Data Privacy Statement for applicants (recruitment)

This Data Privacy Statement explains how Beiersdorf processes your personal data when you apply for a position advertised by us or one of our subsidiaries. It also describes your data protection rights, including the right to object to some of Beiersdorf’s processing operations. For more information on your rights and how you can exercise them, please refer to the section “Legal rights in relation to personal data and how to exercise them”. This Data Privacy Statement supplements our existing General Data Privacy Statement, which gives you specific information on how we process personal data obtained from you visiting our website and related to non-application-specific topics. 

1. Data controller and contact details
2. Collection of personal data
3. Use of personal data
4. Legal basis for processing
5. Data Sharing
6. Legal rights in relation to personal data and how to exercise them
7. Data retention
8. Objection or Withdrawal of yourconsent to the Processing of Personal Data

Responsible for the processing of personal data within the meaning of Art. 4 (7) GDPR is: Beiersdorf ehf, Suðurlandsbraut 30, 108 Reykjavík, Ísland, Sími: +354 533 1880 (see our imprint) 

Within the recruitment process, we collect and store the following categories of personal data about you:

• Data which you have provided to us in your candidate profile, including first and last name, country, e-mail, phone number
  
  
• Data which you have entered on our candidate application form, including desired annual salary and your motivation.
  
  
• Data which you have provided to us in your application documents (curriculum vitae CV, cover letter) including work experience, qualifications and language skills.
  
  
• Data from online assessments (e.g. personality tests, cognitive ability tests, other psychometric assessments) and video interviews (if applicable).  
  
  
• Data provided to us by your referees (if applicable). These are reference points that you have given us to contact.   

We evaluate the results of cognitive ability tests using relevant reference groups considering your profession and level of experience.  

We collect personal data directly from you or from our external partners, e.g. recruiting agencies. We can also obtain information from professional social networks, such as LinkedIn, job boards such as Monster, and from other publicly accessible sources (only information relevant to your professional life) for the purposes of actively approaching you with job offers or for the purpose of confirming the accuracy of the information presented by you within the course of the application.

Your personal data may be used for following purposes:

• To assess your application for the job offered and to communicate with you within the recruitment process.
  
  
• To contact you in case of an alternative career opportunity within the Beiersdorf group (you can restrict the visibility of your candidate profile to the team involved in your current application or grant it to Beiersdorf’s recruiters worldwide).
  
  
• Based on your consent to ask you about your experience within the recruitment process.
  
  
• To contact you following your unsolicited application.

Personal data within the recruitment process will be used for the assessment of your application and, if an employment relationship is established, also for the execution of the employment relationship. For specific positions (e.g. trainees and interns) this includes your participation in an online assessment (such as personality test, cognitive ability test). The legal basis for this is Article 6 (1) c) GDPR. Providing your personal data as part of the application process is voluntary. However, the provision of personal data is necessary for the processing of your application or the conclusion of an employment contract with us.    

When we obtain information from your public profile on professional social networks, such as LinkedIn, we base this processing on our legitimate interest to build a decision base in order to establish an employment relationship with you. The legal basis is Article 6 f) GDPR in conjunction with Article 9 (2) e) GDPR.  

When a processing is based on your consent (e.g. when we invite you to participate in a survey on your satisfaction with the application process at Beiersdorf) the relevant legal basis is  Article 7 GDPR.  

Furthermore, we may process personal data about you where this is necessary to defend ourselves against legal claims arising from the application process that are brought against us. The legal basis for this is Article 6 (1) b and f) GDPR; the legitimate interest is, for example, a burden of proof in proceedings.

We may transfer your personal data to companies affiliated with us provided this is permissible within the scope of the purposes and legal bases outlined above. For the processing activities in our online recruiting system Beiersdorf Group companies are jointly responsible. The essence of the arrangement of this joint determination is that Beiersdorf AG, Germany, is predominantly responsible to fulfill information duties according to data protection law and provide information on the joint processing.  

A list of all Beiersdorf Group companies can be found here:

https://www.beiersdorf.com/about-us/beiersdorf-global

We might share your candidate profile with other recruiting teams in the Beiersdorf Group. You can manage the visibility options of your profile by selecting whether your profile should be visible to the recruiting team involved in your current application or recruiting teams within the Beiersdorf Group worldwide. If you do not wish to be further considered for relevant job offerings, you can request the deletion of your candidate profile, see Chapter Data retention.  

Furthermore, personal data may be processed on our behalf on the basis of contracts pursuant to Article 28 GDPR, especially by providers of systems for applicant management and selection procedures. We do not share data with third parties that have no reference to our application management and application procedures or other use cases we describe in Chapter 3 Use of Personal Data.  

Should we transfer personal data to service providers or Group companies outside the European Economic Area (EEA), the transfer will only take place if an appropriate level of data protection in the third country has been confirmed by the European Commission or if other appropriate data protection guarantees (e.g., binding internal company data protection regulations or standard EU contractual clauses) are available. Beiersdorf has reasonable safeguards in place to protect this information, including standard contractual clauses.  

More information is available under “Data transfers outside the EU”.  

In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies. The legal basis is Article 6 (1) c) GDPR.   

6.1 Right of access
You can request information about your personal data (commonly known as data subject access request). You can exercise this right by contacting us under the above mentioned contact details of the controller.   

6.2. Right to rectification and erasure
If you wish to update the personal data provided to us, you can send us an email to careers.nordics@beiersdorf.com or you modify the data yourself in the relevant application within your candidate profile. Under certain conditions, you can ask us to erase your personal data.  

6.3. Right to restriction of processing
Under certain conditions you have the right to restrict the processing of your personal data, e.g. when you want us to verify the accuracy of your personal data. You can adjust the visibility of your profile at any time or opt out of notifications.

6.4. Right to data portability
Under certain conditions you have the right to receive the personal data concerning you which you provided to us in a structured, commonly used and machine-readable format.  

6.5. Right to object
If we process your data to protect legitimate interests, you may object to such processing for reasons arising from your particular situation. For more information see chapter 8.

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

We retain your data for a period of 12 months after your last log in date in your profile. This is necessary for the burden of proof in the event of a legal claim. We further retain your personal data in that period in case there is a relevant job offering for which you will be a fitting candidate. You can manage the visibility settings of your candidate profile as described in 5 Data sharing. In addition, you can request the deletion of your candidate profile or the withdrawal of your application by contacting our recruitment experts at careers.nordics@beiersdorf.com.

In case your application is successful we may store your personal data within the subsequent employment in compliance with the applicable legal regulations. More information can be found in the Data Privacy Statement for employees that we will provide to you on acceptance of the job.

If you have given your consent (Article 6 (1) a GDPR) to the processing of your data (e.g. when we invite you to participate in a survey on your satisfaction with the application process at Beiersdorf), you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have given it to us.

If we base the processing of your personal data on the weighing of interests (Article 6 (1) f GDPR), you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the Chapter Use of data. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.