Privacy Policy Recruiters

Data privacy notice for the application process at Quandoo Group

In this privacy notice, we inform you how your personal data is processed during your application process with the Quandoo Group. We would also like to inform you about your rights under applicable data privacy laws. Personal data is all data that refers to an identified or identifiable natural person, such as date of birth, address or invoice data, and data that is specific to their identity.

The personal data you have entered in our applicant management system will be processed by the relevant legal entities of the Quandoo Group for the purpose of processing your application and with the objective of filling vacant positions in one of the companies at Quandoo Group.

Furthermore we might use your data in order to match it with other vacancies and thus to take you into account for other positions that might be interesting to you.
At Quandoo Group, the process of filling vacancies involves several members of our HR departments, together with the respective managers and if required also the members of the respective department responsible for the recruitment process. As these people may belong to different companies of Quandoo Group, your data may be exchanged within the Quandoo Group all over the world.

We will not make decisions based solely on automated processings which produce legal effects concerning you or similarly significantly affects you.

 

We respect your privacy

Protecting your personal data and ensuring the security of all our business data are important concerns for us. Therefore, we always consider these concerns in our business processes. The personal data collected when you apply online is treated confidentially and strictly in accordance with the statutory provisions.

 

Contact details of the data controller and the data privacy officer

The Quandoo Group legal entity to which you submit your application is responsible for processing your data. Where required, we have appointed Data Protection Officers. You will find the contact details of the Quandoo legal entities in the EU/EEA and their respective Data Protection Officer in Annex 1.

 

Applying for positions advertised on our job portal

The easiest way to apply for a job at Quandoo is a direct application for a position advertised on our job portals. Your application will be assessed as per our internal processes.

Paper applications are entered manually in our applicant management system and then either returned to you or destroyed. You will receive an e-mail allowing you to activate your application once it has been manually entered in the system. If you do not activate your application within 30 days, your data will be deleted from our applicant management system and you will be removed from the selection process.

You also have the option to make use of your own personal network and submit your application via an associate of the Quandoo Group. Simply forward your résumé to the associate, who will then forward it to a recruiter who will upload it to the applicant management system. You will then receive an e-mail allowing you to activate your application. If you do not activate your application within 30 days, your data will be deleted from our applicant management system and you will be removed from the selection process. We can recognize that a Quandoo associate has recommended you.

We keep you up to date on the status of your application by e-mail. You are free to edit your data or withdraw your application at any time during the application process. To do so, you require a SmartRecruiters profile, which you can create on the SmartRecruiters website.

 

Data categories processed

The following are the main categories of personal data processed:

  • Master data (e.g. name, date of birth, nationality, place of residence)
  • Documents (e.g. references, certificates, résumés)
  • Claims for travel expenses (e.g. bank account details)
  • Communication data (e.g. e-mail address, (cell) phone number, IT user ID, audio and film recordings)
  • Log data recorded while using IT systems

These may also include special categories of personal data such as health data.

 

Sources of personal data

As a general rule, your personal data is collected directly from you during the application process.

When particularly sensitive positions are being filled, an additional check of your application data and background might be necessary. We will contact you directly and ask for your consent before conducting such checks.

 

Transfer of data upon recruitment

If we recruit you for a position, your data will by our HR team be transferred from our applicant management system to our HR administration systems, where it will be stored as associate data and processed accordingly.

 

Purposes of processing and legal bases

We, and the external service providers we commission, process your personal data in compliance with the EU’s General Data Privacy Regulation (GDPR), with the national data privacy laws and with any other applicable national laws. Your data is processed, in particular, during the applicant management process in preparation for an employment relationship with a legal entity of the Quandoo Group.

The main legal basis for this purpose is GDPR Article 6 para. 1(b) (“in order to take steps at the request of the data subject (in this case applicant) prior to entering into a contract”). Other legal bases are:

GDPR Article 6 para. 1(f) (Legitimate interests): e.g. for HR evaluations (controlling, analytical reporting)

 

Special categories of data

As far as special categories of personal data as per GDPR Article 9 para. 1 (e.g. data concerning health) are processed, such processing is carried out in accordance with GDPR Article 9 para. 2(b). Furthermore, it may be necessary to process this data in order assess your ability to work in accordance with GDPR Article 9 para. 2(h).

 

Disclosure of data

Only the people involved in the application process (e.g. line managers and associates of the recruiting department, HR associates and associate representatives) have access to your personal data within the legal entity of the Quandoo Group to which you have applied.

We will disclose your personal data to other data controllers only if necessary for the application, if we or the third party has a legitimate interest in this disclosure, or if you have provided your consent. You will find the details of the legal bases in the section “Purposes of processing and legal bases.” Other legal entities of the Quandoo Group may also be defined as third parties. If data is disclosed to third parties on the basis of a legitimate interest, such cases will be explained in data privacy statement. In some cases, we also use the services of various providers in order to meet contractual and or statutory obligations. You will find a list of these contractors and service providers in the section “Contractors and service providers (data processors).” Additionally, we may disclose your personal data to other recipients outside the Quandoo Group provided this is necessary to meet contractual or statutory obligations.

