Privacy policy

Information on data protection for job applicants

 

This information on data protection relates to the processing of personal data of job applicants (data subjects, also referred to below as “you” or “your”) as defined by the General Data Protection Regulation (“GDPR”) and the new version of the BDSG [“Bundesdatenschutzgesetz”: German Data Protection Act]) (“BDSG new”) by CTS EVENTIM AG & Co. KGaA (referred to below as “EVENTIM”, “we” or “us”) upon a visit to the career website and during the entire application process.

 

1. Scope, controller and definitions

 

1.1. Scope of this data protection information

 

1.       This data protection information applies to the use of the career website (found at karriere.EVENTIM.de/en or corporate.EVENTIM.de/en) and the entire job application process. You can retrieve, save and print this data protection information at any time from this website at no charge using the following links:

 

·         corporate.EVENTIM.de/en/links/EVENTIM/privacy-policy/

·         karriere.EVENTIM.de/en/links/EVENTIM/privacy-policy/

 

2.       This data protection information only relates to the processing of personal data of job applicants and personal data in connection with the submission of a job application to EVENTIM.

 

1.2.            Controller of your personal data

 

The controller in charge of the processing of your personal data is:

 

CTS EVENTIM AG & Co. KGaA

Contrescarpe 75 A

28195 Bremen

E-mail: HR[at]eventim[dot]de

Phone: 0421-3666220

 

1.3.            Definitions

 

This data protection information is based on the following legal terms found in data protection legislation that we have defined below to aid understanding:

 

1.       BDSG new is the new German Federal Data Protection Act [“DSAnpUG-EU” – Datenschutz-Anpassungs- und -Umsetzungsgesetz EU: Act to Amend the Data Protection Act and Implement EU Law] which implements the EU General Data Protection Regulation (Regulation (EU) 2016/679) and Regulation (EU) 2016/680). It comes into force on the same date as the GDPR and specifies the requirements of the GDPR in some areas (e.g. the processing of employee data by the employer).

 

2.       The GDPR is the General Data Protection Regulation (Regulation (EU) 2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

 

3.       Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. Recipients of your personal data could be the mailing company or courier we use to send you an employment contract and other documents associated with your job application.

 

4.       In accordance with Sec. 15 AktG [“Aktiengesetz”: German Stock Corporation Act], the EVENTIM Group comprises CTS EVENTIM AG & Co. KGaA and all its affiliated companies. More information can be found at

 

·         https://www.eventim.de/tickets.html?affiliate=EVE&doc=eventim/default/info/en/investor/investorStructure&fun=tdoc&language=en

 

5.       Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data could be the name and contact details of job applicants.

 

6.       Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. CTS EVENTIM AG & Co. KGaA is the controller of the data processing described in this data protection information (1.2.).

 

7.       Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.  Processing could involve the collection and use of your data during the application process (e.g. storing your application documents and communicating the status of your application by e-mail).

 

2.     Purposes, legal framework and data categories when processing your personal data

 

2.1. Candidate search in social networks

 

1.       When searching for qualified applicants, we actively search professional social networks and address potential candidates directly, e.g. via their Xing or LinkedIn account. In such cases we access publicly available personal data found in the social networks which meet certain filter criteria. We list any candidates of interest to us, e.g. using Xing Talentmanager and store the data accordingly.

 

2.       We process your data for the purpose of contacting potential candidates and on the basis of our legitimate interest of recruiting suitable staff, as permitted by Art. 6 (1) Sentence 1 lit. f) GDPR.

 

2.2. Visits to the careers website (log files/cookies)

 

1.       If you visit our careers website we process your personal data (such as your IP address) on the basis of our legitimate interest in preventing fraud and avoiding abuse as permitted by Art. 6 (1) Sentence 1 lit. f) GDPR.

 

2.       Cookies are stored on your computer when using our careers website. Cookies are small text files that are stored on your hard drive and are allocated to and saved by your browser. With the use of cookies, certain data flow to the party that set up the cookie. This also includes personal data. They are used to make our websites easier to use and to structure them more efficiently. Cookies cannot run any programs or transmit any viruses to your computer. Please note the information for job applicants on the use of cookies on our careers website. This can be retrieved from the careers website.

