1. Who is responsible for the processing?
The controller is:
MEININGER Shared Services GmbH
Obentrautstrasse 72, 10963 Berlin, Germany
2. How can you contact the data protection officer?
You can reach our data protection officer as follows:
MEININGER Shared Services GmbH
Data Protection Officer
Obentrautstrasse 72, 10963 Berlin, Germany
Email: dataprotection[at]meininger-hotels.com
3. Which personal data do we process?
We process your personal data, as far as they are necessary for the execution of the application procedure. This includes the following data categories:
Standard information:
- Applicant master data (e.g. first name, last name, address, job position)
- Qualification data (e.g. cover letter, CV, previous activities, professional qualification)
- (Employment) reference letters and certificates (e.g. performance data, assessment data)
Special information required due to the position to be filled
- Criminal record certificate
- Creditworthiness information
- Results of the aptitude test
- Result of the medical aptitude test (if required by law)
Other information
- Publicly accessible, job-related data, such as e.g. a profile in professional social media networks
- Voluntary information, such as e.g. an application photo, information on severe disability or other information that you voluntarily provide to us in your application.
4. From which sources does your data come?
We process personal data that we receive from you during the application process. We also receive personal data from other companies of the MEININGER Group as well as recruitment service providers. Furthermore, we process personal data that originates from public sources, e.g. professional social media networks.
5. For what purposes and on what legal basis do we process your data?
We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and in Germany the German Federal Data Protection Act (BDSG) as well as all other relevant laws.
5.1 Data processing for the purpose of the application (Section 26 para. 1 BDSG)
Personal data of applicants may be processed for the purposes of the application procedure if this is necessary for the decision to establish an employment relationship with us. The necessity and scope of the data collection are judged, among other things, by the position to be filled. If your desired position involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, or is linked to certain physical and health conditions, more extensive data collection may be necessary. In order to protect data protection, such data processing takes place only after the selection of applicants has been completed and immediately before you are hired.
5.2 Data processing on the basis of a consent given by you (Art. 6 para. 1 lit. a GDPR, Section 26 para. 2 BDSG)
If you have given us your voluntary consent to the collection, processing or transfer of certain personal data, then this consent forms the legal basis for the processing of this data. In the following cases we process your personal data on the basis of your consent:
- Admission to the applicant pool, this means we store the application documents beyond the current application procedure for consideration in later application procedures
- Passing on the application to other companies of the MEININGER Group
5.3 Data processing on the basis of a legitimate interest of the controller (Art. 6 para.1 lit. f GDPR)
In certain cases we process your data to protect our legitimate interests or that of third parties. In the event of a legal dispute, we have a legitimate interest in processing the data for evidential purposes.
6. To whom will your data be passed on?
Your data will be processed mainly by our human resources department and the department manager of the position to be filled. In some cases, however, other internal and external bodies are also involved in the processing of your data.
Internal departments:
- Human resources department
- Department manager
Other companies of the MEININGER Group:
The companies of the MEININGER Group can be accessed via this link.
External Services Providers:
- Service providers of candidate management systems
- IT service providers (e.g. maintenance and hosting service providers)
- Service providers for document and data destruction
7. Will your data be transferred to countries outside the European Union (so-called third countries)?
Countries outside the European Union (and the European Economic Area "EEA") handle the protection of personal data differently from countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.
We have therefore taken special measures to ensure that your data are processed in third countries as securely as within the European Union. We conclude the standard data protection clauses provided by the Commission of the European Union with service providers in third countries. These clauses provide appropriate guarantees for the protection of your data with service providers in third countries.
If you wish to review the existing warranties, you can contact us at dataprotection[at]meininger-hotels.com.
8. For how long do we store your data?
We store your personal data for as long as this is necessary for the decision on your application. If an employment relationship between you and us is not concluded, we may also further store data, insofar as this is necessary to defend against possible legal claims. Your data will be regularly deleted within 6 months after the end of the application process.
If an employment relationship is not established, but you have given us your consent for the further storage of your data, we will store your data until your consent is revoked, but for a maximum of further three years. On specific occasions, we may also store your data for a longer period of time for the purpose of defending us against possible legal claims.
9. What rights do you have in connection with the processing of your data?
Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. In Germany, the restrictions according to §§ 34 and 35 BDSG apply to the right of access and the right of erasure.
9.1 Right to object
What right do you have in the event of data processing for legitimate or public interest?
Pursuant to Art. 21 para. 1 GDPR, you have the right to object at any time for reasons arising from your particular situation to the processing of your personal data on the basis of Art. 6 para.1 lit. e GDPR (data processing in the public interest) or Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
9.2 Revocation of consent
You can revoke your consent to the processing of your personal data at any time. Please note that the revocation is only valid for the future.
9.3 Right to information
You may request information as to whether we have stored personal data about you. If you wish, we will inform you of the data concerned, the purposes for which the data is processed, to whom this data is disclosed, how long the data is stored and what further rights you are entitled to with regard to this data.
9.4 Further rights
In addition, you have the right to have your data corrected or deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You may also request that we provide all personal information that you have provided to us in a structured, current and machine-readable format either to you or to a person or company of your choice. In addition, there is a right to lodge a complaint to the responsible data protection supervisory authority (Art. 77 GDPR, in Germany in conjunction with § 19 BDSG).
9.5 Assertion of your rights
To exercise your rights, you can contact the controller or the data protection officer using the contact details provided. We will process your enquiries immediately and in accordance with legal requirements and inform you of the measures we have taken.
10. Is there an obligation to provide your personal data?
There is no legal or contractual obligation to provide your personal data. However, providing your personal data is required to carry out the application process. This means, that if you do not provide this data, we will not be able to carry out the application process.
11. Changes to this information
If the purpose or manner of processing your personal data changes significantly, we will update this information in time and inform you about the changes.
Effective: June 2018