Privacy information for job applicants
Protecting your privacy is important to us. As part of the recruiting process and/or your use of the online Recruiting Platform, Medela AG, Lättichstrasse 4b, 6340 Baar, Switzerland, as well as any of our subsidiaries, affiliates and entities (collectively, "Medela") will process your personal data.
This privacy information covers what personal data we collect about you, how the personal data will be used and shared (if at all), how the personal data will be stored, and your rights in relations to the processing of your personal data.
To the extent that any of the provisions of this privacy information are inconsistent with or conflict with the applicable laws in your jurisdiction, such applicable laws shall govern your rights in respect of that provision.
We therefore wish to make the following information available to you.
1. Name and contact details of employer responsible for data processing (data controller)
Medela AG and/or the respective local Medela group affiliates (hereinafter referred to as "Medela")
2. Purpose and legal basis
The personal data you disclose to us during the application procedure is processed for the evaluation and allocation of your application, for matching with vacancies as well as for communication with you in the context of the implementation of pre-contractual measures.
Furthermore, in the following cases, the processing is also carried out in our interest:
- In the event that an employment relationship does not come about, this data is stored for the purpose of keeping records and documenting the application process.
- Planning, implementation and documentation of internal auditing measures and analyses to ensure continuous improvement of our business processes and fulfilment of regulatory obligations.
Provided that none of the justification grounds outlined above apply, we obtain your explicit consent.
3. Categories of your personal data
For online applications, we process the following categories of personal data:
- Identification details (e.g. name, surname)
- Contact information (e.g. address, email address, phone numbers)
- Earliest start date
- Salary expectations
- The way how you hear about us
You may disclose further personal data to us e.g. in your CV or at a later stage of the recruiting process. Depending on the country of employment, not all of the following categories of personal data will be processed by the local Medela group affiliate for this purpose:
- (National) Insurance number
- Documentation relating to your right to work
- Date of birth
- Your photograph
- Marital status and next of kin details
- Bank details
- Education history
- Professional qualifications
- Employment details and history incl. past salaries
- Activities outside work
- Driving license
- Interview notes about you
- Rejection reason
- Employment contract details (for successful job applicants)
We may also process job-related information that you have made publicly available, such as a profile on professional social media networks.
4. Sensitive personal data
We may use your sensitive personal data (such as criminal record, health information, ethnic origin, religion, etc.) for recruiting purposes. We do not need your consent if we use sensitive personal data in order to carry out our legal obligations or exercise specific rights under the locally applicable employment law. However, we may ask for your explicit consent to allow us to process certain particularly sensitive data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
5. Recipients or categories of recipients
Medela will not use or disclose your personal data for a purpose other than the purpose for which that data was collected or a secondary purpose for which you would reasonably expect the data to be used.
We may have engaged the following service providers to support the processing of your personal data as part of the recruiting process:
- Job agencies and/or other external recruiting companies
- Provider, hosting and supporting the online recruiting platform
- Provider, hosting and supporting the email Microsoft Office 365 applications (e.g. emails)
- External assessment provider
- Social media platforms
- Internal IT support provider / external local IT support provider
- Provider, supporting the Enterprise Resource Planning (ERP) system
These service providers may not disclose your personal data to any unauthorized third parties or use your personal data for any purposes other than as instructed.
6. Location and duration of storage of your personal data
Your personal data stored on our online recruiting platform Workday is stored on cloud servers in Ireland and backed up in the Netherlands by Workday. Any further systems are mostly stored locally. In case data is stored outside of your country of residence, Medela has appropriate and reasonably adequate measures in place to protect your personal data in compliance with the applicable laws.
In line with data protection principles, we only keep your personal data for as long as we need it, and this will depend on whether or not you are successful in obtaining employment with us.
If your application is not successful and you have not provided your consent allowing us to keep your personal data for the purpose of future suitable job vacancies, we will keep your data for six months once the recruitment exercise ends.
If your application is successful, your personal data will be kept and transferred to the systems we administer for employees. We have a separate privacy information for employees, which will be provided to you.
7. Transmission of personal data abroad
Some local Medela group affiliates and service providers are located in countries that do not provide for the same level of data protection as in your country of residence. Medela has entered into an agreement with these local Medela group affiliates and service providers in an effort to ensure that all necessary measures are taken to protect your personal data in accordance with applicable requirements. The measures that we use to protect personal data are subject to the legal requirements of the jurisdictions where personal data is transferred, including lawful requirements to disclose personal data to government authorities in those countries.
8.Source of Personal Data Collection
We collect data about you either directly from you, from third parties, such as job agencies, from a private reference or current/former employers.
9. Technical and organizational security measures
Medela has implemented single-sign-on access (incl. multi-factor-authentication for untrusted networks) to its Recruiting Platform. Within Workday a "need to know" based authorization concept has been implemented. Medela has also limited the number of people at the service provider with access to your personal data. All data in Workday are encrypted at transfer and at rest. Moreover, an audit log has been activated and will be reviewed in case of an incident.
10. Your data protection rights
The following data protection rights describe the commonly known privacy standards. However, some rights may not apply according to local privacy law.
Right to access personal data: You have the right to request and receive information on the personal data collected on you or processed or, where applicable, shared with third parties, as part of the above-mentioned solutions.
Right to rectification: You have the right to have any inaccurate personal data corrected.
Right to erasure ("right to be forgotten"): You have the right to have your personal data deleted – for example, if your personal information is no longer required for the original purpose it was collected – subject to statutory retention obligations.
Right to restrict data processing: You have the right to request the restriction of the processing of your personal data, for example if the processing is unlawful or the accuracy of your personal data is contested.
Right to data portability: You have the right to receive a copy of the personal data you have provided when using the above-mentioned solution. You can request to have your personal data transmitted to you or, where technically feasible, to another data controller of your choice.
Right to object: You have the right to object to having your personal data processed for certain purposes or to withdraw your consent to such processing.
Please note that in exceptional cases, your right to exercise the above rights may not be guaranteed due to statutory or regulatory requirements.
If you would like to exercise any of the above rights, please send your request to Medela AG, Data Protection Officer, Lättichstrasse 4b, 6340 Baar, Switzerland, or email our Data Protection Officer at firstname.lastname@example.org.
To file an official complaint, please contact the data protection authority in your jurisdiction (for example, current list of National Data Protection Authorities, members of the European Data Protection Board).
Changes to this privacy information for job applicants
We reserve the right to modify, revise, or otherwise amend this privacy information at any time and in any manner. Changes will become effective as of their publication date. If we do so, however, we will dully notify.
Version of 30 March 2021