Employee Candidate Data Handling
CANDIDATE AND EMPLOYEE POLICY FOR USING AND PROCESSING PERSONAL DATA – GERMANY
1. Contact details
Your personal information is collected by Pieris Pharmaceuticals GmbH ("we"/"us"/"our"). You can contact us at firstname.lastname@example.org. If you have any questions or complaints in relation to the use of your personal information or this Candidate and Employee Notice, you can contact our Data Protection Officer at: DHerdes@intersoft-consulting.de
Our contact details are as follow:
Pieris Pharmaceuticals GmbH,
Lise Meitner Straße 30,
85354 Freising, Germany.
2. Personal Information Collected
We may collect the following information about you during the recruitment process and your employment.
2.1. Recruitment process
- Information provided in your curriculum vitae, application form, covering letter and during the interview process: for example, your name, date of birth, age, gender, home address, personal email address, education, qualification and work experience details, and references.
- Information collected or created by us during the recruitment process: including interview notes and correspondence between us.
- Information about criminal convictions: we carry out background checks as part of the recruitment process.
- Special categories of personal data: information relating to disabilities and physical or mental health information (if provided by candidate, e.g., for purposes of seeking accommodation) and immigration/naturalisation records (if this discloses racial/ethnic origin information).
2.2.1 Information relating to you
- Personal identifiers: such as title, name, date of birth, age, gender, home address, personal email address, telephone number, driver's licence number, passport number, frequent flyer number, and where applicable, national tax ID, social security number, and tax identification number.
- Resume/CVs which will include information on your education and training details such as qualifications, academic records, schools, training record, professional expertise.
- Personnel records which includes offer letters, recommendations, policy acknowledgements, employment agreements, promotion and transfer records, employee licenses and certifications, termination and resignation letters, exit interview notes and severance agreements, performance evaluations and reviews, leave requests and absence records, disciplinary and grievance and training records and professional memberships.
- Information provided as part of the recruitment process (see Section 2.1 above).
- Employment details: such as employment status, job title(s) and description, employee ID, employee type and whether full time or part time, work location, hire/start date, termination date, individual photo, and organisational details such as name of company, work phone number and email, intranet user log in, department and supervisors details.
- Financial information: such as salary and compensation history, benefits (including enrolment and application forms, reports on accruals and years of service, documentation summarising enrolment and participation on benefit programs, general employee communications related to benefits), stock ownership, pay, travel expenses, pay cheque information, bank account information, bonus targets, pensions information, and credit card usage.
- Records generated by and in relation to investigations of misconduct allegations or for the general purpose of collecting facts or other information.
- Other information: such as photographs or visa related immigration information for migrant workers.
- Special categories of personal data: including religious beliefs (for tax related purposes), information relating to disabilities and physical or mental health information (for purposes of workplace accommodations, safety, or other legal reasons), and immigration/naturalisation records (if this discloses racial/ethnic origin information).
2.2.2 Information relating to your family
- Emergency contact person(s) and their contact details.
- Marital status, number and identity of dependents and spouse (if any) where necessary for the purpose of any employment benefits.
- Beneficiary information, including name and date of birth, in regard to health insurance and other benefits for employees and their families.
2.2.3 Information relating to your use of our information and communications systems
- Records of your use of our IT systems including email, internet systems, computers, laptops (including via remote access) telephone systems and mobile devices.
- CCTV footage and other information obtained through electronic means such as swipe card records.
3. How we use personal information
3.1. Recruitment process
We use your personal information to progress the recruitment process, assess and make a decision about your suitability for a role, to communicate with you and to carry out reference checks. We will also use your information to comply with legal and regulatory requirements.
We will process this information for the following purposes:
- We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment, social security, social protection and other laws and to record and administer sickness and parental leave.
- We will use information about your physical or mental health, condition, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work on health grounds subject to appropriate confidentiality safeguards and to provide appropriate workplace adjustments, report workplace accidents, to monitor and manage sickness absence, and to administer benefits.
- We will use information about your racial and ethnic origin and information relating to your health, disabilities, and religion, to ensure meaningful equal opportunity monitoring and reporting (where relevant) and to on-board you as an employee and for administrating your employment contract.
4. Sources of Information
This information is either (a) provided by you; (b) obtained from third parties through the application, recruitment process and your employment excluding any kind of private social network media or account or any non-business related information source;, or (c) created by us in the course of the recruitment process or employment.
5. Legal basis on which we use your information
We process your personal data as set out in this Notice:
- where you have provided prior explicit consent (Art. 6 (1) a) GDPR);
- if processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject (Art. 9 (1) b) GDPR);
- if processing is permitted pursuant to national legislation in particular in accordance with Article 88 of the General Data Protection Regulation (EU) 2016/679;
- for our legitimate interests such as: (a) ensure the effective administration and management of the recruitment process; (b) ensure we hire a suitable individual for a role; (c) deal with disputes and accidents and take legal or other professional advice; (d) improve our recruitment processes; and (e) ascertain your fitness to work (Art. 6 (1) f) GDPR);
- to comply with a legal or regulatory obligation (Art. 6 (1) c) GDPR); and
- to enter into a contract of employment with you if you are successful in your application (Art. 6 (1) b) GDPR);
- it is necessary for the establishment, exercise or defence or legal claims on in relation to court cases (Art. 9 (1) f) GDPR);
- there is a substantial public interest (Art. 6 (1) e) GDPR);
- it is needed to protect your vital interests or the vital interests of another natural person (Art. 6 (1) d) GDPR).
