Data privacy notice for job applicants of SEFE Group
June 2023
The following data privacy information describes how and for what purpose SEFE Securing Energy for Europe Group (hereinafter also “SEFE Group” or “we”) processes the personal data of their job applicants.
Personal data is any information relating to an identified or identifiable natural person. Anonymous data, without the possibility to identify you, are not treated as personal data. We store your personal data in a safe and secure way to protect it from loss, unauthorized disclosure or access and process it in accordance with the provisions of GDPR1 and applicable national laws.
Our Recruitment process aims at ensuring a smooth and easy process to all applicants and legal entities within the SEFE Group. This means, that for some business areas we recruit globally for all locations and legal entities to ensure a best possible outcome for both the applicants and the SEFE Group. Consequently, you may face more than one SEFE Group entity involved in and accountable for the processing of your personal data alongside your application. The respective SEFE Group company is responsible for the processing of your personal data in accordance with Art. 4 No. 7 GDPR. This means that this SEFE Group entity determines the objectives and purposes for the processing of personal data.
In addition, SEFE Group companies act under joint responsibility in organising and conducting the application process pursuant to Art. 26 of the GDPR. The companies of the SEFE Group have concluded a joint controllership agreement for this purpose. They have stipulated that SEFE Marketing and Trading Ltd. is responsible for the overall Recruitment process management, informing the data subjects and fulfilling requests regarding the rights of the data subjects pursuant to Art. 15 to 21 of the GDPR when carrying out the Group wide application procedure. However, within the scope of joint controllership, you can in principle assert your data subject rights against each of the joint controllers. For more details on your rights, please refer to section 11.
1. RESPONSIBILITY FOR DATA PROCESSING AND CONTACT DETAILS
Jointly responsible data controllers for processing personal data within the meaning of Art. 4 No. 7 GDPR for the job applications to the SEFE Group are
SEFE Securing Energy for Europe GmbH
Markgrafenstraße 23, 10117 Berlin
phone: +49 30 20195 0
email: personal@sefe.eu
SEFE Marketing & Trading Ltd.
20 Triton St, London NW1 3BF, United Kingdom
phone: +44 207 756 0000
email: resourcing@sefe-mt.com
SEFE Energy Ltd.
20 Triton St, London NW1 3BF, United Kingdom
phone: +44 207 756 0000
email: resourcing@sefe-energy.com
SEFE Energy GmbH
Königstor 20, 34117 Kassel, Deutschland
phone: +49 561 99858 0
email: jobs@sefe-energy.de
SEFE Storage GmbH
Karthäuserstr. 4, 34117 Kassel, Deutschland
phone: +49 561 99858 3333
email: personal@sefe-storage.de
You can reach the data protection officer and/or our data protection team at SEFE Securing Energy for Europe GmbH, Data Protection, Markgrafenstraße 23, 10117 Berlin, or at dataprivacy@sefe.eu.
2. TYPE OF PROCESSED DATA
We process your personal data as part of your application, in case you provide this personal data with your application documents or in the further course of the application process.
Personal data processing includes the following categories of personal data if they are necessary for the purposes set out in Section 3:
- Master data (e.g. title, last name, first name, email address, telephone number, zip code and city),
- Application data (e.g. information about previous activities in the group, period of notice, salary expectations),
- Special data categories (Art. 9 GDPR) that you voluntarily provide with your application,
- Data on your education,
- Data about your non-professional interests,
- Other data that you voluntarily provide to us as part of the application process, e.g. data contained in your application letter, CV or job references,
- Communication data: content of personal email or telephone conversations and other data that arise when we exchange data with you (e.g. when raising queries or using the contact form),
- Information on how you became aware of us or, if applicable, the name and data of the career fair through which you contacted us,
- Data on who recommended you, in the case of the internal referral scheme where employees can suggest other employees,
- Data that is needed to support the application process in IT systems (e.g. language settings, general settings, technically necessary cookies),
- Statements on data protection:
- Consent to the processing of personal data,
- Declarations on the revocation of a consent given by you,
- Declarations of objection against the processing of personal data,
- Statements on how to exercise your rights of access, rectification, erasure, restriction of processing and data portability, including the information you provide to us when exercising your rights.
- Internal applicant number,
- If applicable, job number.
In addition, if applicable and required by national legislation, we may also process other data:
- Test results or certificates (e.g. eye test, police clearance certificate).
As a rule, we do not process any personal data that we have received from third parties. However, when we work with third parties, such as head-hunters and recruitment agencies, they provide your applicant data to us.
3. COUNTRY SPECIFIC INFORMATION
In the case of application of the UK GDPR, its applicable paragraphs apply accordingly. In the scope of application of the German Federal Data Protection Act (BDSG) or the UK Data Protection Act 2018 (DPA), the relevant paragraphs apply accordingly.
4. PURPOSES OF DATA PROCESSING AND LEGAL BASIS
Our recruitment management takes place electronically via a Recruiting Management System. You can access the Recruiting Management System via a link on the job advertisement and/or our company website.
