Processing of (personal) data by the entity in charge of the online application process
July 2024
Information about data protection
We are pleased you have chosen to apply at Swat.io GmbH. Transparent and trustworthy handling of your personal data is an important foundation for successful collaboration. We wish to inform you how we process your data and how you can exercise your rights according to the General Data Protection Regulation (GDPR). The information below offers an overview of the collection and processing of your personal data in connection with the application process. Please read this Data Protection Declaration carefully before submitting your application.
1. General information
a) Who is responsible for the data processing?
The controller as defined by Art. 4 (7) GDPR is:
Swat.io GmbH
Schönbrunner Straße 213-215, 3.OG,
1120 Vienna
Austria
Commercial register entry number: FN 348798p
Registration Court: Vienna
b) How can I contact the data protection officer?
For questions about data protection, please email privacy@swat.io
2. What is personal data?
Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual. This includes information such as, for example, your name, address, telephone number and date of birth, but also data relating to your specific career etc. by reference to which a specific individual can be identified with reasonable effort. However, information which cannot be (in)directly associated with your real-life identity is not personal data.
Fundamentals and purposes of processing personal data collected from application documents and during the application process. If you apply to us electronically, i.e. via e-mail or using our online form, we will collect and process your personal data for the purpose of executing the application process and preparing contracts.
3. Which data is processed?
3.1. The following data and data categories are processed within the application process:
Applicant master data (first name, last name, title, email address, telephone number, address, date of birth, citizenship)
Qualifications data (cover letter, personal statement, resume, previous experience, professional qualifications and skills)
Voluntary information, such as a photo, disability status or other information that you voluntarily share with us in your application or voluntarily upload
Additional questions depending on the respective position (e.g. driver’s license, citizenship)
Communication between you and us as well as comments and evaluations concerning you that are created during your application process
Other data / data categories, e.g. publicly accessible professional data such as profiles on professional social media networks like XING or LinkedIn
Special categories of personal data: If you provide information in your application documents that falls into special categories of personal data as defined by Art. 9 (1) GDPR (e.g. information that implies your sexual orientation; information on your health; information that implies your ethnicity or religion), we will also process this data only within the legally permissible framework.
3.2. The following additional data are processed in connection within the use of the platform:
a) Automated collection of usage data
When you visit our websites, we process data about your browser, your operating system, location, IP address and a few others to ensure the functionality of the website, the safety of the connection and an excellent surfing experience. We also process data for marketing partly with the support of service providers. For this processing we specifically ask for your consent.
What data: IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation, operating system and version, clicking behavior, recurring visits, transaction data, use of third-party services
Purposes: Statistic, optimization, security, marketing
Legal basis: Legitimate interests, consent
Retention: session and up to 30 days (for detailed information please check our cookie information)
b) Cookies
Personio uses cookies. Essential cookies are necessary to ensure the functioning of the website. Without them the website would not work. For these we do not need consent. For all other cookies, functional cookies, marketing cookies and those to display maps or videos, we ask for your consent.
The legal basis for processing of the data is Art. 6 (1) (f) GDPR.
The cookies used by Personio can be found in the Personio Data Protection Declaration at:
https://www.personio.com/privacy-policy/
4. For what purposes do we process your data and on what legal basis?
a) Data processing for purposes of employment – Overriding legitimate interests (Art. 6 para.1 lit f GDPR): initiation of a contractual relationship, use of professional IT infrastructure
Your personal data is used for purposes of selecting personnel to fill open positions, in other words for initiating a contract of employment. The necessity and the scope of data collection are determined according to the position to be filled, among other factors. More extensive data collection may be required if your desired position is associated with particularly confidential duties, entails significant responsibilities in the areas of human resources and/or finance, or requires certain physical and mental capabilities.
b) Consent – Art.6 (1) (a) and Art. 9 (2) (a) GDPR
If you have declared to us your consent for processing specific personal data, this consent then forms the legal basis for processing of this data.
In the following cases we process your personal data on the basis of your consent:
Inclusion in the candidate pool; in other words, we save your application documents after the current application process in order to consider you in subsequent application processes.
To be added by the company: Possibly other processing scenarios that are based on consent (e.g. forwarding of documents to other group companies / group-wide candidate pool, sending of feedback questionnaires). The data you have already provided in the application process will also be processed.
If we base data processing on your consent, you have the right to withdraw this consent at any time with future effect. Please inform us of this revocation by email privacy@swat.io The legality of the processing of your data up to the time of revocation remains hereby unaffected.
c) Data processing based on a legitimate interest – Art. 6 (1) (f) GDPR
In certain cases, we process your data to safeguard a legitimate interest of ours or of third parties. A legitimate interest applies, for example, if your data is required for the establishment, exercise or defense of legal claims in connection with the application process (e.g. claims according to the General Equal Treatment Act). In the event of a legal dispute, we have a legitimate interest in processing the data for evidential purposes.
d) Feedback questionnaire
To optimize our application process and to improve as an employer, we offer you the opportunity to provide personal feedback. For this purpose, we will send (with prior consent) a feedback questionnaire to you at the specified email address. If you participate in the survey, our service provider Personio (see item 5 “With whom is your data shared?”) will collect the feedback, position title, location of the position, job category and type of employment for which you have applied. This information will then be shared with kununu GmbH and possibly other verified evaluation platforms and published there without inclusion of your name. Kununu cannot establish a relationship with your person. However, please note that other parties, such as your employer, may be able to identify you based on the information provided in the published feedback.
5. With whom is your data shared?
Only authorized HR staff and/or staff involved in the application process have access to your data. In some cases, other internal and external parties also participate in processing the data.
As part of these activities, Personio processes personal data solely on behalf of and for the purposes of Swat.io GmbH and is therefore considered a processor according to Art. 4 (8) GDPR.
Personio Recruiting module is the central platform for our applicant tracking. When using our online form, your personal data is entered directly into the Personio Recruiting module. When an application is submitted by post or email, your data may also be transferred to the e-recruiting system.
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.
6. For how long is your data stored?
(1) Your data will be stored for a period of 180 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
(2) If you are not hired but you have granted us consent to save your data (“candidate pool”), we will store your data until revocation of your consent or for a maximum of 180 days. Where specifically justified, we may also store your data for a longer time period for the purpose of defending against possible legal claims.
(3) If you are no longer using your candidate profile and have not granted consent for continued data storage in the candidate pool, the data will be deleted within 180 days after the end of the application process.
(4) You can delete your candidate profile and your application documents, submit a deletion request or request a restriction of processing at any time.
(5) Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
7. What rights do you have in connection with the processing of your data?
If we as the controller process personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR.
To assert your rights as a data subject in relation to the data processed during this online application process, please refer to our Data Protection Officer: privacy@swat.io
8. Are you obligated to provide your personal data?
The provision of personal data is required neither by law nor by contract, nor are you obligated to provide the personal data. However, the provision of personal data is required for conducting the application process. In other words: if you do not provide us with any personal data along with an application, we cannot conduct the application process.
9. Concluding provisions
We reserve the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the application process or other processes. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.
In addition to this data privacy statement, please view our general data privacy statement at:
https://swat.io/de/legal/