 

Contractors and service providers (data processors)

We have selected our service providers carefully and monitor them at regular intervals, particularly to ensure that they handle your personal data with due care and store it securely. We obligate all our service providers to observe confidentiality and comply with the statutory regulations. Other legal entities of the Quandoo Group may also be defined as service providers.

The following table shows the contractors and service providers with whom we have an ongoing business relationship:

 

Service providers

SmartRecruiters Inc.

225 Bush Street

San Francisco, CA 94104, USA

Google LLC

1600 Amphitheatre Parkway
Mountain View, CA 94043
United States

 

Type of processing

Provision and ongoing development of the cloud platform (Software as a Service) for the above-mentioned processing. Processing of personal data provided.

Processing data for calls and e-mails

 

Disclosure to recipients outside the European Economic Area

We disclose your personal data to contractors, service providers or Group companies located outside of the European Economic Area (EEA) only if the EU Commission has confirmed that the third country in question has appropriate levels of data privacy or if other appropriate data privacy guarantees (e.g. binding corporate regulations on data privacy or standard EU contractual clauses) are in place. On request, we will provide you with a list of the recipients in third countries and a copy of the specifically agreed regulations to ensure appropriate levels of data privacy. Contact details for this purpose can be seen above in the ‘Contact details of the data controller and the data privacy officer’.

 

Duration of storage; retention periods

We delete your personal data as soon as it is no longer required for the above-mentioned purposes or we no longer have any legitimate interest in its retention. After completion of the application process, your personal data is further stored if we are obligated for such storage under the national law. Furthermore, your personal data may be stored for the period during which claims may be made against us.

 

Security during data processing

We take all the necessary technical and organizational measures to ensure appropriate levels of security and to protect your personal data particularly from the risks of unintended or unlawful destruction, manipulation, loss, alteration, or disclosure to or access by unauthorized third parties. We are constantly trying to improve our security measures and keep them state of the art.

 

Rights of users

If you wish to assert any of your rights, please refer to the contact details in Annex 1. While contacting us, please ensure that you can be identified individually.

 

Right of access

You are entitled to receive information from us about the processing of your data. You may assert your right of access with respect to any of your personal data processed by us.

 

Right to rectification or erasure

You may demand that we correct the incorrect data and complete the incomplete data or erase your data; provided the statutory requirements are met. This does not apply to the data that is required for invoicing or accounting purposes or that is subject to statutory retention periods. If access to such data is not required, processing of the data will be restricted (see below).

 

Restriction of processing

Provided the statutory requirements are met, you may demand that we restrict processing of your data.

 

Objection to data processing

You are also entitled to object at any time to our processing your data. In such cases we will cease processing your data unless we can demonstrate – in accordance with the statutory provisions – compelling legitimate basis to continue its processing that outweighs your interests.

 

Objection to data processing in cases of “legitimate interest”

You are also entitled to object at any time to our processing your data, provided you can lawfully claim a legitimate interest. In such cases we will cease processing your data, unless we can demonstrate – in accordance with the statutory provisions – compelling legitimate grounds to continue its processing that outweighs your interests.

 

Withdrawal of consent

If you have provided us your consent to process your data, you may withdraw it at any time with effect for the future. This shall have no effect on the lawfulness of our processing of your data prior to withdrawal of consent.

 

Data portability

You are also entitled receive your data from us in a structured, commonly used and machine-readable format and/or – if technically possible – to demand transfer of that data to a third party.

 

Right to complain to a data privacy authority

You are entitled to file a complaint with a data privacy authority. You can contact either the data privacy authority responsible for your place of residence, or the data privacy authority responsible for the Quandoo Legal Entity you applied with.

 

Annex 1 Legal Entities and Contact Details Quandoo Group EU/EEA

Country Legal Entity Address Contact
Austria Quandoo Austria GmbH Neubaugasse 21,

1070 Vienna

dataprotection@quandoo.com
Finland Quandoo Finland Oy Konepajankuja 1,

00510 Helsinki

dataprotection.uk@quandoo.com
Germany Quandoo GmbH KulturBrauerei, Schönhauser Allee 36, D-10435 Berlin dataprotection@quandoo.com
Italy Quandoo Italy S.R.L. Via Ascanio Sforza

79, 20136 Milano

dataprotection.it@quandoo.com
Netherlands Quandoo Nederland B.V. Mr. Treublaan 7,

1097 DP Amsterdam

dataprotection.uk@quandoo.com
UK Quandoo UK Ltd. 12-16 Laystall Street,

London EC1R 4 PF

dataprotection.uk@quandoo.com
Switzerland Quandoo Switzerland

GmbH

Mühlebachstr. 2,

8008 Zurich

dataprotection@quandoo.com