If you apply via a recruitment service provider or a job agency that places job advertisements on our behalf, your application may reach us via the recruiting portals of these partners.
We process your personal data for the purpose of receiving and assessing your application and subsequently forwarding it to the entity of the SEFE Group for which your application is most suitable. We process your personal data in compliance with and on the basis of the relevant data protection regulations, in particular the GDPR and national data protection laws:
- Processing of data relating to the employment relationship, i.e. to fulfil contractual obligations or to carry out pre-contractual measures (Art. 6 Para. 1 lit. b GDPR),
- To protect legitimate interests (Art. 6 Para. 1 lit. f GDPR),
- After your prior consent (Art. 6 Para. 1 lit. a GDPR) and/or
- To fulfil legal obligations (Art. 6 Para. 1 lit. c GDPR).
If you provide special categories of personal data in accordance with Art. 9 GDPR, data processing generally will take place on the basis of Art. 9 Para. 2 lit. b GDPR for the purpose of carrying out the obligations and exercising specific rights in the field of employment and social security and social protection law.
In detail, we process your personal data for the following purposes and on the legal basis specified in each case:
- Application process and contract initiation including communication with you
Data or categories of data processed: Master data; application data; information on how you became aware of us; data about your education; data about your non-professional interests; other data that you voluntarily provide to us as part of the application process; communication data.
Legal basis: Art. 6 Para.1 lit. b GDPR. - When concluding an employment contract with us: Transfer of the data to the personnel file of the individual concerned. This serves as a check for abuse and as a basis for the subsequent professional development of the individual concerned.
Data or categories of data processed: Master data; application data; information on how you became aware of us; data about your education; data about your non-professional interests; other data that you voluntarily provide to us as part of the application process; communication data.
Legal basis: Art. 6 Para.1 lit. b and f GDPR. - Assertion of legal claims and defence against legal disputes
Data or categories of data processed: Master data; any personal data that is the subject of the legal claim or dispute.
Legal basis: Art. 6 Para.1 lit. f GDPR. - Management of declarations of consent and revocation in relation to data privacy
Data or categories of data processed: Master data, privacy declarations.
Legal basis: Art. 6 Para.1 lit. a and c GDPR. - Objection management (management of objections related to data privacy issues).
Data or categories of data processed: Master data, privacy consent and objection declarations.
Legal basis: Art. 6 Para.1 lit. c GDPR. - Management of data subjects' rights (handling data subjects' requests for access, rectification, erasure, restriction of processing and data portability in order to exercise data subjects' data protection rights).
Data or categories of data processed: Any data or category of data that is the subject of the specific request.
Legal basis: Art. 6 Para.1 lit. c GDPR, if applicable, Art. 9 Para. 2 lit. f GDPR. - Access management in the Recruiting Management System
Data or categories of data processed: Logging of data for security measures and ensuring appropriate measures are taken to secure your data.
Legal basis: Art. 6 Para.1 lit. f GDPR. - Information you voluntarily provide to us to give us a better picture of your profile
Data or categories of data processed: Any data that you voluntarily share with us.
Legal basis: Art. 6 Para.1 lit. a GDPR, if applicable, Art. 9 Para. 2 lit. a GDPR. - Further data processing within the framework of national legislation
Data or categories of data processed: Data that must or may be processed under national law: e.g. police clearance certificate.
Legal basis: Art. 6 Para.1 lit. c and f GDPR.
5. DATA RETENTION
We process and store your personal data for the required duration of the application process. If the application process ends without you being hired, your data and application documents will be deleted within 6 months of completing the application process. You will not be informed separately about the deletion.
Application documents submitted in paper form by post will be returned to you, as our application process is exclusively digital.
The above does not apply if your data is processed and stored to assert, exercise or defend legal claims (for the duration of the process) or if we obtain your separate consent to store your application documents for a longer period of time.
If you are hired at the end of the application process, both your personal data and your application documents will be used to draw up the employment contract and then included in your personnel file.
The data processed here is subject to various storage and documentation obligations, which result from national legal provisions, often from tax, labour and company law regulations. Finally, the storage period is also assessed according to the national statutory limitation periods.
If necessary, we process and store your personal data for the duration of the application process. This includes i.a. including the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations, which result from the national legislation, which is in Germany, among other things, German Commercial Code (Handelsgesetzbuch - HGB) and the Fiscal Code (Abgabenordnung - AO). The storage and documentation periods stipulated there are two to ten years. Finally, the storage period also depends on the statutory limitation periods, which is in Germany e.g. according to §§ 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch - BGB) as a rule three years, but in certain cases it can also be up to thirty years.
6. COOKIES ON THE WEBSITE OF THE RECRUITING MANGEMENT SYSTEM
We use the so-called cookies or similar functions on the website of our Recruiting Management System to make our website technically available. We base the processing of your data through the cookies used for the aforementioned technically necessary purposes on our legitimate interest in the efficient operation of our website pursuant to Art. 6 Para. 1 lit. f GDPR and the applicable national implementations of the EU-Directive 2002/58/EC (ePrivacy Directive), such as the German TTDSG and the UK PECR. The setting of these cookies and similar functions is absolutely necessary for the operation of the website.