6. Information that we share
We will share your personal information with companies, organisations and individuals inside and outside of our group as follows:
- to other employees and companies in our group, in particular the United States, where our parent company is located and any other country in which we or any of our group companies have offices, for administrative, management and accounting purposes, and as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data;
- subject to us taking reasonable measures to ensure that your information is kept secure at all times:
- to suppliers, vendors and contractors who perform services and process your personal information for us for the purposes listed above, based on our instructions including carrying out processing on our behalf such as (a) pre-employment screening providers, (b) payroll providers, (c) pension providers, (c) employee benefit providers (such as those providing lease cars), (d) IT administrators, (e) medical providers (such as occupational health), (f) insurance providers, (g) training providers, (h) auditors, (i) building security providers, (j) consultants and other professional advisers;
- Future and prospective employers, as far as legally permitted;
- Competent authorities (e.g. tax authorities, immigration authorities), courts and otherwise as required by law;
- to companies, organisations or individuals outside of our group companies if we have a belief in good faith that disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental or regulatory request, for example to public authorities/bodies (for tax and social security administration);
- enforce your employment agreement with us, including investigation of potential violations;
- detect, prevent or otherwise address fraud, security or technical issues;
- provide potential acquirers or purchasers with information in relation to disposal of any of our or our group companies' business or assets;
- provide other group companies with your information in the context of a restructuring of the business; or
- protect against harm to the rights, property or safety of us or our group companies, our employees, contractors, customers or the public, as required or permitted by law.
7. How we use special category personal information
We will process your special categories of personal data:
- if you have provided your explicit consent;
- to consider whether we need to provide appropriate adjustments during the recruitment process and to ascertain your fitness to work;
- for equal opportunity monitoring purposes;
- if it is necessary for the establishment, exercise or defence of legal claims;
- to comply with any legal or regulatory obligation;
- exceptionally, where it is necessary for vital interests relating to you or another person (for example, avoiding serious risk of harm to you or others) and where you are not capable of giving consent;
- where you have already made the relevant personal information public.
8. Information about criminal convictions
As part of the recruitment process, we may ask you for information in relation to certain criminal convictions and/or may carry out criminal background checks where appropriate with regard to the nature of the position you are applying for and only if permitted by the respectively applicable laws. We use this information and these checks (1) to assess your suitability for a regulated role; (2) to protect your interests, our interests and third-party interests; (3) because it is necessary in relation to legal claims. We are allowed to use your personal information in this way where you have provided your explicit consent, or it is necessary to carry out our employment rights and obligations.
9. Automated decision making
We do not envisage that any decisions will be taken about you using automated means. However, we will notify you in writing if this position changes.
10. Retention of your information
We will retain your personal information for the duration of the recruitment process, of your employment and for the length of any applicable limitation period for claims, which might be brought against us later. If you are successful in applying for a position, your personal information will be retained for the further period of your employment and for the length of any applicable limitation period for claims which might be brought against us later (e.g. 3 years in Germany). There are also certain types of information, such as tax records, which require to be retained for a certain period by law (e.g. 6 to 10 years in Germany).
11. Securing your information
We follow strict security procedures as to how your personal information is stored and used, and who sees it, to help stop any unauthorised person accessing it.
12. Where your information will be held
We may transfer the personal information we collect about you to the United States or other countries outside the EU for the purposes of administrating the recruitment process and your employment subject to us implementing appropriate safeguards.
The countries to which we transfer your data are not deemed to provide an adequate level of protection for your personal information.
However, to ensure that your personal information does receive an adequate level of protection we have put in place the following appropriate measure(s) to ensure that your personal information is treated in a way that is consistent with and which respects the EU and UK laws on data protection: Standard Contractual Clauses approved by the European Commission and applicable under Article 46 of the General Data Protection Regulation (EU) 2016/679.
If you would like to obtain copies of such safeguards, you can request them from us on the contact details above.
13. Your rights
You have the following rights in connection to your data: the rights of access, correction, erasure, objection, restriction, transfer, and the right to withdraw consent and to complain to a supervisory authority.
- Access: you are entitled to ask us if we are processing your information and, if we are, you can request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Correction: you are entitled to request that any incomplete or inaccurate personal information we hold about you is corrected.
- Erasure: you are entitled to ask us to delete or remove personal information in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Transfer: you may request the transfer of certain of your personal information to another party.
- Objection: where we are processing your personal information based on a legitimate interest (or those of a third party) you may object to processing on this ground. However, we may be legally entitled to nevertheless continue processing your information based on our legitimate interests or requirements. In this case we will inform you about this situation.
If you want to exercise any of these rights, please contact us in writing at email@example.com and ask for more information.
You also have a right to lodge a complaint with a supervisory authority, in particular in the Member State in the European Union where you are habitually resident, where you work or where an alleged infringement of Data Protection law has taken place.
14. Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection and processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact firstname.lastname@example.org.
15. Changes to this notice
This notice will be changed from time to time.
If we change anything important about this notice (such as the information we collect, how we use it or why) we will notify you.