Recruitment Privacy Notice

The Rieter group (also «we», «us») collects and processes Personal Data that concern you but also other individuals («third parties»). We use the word «data» here interchangeably with «Personal Data».

«Personal Data» means data relating to identified or identifiable individuals, which means that the relevant data, in combination with additional data, make it possible to draw conclusions about the identity of these individuals.

«Sensitive Personal Data» are a subset of Personal Data that is specially protected under applicable data protection law. These include, for example, data revealing racial or ethnic origin, health data, religious or philosophical beliefs, and information relating to trade union membership. In Section 3, you will find information about the data we process in accordance with this Privacy Notice.

«Processing» means any operation that is performed on Personal Data, such as collection, storage, use, alteration, disclosure and erasure. 

This Privacy Notice is aligned with the EU General Data Protection Regulation («GDPR»), with the Personal Information Protection Law of the People's Republic of China («PIPL») and the Swiss Data Protection Act («DPA»). However, the application of these laws depends on each individual case.

The individual Rieter group company that advertises a particular job opening is the controller with respect to the collection and processing of your data in connection with that particular job opening (in particular the one for which you apply) for the purposes of conducting the recruitment process. You can contact this individual Rieter group company for data protection concerns and to exercise your rights under Section 10 using the contact details provided in the job advertisement. 

If you have any questions or concerns in relation with data protection, your point of contact is the responsible data protection coordinator or the group data protection representative. Alternatively, you can send an email to dataprivacy(at)rieter.com.

We process various categories of data about you, the main categories of data are:

• Technical data: When you send an application, we collect data about the access credentials. We generally keep technical data for up to 6 months. 
   
• Account data: This is the data we collect and store about you to enable you to login to our recruitment system. Account data will typically include your name, potentially contact and organizational information, access rights. We generally keep this information for up to 3 months from the date of the application. This period may be longer where required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. Note that your account data may be logged in the form of technical data (see above) and may contain preference data (see below). 
   

• Qualification data: When you apply for a position with us, we collect and process the data that you submit to us in your application materials along with your job application, for example, your name and contact details, information about your academic background, qualifications, and professional experience. We generally collect this data directly from you in your application materials (such as your curriculum vitae, cover letter, diplomas, certificates, academic transcript of records and recommendation letters). Depending on the type of position advertised, we may also receive this data from recruitment and placement agencies that you have provided to them. We also collect and process data that is not provided directly by you, but which is used to determine your suitability for the position (at the recruitment stage), such as, at the recruitment stage, the notes we take during and after our interviews with you, our internal exchanges and discussions about your suitability for the position. As a candidate, if your application is successful and you accept an offer of employment or work from us, the data that we have collected from you during the pre-employment period will become part of your personnel file with us and will be kept for the duration of the employment relationship. This period may be longer where required for evidentiary purposes, to comply with contractual or legal requirements (including local applicable laws), or for technical reasons. As a candidate, if your application (sent by courier) is unsuccessful, we generally keep this data for 3 months from the date of notification of the rejection decision, except in the event of an internal application, where the data is already known to us and will be kept for the duration of the employment. This deadline does not apply to application sent by electronic means, which are kept in accordance with the retention period. This period may be longer in certain circumstances, for example if you have consented to a longer retention period so that we can inform you of future employment opportunities with us. In that case, we will generally keep the data for 6 months from the notification of the rejection decision, and for a maximum of 2 years if you agree to an extension period.

  Insofar as the PIPL applies, please note that qualification data includes certain sensitive personal data such as passport number, marital status, military status, criminal record, extract from the debt collection register, driving license and medical certificate, for which we will ask you for separate consent to obtain them. Depending on relevant employment or working relationship with you, we process such data out of necessity to carry out HR management tasks or comply with appliable laws. If you refuse to provide us with such data, it may result in our inability to consider your candidacy.
   

• Publicly available data: We may collect certain Personal Data about you online to the extent that you have made this information publicly available, and it is relevant for the job opening at issue or otherwise your assessment as a professional. We generally obtain this information from public sources. For example, we may find your profile on professional social media websites (such as LinkedIn and Xing) and collect the information made available through this channel. We generally keep this data for 3 months from the end of the relevant recruitment process and, if you are employed by us, in certain circumstances, for the duration of the employment relationship.
   
• Reference data: If, in your application, you mentioned persons with whom or for whom you have worked in the past, such as former supervisors, co-workers, clients, we can contact them by e-mail, telephone, letter or other means of communication, or meet with them in person, in order to obtain references about you. We will only contact these persons if you have specifically provided us with their names and contacts details for the purpose of your application. Again, we assume you are authorized to do so and that the relevant data you have provided us is accurate. We generally keep this data for 3 months from the end of the relevant recruitment process, except in the event of an internal application, where the data is already known to us and will be kept for the duration of the employment relationship.