 

2.3. Receipt and processing of job applications

 

1.       With regard to job applications that are received via our applicant management system, by post, by e-mail or via an employee referral link, we process your personal data, e.g. contact details (such as first name, surname, address, telephone number and e-mail address) and any other data you may provide with the application (e.g. CV, qualifications, language skills, work permits). Processing includes reviewing the application documents, conducting telephone interviews, and job interviews as well as deciding on whether or not to offer a position (acceptance or rejection).

 

2.       We make use of recruiting agencies to fill selected positions. Such agencies transmit personal data that you have provided to the respective agency.

 

3.       Processing is conducted on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR and Sec. 26 (1) Sentence 1 BDSG new for the purpose of processing the application and the recruitment process.

 

2.4. Limited-term employment of employees or freelancers for special projects

 

1.       For certain projects, we offer limited-term contracts to employees or freelancers. We use the services of external recruitment agencies for the application and recruitment process, which send us profiles of potential candidates. These may contain your personal data unless anonymized beforehand. The profiles are forwarded internally to the department that conducts the selection. A contract is entered into with the final candidate, either directly with us or via a recruitment agency.

 

2.       Processing of your personal data is conducted on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR and Sec. 26 (1) Sentence 1 BDSG new for the purpose of processing the application.

 

2.5. Collection of additional information on applicants and review of references

 

1.       Where necessary, the references provided by the applicant are used to obtain more background information on the applicant and to verify the information provided, e.g. by contacting former employers. This is intended to provide an even more detailed impression of the former activities of the applicant.

 

2.       We collect and review background information only with the prior consent of the applicant as required by Art. 6 (1) Sentence 1 lit. a) GDPR and Sec. 26 (2) Sentence 1 BDSG new. In those cases where we use publicly accessible sources (such as a profile on a social network) we process your personal data on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR and Sec. 26 (1) Sentence 1 BDSG new for the purpose of processing the application.

 

2.6. Reimbursing travel expenses incurred by applicants

 

1.       We reimburse your travel expenses if you need to travel to us for a job interview. To this end we process your personal data, such as contact data (address, e-mail), identification data (name) and financial data (bank details). The document on the reimbursement of travel expenses is forwarded by our HR department to the respective entity or its financial accounting along with the associated receipts.

 

2.       Processing of your data is conducted on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR and Sec. 26 (1) Sentence 1 BDSG new for the purpose of reimbursing travel expenses and to process the job application.

 

2.7. Talent pool

 

1.       If we are not able to offer the applicant the desired position, we add the candidate to our talent pool, if they consent, to be able to offer another suitable position at a later date. To this end we process the application data of the applicant. This data is forwarded to all companies in the EVENTIM Group via our applicant management system.

 

2.       Your application data is processed on the basis of your consent in accordance with Art. 6 (1) Sentence 1 lit. a) GDPR and Sec. 26 (2) Sentence 1 BDSG new

 

2.8. Creation of the employment contract

 

1.       As soon as a position is offered to you we process your personal data in order to create an employment contract. This involves processing all the information relevant to the contract (such as your name, address, title, start/end of employment, work location, salary, bank data, health insurance company, etc.) and this is forwarded internally to the corresponding HR departments. Processing of your data is conducted on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR and Sec. 26 (1) Sentence 1 BDSG new for the purpose of creating the employment contract.

 

2.       During your employment, we also process special categories of personal data (such as your religion for church tax) and personal data relating to any convictions and your criminal record (such as your clearance certificate). We process your data on the basis of Art. 9 (2) lit. b) GDPR, Sec. 26 (3) Sentence 1 BDSG new and Art. 10 Sentence 1 Alt. 2 GDPR and Sec. 26 (1) Sentence 1 BDSG new for the purpose of creating and executing your employment contract.

 

2.9. Executing internal audits and observing compliance regulations

 

1.       You personal data may be processed in the course of planning and executing internal audits within the EVENTIM Group in Germany and abroad. On a case-by-case basis we may draw on data that is obtainable from other public sources (such as credit reporting agencies).

 

2.       In some circumstances, your data may be processed in the course of compliance programs and measures when we, for example, implement the requirements of the German Corporate Governance Code (GCGC) or identify misconduct in the organization and attempt to remedy this.

