Data protection information for applicants
Below we would like to inform you about the processing of your personal data:
- The name and contact data of the data controller and of the Data Protection Officer
The responsible party for the collection, processing and use of your personal data within the meaning of the General Data Protection Regulation (GDPR) is
PHOENIX Pharmahandel GmbH & Co KG
Pfingstweidstraße 10 – 12
68199 Mannheim
Tel. +49 621 85050
Fax +49 621 8540-31
E-Mail info@phoenixgroup.eu
You can reach the Data Protection Officer at the above address with the addition "the data protection officer" or at the e-mail address: Datenschutz@phoenixgroup.eu.
- Data processing for the purpose of the job application process
We process personal data of applicants in order to carry out an application procedure for announced positions as well as for initiative applications.
All data of your application will be collected and processed in order to select the suitable applicant for the job position advertised with us. You determine the data we process yourself, as you initiate the data transfer yourself. For the purpose of applicant selection, the respective application will also be forwarded to managers of the respective department. The works council will also have access to your application in order to exercise its right of co-determination and control. The representative body for severely disabled persons or persons with disabilities will also make use of this right in the case of severely disabled applicants or applicants with equal status
Provided the relevant consents have been given, we will also process your data,
- to be able to include you in our pool of applicants,
- to conduct an interview with you via audio and/or video conference, if necessary.
The legal basis for this is in each case § 26 para.2 Federal Data Protection Act new version (FDPA n.v.) in connection with Art. 6 para. 1 lit a) GDPR.
In the case of an employment relationship between you and us, we may process the data you have provided for the purpose of the employment relationship. The processing is then carried out for the implementation or termination of the employment relationship. The legal basis is § 26 FDPA n.v. in connection with Art. 88 GDPR.
Special categories of personal data will only be processed by PHOENIX if you have provided it to us so that we can consider your application as it stands or if there is a legal obligation to do so. This information will not be taken into account in the application process unless there is a legal obligation to do so. The legal basis is then Art. 9 para. 2 lit b), e) GDPR.
- Assessment Centers
We process your personal data in order to be able to carry out an assessment centre, insofar as this is necessary for the selection for the described position. For this purpose, we transmit your personal data within the framework of order processing so that you can be invited to the assessment centre. Further information on data protection can be found in the data protection declaration of the assessment centre. The legal basis for this is § 26 para. 2 FDPA n.v. and Art. 6 para. 1 lit a) GDPR.
- Background-Check
Under certain circumstances, a so-called background check is carried out as part of the application process. This is used for senior management and serves the purpose of a background check and the verification of the authenticity and correctness of the information, documents and references. The legal basis is then the consent according to Art. 9 para. 2 lit b), e) GDPR. The applicant receives further information on the background check as part of the consent.
- Categories of the data
The processing includes applicant basic data, qualifications, certificates, if applicable assessment data in the context of an assessment centre and reference data in the background check.
- Sources of the data
Where we have not received the data from you directly, we may obtain it from a service provider for a background check.
- Purposes of the processing
We process your data for the following purposes:
- Candidate selection
- Verification of data and information
- reliability check
- Defence against claims for compensation and recourse
- Proof of proper data processing
- Recipients of data
We share your data with the following recipients:
- Authorities in accordance with legal requirements (e.g. tax authorities, supervisory authorities, law enforcement authorities).
- Service providers, insofar as they are required as part of the selection process, e.g. to carry out the background check or the assessment centre.
- Affiliated companies within the meaning of Section 15 of the German Stock Corporation Act (AktG)
In some cases, we use carefully selected external service providers to process your data, as well as internal service providers of the PHOENIX group, who, for example, operate the maintenance and administration of our IT systems. Should data be passed on to service providers within the framework of so-called data processing, this is done based on Art. 28 GDPR. Our processors are carefully selected, are bound by our instructions and are regularly monitored by us.
Information is only passed on to state institutions and authorities entitled to receive such information within the framework of mandatory legal provisions or if we are obliged to do so by a court order.
- International data transfer outside EU/EEA
No data processing takes place outside the EU / EEA. Insofar as communication with our branch in Switzerland is necessary for the fulfilment of the contract, an adequate level of data protection exists. Switzerland is a member of EFTA and has acceded to the GDPR 2018. Personal data will not be transferred to third countries without your consent.
- Cookies
Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser.
Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested are stored based on Art. 6 (1) lit. f ) GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as other cookies are stored, these are treated separately in this data protection information.
The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact sheet) is made by a human being or by an automated programme. The website operator has a legitimate interest in protecting its websites from abusive automated spying and SPAM.
For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website. For more information on Google reCAPTCHA and Google's privacy policy, please see the following links:
https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
There is currently no guarantee of an adequate level of data protection in the US. There is a possibility that US authorities may access data about you and you may not have any legal recourse or enforceable rights. The data is deleted one day after the session
- data erasure and retention periods
The data will be erased or locked as soon as the purpose of the storage no longer applies. The data may also be stored if this has been provided for by European or national legislators in Union regulations, laws or other provisions. Blocking or deleting will also take place if a retention period prescribed by the standards mentioned expires, unless there is a necessity for the continued storage of the data for the conclusion of a contract, the fulfilment of a contract or a documentation obligation.
We do not store application data for longer than 6 months after rejection for the purpose of carrying out the application procedure. Storage beyond this period may be based on consent or for the purpose of defending claims. In the event of consent, your personal data will be stored in our applicant pool for one year as part of the application.
- Your rights
Below we would also like to inform you about your rights under the GDPR.
- Right to information according to Art.15 GDPR
You can request information from the controller about the processing of your data.
- Correction of data
You have the right to have data corrected in accordance with Art.16 GDPR if the data concerning you is incorrect or incomplete.
- Right to erasure
You have the right to erasure, provided that the requirements of Art. 17 GDPR are met and there are no reasons why processing is still necessary.
- Right to restriction
You have the right to restriction of processing in accordance with the requirements of Art. 18 GDPR, insofar as the processing does not serve to assert, exercise or defend legal claims.
- Right to data transferability
Under the conditions of Art. 20 GDPR, you have the right of data portability.
- Right to objection
You have a right of objection under Art. 20 GDPR, unless there are demonstrably compelling legitimate grounds for the processing or the processing serves the assertion, exercise or defence of legal claims
Furthermore, you have the option of submitting a complaint to the above-mentioned data protection officer or to a data protection supervisory authority. In accordance with Art. 77 GDPR, you have the right to file a complaint with the responsible supervisory authority.