The recruiting portals of our recruitment service providers may also use cookies or other tracking technologies. Further information on this processing can be found in the data protection declarations of the respective recruitment service providers, which are usually linked in the job advertisements.
7. DATA RECIPIENTS AND CATEGORIES OF RECIPIENTS
Personal data can be passed on to the following recipients and categories of recipients:
Internally, access to your data is only granted on the basis of authorization. In the case of ongoing application procedures, these are the involved business functions of the SEFE Group companies, e.g. global and local HR business partners within the Human Resources functions, interview partners and managers from the relevant business units and, if necessary, social partners (works council, possibly also representatives for severely disabled people). Our Corporate IT provides technical support and ensures the functionality of the Recruiting Management System.
We use service providers who process personal data on our behalf (so-called processors, cf. Art. 4 No. 8, Art. 28 GDPR). This includes service providers in the areas of IT, telecommunications and recruitment service providers. In these cases, we have concluded order processing agreements with the service providers.
Insofar as we are authorized to do so on the basis of contractual or legal provisions, or on the basis of consent, we also pass on the above-mentioned personal data to other companies who process the data in joint responsibility (Art. 26 GDPR). Such joint responsibility is given in the following areas
- Application process and HR,
- IT services.
In these cases, we have concluded joint responsibility agreements with these companies. The main content of these agreements on joint responsibility is the ruling on the area of responsibility in the processing of your personal data. For example, any party against whom you make a claim is responsible for settling that claim. Each party is also responsible for the lawfulness of its own data processing in relation to the organisation of the recruitment process. In addition, the agreement regulates the responsibility between the data controllers for the cases in which the data subjects exercise their rights. This relates i.a. to the right to have personal data rectified or erased or to restrict processing.
8. TRANSFER OF DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANISATION
Given the international nature of SEFE Group's business and corporate governance, it may be necessary for an entity in a third country outside the European Union (EU) or outside the United Kingdom to have access to your personal data, or it may be necessary to transfer your personal data to an entity in a third country.
As a general rule, we do not transfer your data from to a third country or international organisation. However, should this become necessary, the transfer will only take place within the framework of valid contractual agreements or legal obligations and if the prerequisites pursuant to Art. 44 et seq. GDPR are fulfilled.
We will only transfer your personal data if
- sufficient guarantees are provided by the recipient in accordance with Art. 46 Para.1 GDPR for the protection of the personal data,
- you have expressly consented to the transfer in accordance with Art. 49 Para.1 lit. a GDPR after we have informed you of the relevant risks,
- the transfer is necessary for the performance of contractual obligations between you and us in accordance with Art. 49 Para.1 lit. b GDPR, or
- another exception from Art. 49 GDPR applies.
Guarantees according to Art. 46 GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to sufficiently protect the data and thus to ensure a level of protection comparable to the GDPR.
A "third country" is defined as a state outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered "unsafe" if the EU Commission has not issued an adequacy decision for this state pursuant to Art. 45 Para. 1 of the GDPR confirming that an adequate level of protection for personal data exists in the country.
A transmission will only take place if an appropriate level of data protection is ensured in the third country (Art. 45 GDPR), suitable guarantees exist (cf. Art. 46 GDPR) or there is another legal permission (cf. Art. 49 GDPR) and insofar as this is necessary for processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, the transfer is required by law or you have given us your consent.
9. OBLIGATION TO PROVIDE DATA
As part of your application, you only have to provide the personal data required to start and carry out the recruitment process. The application process cannot be started without this data.
10. AUTOMATIC DECISION MAKING AND PROFILING
We do not use your personal data for automated decision-making, including profiling.
11. YOUR RIGHTS
Every data subject has the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability from Art. 20 GDPR. In order to exercise the aforementioned rights, you can contact the offices named under number 1.
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Art. 6 Para.1 lit. f GDPR (data processing on the basis of legitimate interest). to insert this also applies to any profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process your personal data in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made in any form and should be addressed to the offices named in section 1. You will not incur any costs other than the transmission costs according to the basic tariff.
If you have given us your consent to the processing of your personal data, you can revoke this consent at any time. As a result, we will no longer continue the data processing based on this consent for the future. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
Please address the revocation of consent to the office specified in section 1.
12. RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY
According to Art. 77 Para. 1 GDPR, you have the right to complain to a supervisory authority if you believe that the processing of your personal data is not lawful, in particular that it violates the GDPR. In this case, you have the choice of contacting the supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation. Irrespective of the aforementioned right to lodge a complaint, we will also accept your request ourselves (for contact details, see section 1).
1 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). In this document, GDPR shall always be applied and interpreted in conjunction with the applicable national legal provisions (e.g. BDSG in Germany and DPA2018 with UK GDPR in the United Kingdom).