We process your data in order to determine whether you are a suitable candidate for the position you have applied for and to decide whether we would like to enter into an employment relationship with you. For this purpose, we mostly use qualification data, publicly available data and reference data. We process this data to progress your application through the different recruitment stages, to verify the qualifications information you have provided, to document our recruitment process and maintain employment records, as well as to document our decision-making process and make an informed recruitment decision.

If your application is successful, we process your data for the purpose of concluding, executing and managing the employment relationship, and for the purpose of terminating the employment relationship and managing the post-employment relationship. For these purposes, we process in particular qualification data, administration data, financial data and performance, health & well-being data, and training data.

Where we do not ask for your consent, the processing of your personal data relies on the basis of processing for initiating and/or performing an employment contract (or another contract under which you are working for us) with you,

• where the PIPL applies, for the implementation of human resources management in accordance with the labour rules and regulations formulated and the collective contract concluded in accordance with laws, or of other bases as permitted by applicable laws,
   
• where the GDPR applies, on our or a third-party legitimate interest in the particular processing operation, in particular in pursuing the purposes and objectives set out above and in implementing related measures. Our legitimate interests also include compliance with legal regulations insofar as this is not already recognized as a legal basis under the applicable data protection law (for example under the laws in the EEA, the United Kingdom and Switzerland). 

In relation with your application, our legal obligations or otherwise with the protection of our legitimate interests and the other purposes set out in Section 4, we may disclose your Personal Data to third parties, in particular to the following categories of recipients: 

• Rieter group companies: Our group companies can be found on the website of Rieter. As an applicant, the individual Rieter group company to which you have applied may, with your consent, share your data with other Rieter group companies so that they can contact you in the event of future job opportunities with them that may be of interest to you, with those Rieter group companies acting as sole controllers for such purposes.
   
• Former and future employers, other organizations referred to in your curriculum vitae: With your approval we may also disclose your data to former employers when you apply for a job with us (for example, reference information) or to future employers when you apply for a new job. These former and future employers act as separate controllers. The same applies with other organizations we may contact for validating your job application data.

As explained in Section 6, we disclose data to other parties. Your data may therefore be processed in Europe and in the country where the Rieter entity is located, in exceptional cases, in any country in the world.

If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection unless the recipient is subject to a legally accepted set of rules to ensure data protection and we cannot rely on an exemption. An exception may apply for example in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected against the processing. 

We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in documentation and keeping evidence require it or storage is a technical requirement. You will find further information on the respective storage and processing periods for the individual data categories in Section 3 (for example, unsuccessful job applications are usually returned after three months, unless we agree to keep them longer). If there are no contrary legal or contractual obligations, we will delete or anonymize your data once the storage or processing period has expired as part of our usual processes. 

We take appropriate security measures in order to maintain the required security of your Personal Data and ensure its confidentiality, integrity and availability, and to protect it against unauthorized or unlawful processing and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access. 

Depending on the applicable data protection law, to help you control the processing of your Personal Data, you have the following rights in relation with our data processing: 

• to request information from us as to whether and what data we process from you
• to have us correct data if it is inaccurate
• to request erasure of data
• to request that we provide certain Personal Data in a commonly used electronic format or transfer it to another controller
• to withdraw consent, where our processing is based on your consent
• to receive, upon request, further information that is helpful for the exercise of these rights.

If you wish to exercise the above-mentioned rights in relation with us (or with one of Rieter group companies), please contact us in writing, at our premises or, unless otherwise specified or agreed, by e-mail; you will find our contact details in Section 2. To be able to prevent misuse, we need to identify you (for example by means of a copy of your ID card, unless identification is not possible otherwise). 

You also have these rights in relation with other parties that cooperate with us as separate controllers – please contact them directly if you wish to exercise your rights in relation with their processing. You will find information on our key service providers in Section 6.

Please note that conditions, exceptions or restrictions apply to these rights under applicable data protection law (for example to protect third parties or trade secrets). We will inform you accordingly where applicable.

If you do not agree with the way we handle your rights or with our data protection practices, please first contact your line manager and HR team members. You may also contact the responsible data protection coordinator or the group data protection coordinator (Section 2). If you are located in the EEA, in the United Kingdom or in Switzerland, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country. 

You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en. 

You can reach the UK supervisory authority here: https://ico.org.uk/global/contact-us/. 

You can reach the Swiss supervisory authority here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.