system via the link created for this purpose.

Collecting of personal data
As a rule, your personal data is collected directly from you during the hiring process. The data from the paper applications is transferred manually to the application system. You receive an email in order for you to activate your manually created application. In this email, we inform you, whether we will send your paper application back or shred it. If you do not activate your application within 30 days, your data is deleted from our application management system and you will not be considered any further in the selection process.

Additionally, you have the possibility to be referred by a Syntegon Group employee. For this purpose, you need to give your application documents to this employee, who then uploads it in the application management system. You receive an email with which you can activate your application. If you do not activate your application within 30 days, your data is deleted from our application management system and you will no longer be considered in the selection process. Your application is linked with the employee who uploaded it in the application system. This helps us in identifying that this employee has referred you. Furthermore, this employee can track the status of your application (invitation, rejection etc.) on an overview page but has no access to the details of the application process.

Staffing of particularly sensitive job positions may require a further check of your application data and your career path. The result of this check is documented in the application management system. We inform you about such checks in a transparent manner in the framework of our job advertisements. This check takes place taking local legal requirements into consideration and by involving carefully selected service providers.

Recipients of your personal data

Within a legal entity of the Syntegon Group
Only the people involved in the application process (e.g. line managers and associates of the recruiting department, HR associates and associate representatives) have access to your personal data for the purposes mentioned above within the legal entity of the Syntegon Group to which you have applied.

Other legal entities within the Syntegon Group
Other legal entities are data controllers themselves. The above mentioned persons involved in the recruiting process may belong to different companies of the Syntegon Group. Therefore, your data may be transferred to the respective persons worldwide within the Syntegon Group.

In case of your appointment, your data is transferred from our application management system to our HR-administration systems. In this process, your data may be transferred to a different legal entity and will thereafter be processed as employee data. An exchange of your personal data with other legal entities within the Syntegon Group takes place especially in order to fulfill the contracts as well as due to our legitimate interest to organize the internal workflows (e.g. Shared Services, execution of transfers or relocations across legal entities).

Recipients outside the Syntegon Group
We may disclose your personal data to other data controller only if necessary for the application, if the third party or we have a legitimate interest in this disclosure, or if you have provided your consent. You will find the details of the legal bases in the section “Purposes of processing and legal bases.”

Contractors and service providers (data processors)
Additionally, we use service providers to fulfill our contractual and legal obligations among other things. If these service providers processes personal data on our behalf, we have concluded the required contracts with them under the data protection law.

We select our service providers carefully and monitor them on a regular basis, especially regarding their diligent handling and protection of the data that they store and process. All service providers are obliged to maintain confidentiality and to comply with the statutory provisions. Service providers may also be other companies of the Syntegon Group.

You will find a list of our contractors and service providers (with whom we have a long-term or ongoing business relationship) in Annex 2 of this data privacy notice.

Disclosure to recipients outside the European Economic Area
We may disclose your personal data to contractors, service providers or Group companies located outside of the European Economic Area (EEA) only if the EU Commission has confirmed that the third country in question has appropriate levels of data privacy or if other appropriate data privacy guarantees (e.g. binding corporate regulations on data privacy or standard EU contractual clauses) are in place. Upon request, we will provide you with a list of the recipients in third countries and a copy of the specifically agreed regulations to ensure appropriate levels of data privacy. Contact details for this purpose can be seen above in the ‘Contact details of the data controller and the data privacy officer’.

If data transfer is required for recipients outside European Economic Area for the establishment, exercise or defense of legal claims, it takes place as per Art. 49 para. 1 e) of GDPR.

Duration of storage (in Germany)
We delete your personal data, as soon as the processing purpose for which the data was gathered or processed is no longer valid and the retention periods for data storage as per the respective national law are expired.

Your personal data is deleted after the conclusion of the application process by rejection from our side or withdrawal from your side (hereafter called “conclusion of application process“) as soon as we no longer need them. This period is of maximum 4 months after the respective application process ends.

Security during data processing
We take all the necessary technical and organizational measures to ensure appropriate levels of security and to protect your personal data particularly from the risks of unintended or unlawful destruction, manipulation, loss, alteration, or disclosure to or access by unauthorized third parties. We are constantly trying to improve our security measures and keep them state of the art.

Rights of users
If you wish to assert any of your rights, please refer to the Contact section. While contacting us, please ensure that you can be identified individually. .

Right of access and information:
You are entitled to receive information from us about the processing of your data. You may assert your right of access with respect to any of your personal data processed by us.

Right to rectification or erasure:
You may demand that we correct the incorrect data and complete the incomplete data or erase your data; provided the statutory requirements are met. This does not apply to the data that is required for invoicing or accounting purposes or that is subject to statutory retention periods. If access to such data is not required, processing of the data will be restricted (see below).

Restriction of processing:
Provided the statutory requirements are met, you may demand that we restrict processing of your data.

Objection to data processing in cases of “legitimate interest”:
You are also entitled to object at any time to our processing your data, provided you can lawfully claim a legitimate interest. In such case, we will cease processing your data; unless we can demonstrate – in accordance with the statutory provisions – compelling legitimate grounds to continue its processing that outweighs your interests.

Withdrawal of consent:
If you have provided us your consent to process your data, you may withdraw it at any time with effect for the future. This shall have no effect on the lawfulness of our processing of your data prior to withdrawal of consent.

Data portability:
You are also entitled receive your data from us in a structured, commonly used and machine-readable format and/or – if technically possible – to demand transfer of that data to a third party.

Right to complain to a data privacy authority:
You are entitled to file a complaint with a data privacy authority. You can contact either the data privacy authority responsible for your place of residence or German federal state, or the data privacy authority responsible for the Syntegon Group.

The data privacy authority responsible for the Syntegon Group is "Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit":

Office address:
Lautenschlagerstraße 20
70173 Stuttgart
GERMANY

Postal address:
P.O. Box 10 29 32
70025 Stuttgart
GERMANY

Phone: +49 711 / 615541-0
Fax: +49 711 / 615541-15
E-Mail: poststelle@lfdi.bwl.de

Update of the data protection notice
We reserve the right to adjust our security and data protection measures. In such cases, we will amend our data protection notice accordingly. Therefore, notice the current version of our data protection notice in the job advertisement.

Contact information of the data protection officer
You can reach our data protection officer under:

Data Protection Officer
Information Security and Privacy (PA/DSO)
Syntegon Technology GmbH
Postfach 11 27
71301 Waiblingen
GERMANY

or

E-Mail: dpo@syntegon.com

To assert your rights or to notify a data protection incident please use the following link:
https://www.bkms-system.net/syntegon

As on: January 2020