 

3.       In the course of such processing activities, it is also possible that your personal data may be processed. We process your personal data on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR. In addition, we process your personal data on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR in order to exercise our legitimate interests of being able to review the processes and efficiency of the group, remedy any misconduct and fraud and, where applicable, assert and/or defend our legal rights.

 

3.     Retention and erasure of your personal data

 

3.1. Log files

 

Log files of the visitors to our careers website are deleted without undue delay unless there is a suspicion that our services have been abused or there are indications of a cyber attack, which would justify longer storage until the matter is clarified.

 

3.2. Applicant data

 

If your application is rejected, your data will be deleted within three months of receiving notice of a rejection. In the event that you have consented to being included in the talent pool, we will store your data until you revoke your consent. If you are hired, your data will be transferred to our internal HR system.

 

4.     Categories of recipients of personal data

 

1.       When processing your application we transmit your personal data within the framework of an internal collaborative process to other companies within the EVENTIM Group. Transmission is based on our legitimate interest to execute our internal administrative activities in an efficient and collaborative manner, in accordance with Art. 6 (1) Sentence 1 lit. f) GDPR.

 

2.       If you apply for a position at a company within the EVENTIM Group (with the exception of CTS EVENTIM AG & Co. KGaA), we transmit your personal data to the corresponding company. Transmission of your personal data is conducted on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR and Sec. 26 (1) Sentence 1 BDSG new for the purpose of processing the application at the corresponding entity.

 

3.       If you have consented to being included in our talent pool, your application data will be transmitted to all companies in the EVENTIM Group. This transmission is based on your consent in accordance with Art. 6 (1) Sentence 1 lit. a) GDPR and Sec. 26 (2) Sentence 1 BDSG new.

 

4.       Your personal data will also be transmitted to an external IT services provider whose tools and platforms we use for the application and recruitment process and who processes your personal data on behalf of us (such as the service provider that provides the applicant management system). We transmit your personal data to process it on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR and Sec. 26 (1) Sentence 1 BDSG new and, based on Art. 6 (1) Sentence 1 lit. f) GDPR, to pursue our legitimate interest of ensuring efficient applicant management processes.

 

5.       In those cases where we send you an employment contract and the documents associated with your application by post, we transfer your personal data to the mailing company. Such transfer of your data is conducted on the basis of Art. 6 (1) Sentence 1 lit. b) GDPR and Sec. 26 (1) Sentence 1 BDSG new for the purpose of establishing employment at EVENTIM.

 

6.       Other than the cases listed above, we transmit your personal data only when there is a legal obligation for us to do so. Transmission is based on Art. 6 (1) Sentence 1 lit. c) GDPR (e.g. to the police authorities during a criminal investigation).

5.     Legitimate interests to data processing and right to object

 

1.       We process your personal data on the basis of our legitimate interests to recruit suitable staff, make our applicant management processes efficient, avoid cases of fraud and abuse and execute our administrative activities in an efficient and collaborative manner.

 

2.       Where your personal data is processed on the basis of these legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR) you have the right to object to data processing at any time. We will respect your objection unless there are overriding reasons as defined by Art. 21 GDPR not to do so. Please address your objection to:

 

·         E-mail: HR[at]eventim[dot]de

·         Tel.: 0421-3666220

 

3.       If you object to processing of your data, we will process your personal data to the extent needed to address your request. In this case your personal data is processed to meet a legal obligation on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR.

 

 

6.     Consent and withdrawal of consent

 

1.       If you have provided us with your consent to the processing of your personal data, you may withdraw this consent at any time. The withdrawal applies to the future. The lawfulness of the processing of personal data prior to the date of withdrawal remains unaffected. Please address your withdrawal to:

 

·         E-mail: HR[at]eventim[dot]de

·         Tel.: 0421-3666220

 

2.       If you withdraw your consent to processing of your data, we will process your personal data collected in this context to the extent needed to address your request. In this case your personal data is processed to meet a legal obligation on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR.

 

7.     Your rights

 

1.       Under the terms of the GDPR, you have the right to demand, at any time, that we

 

·         inform you of the personal data relating to you that we are processing (Art. 15 GDPR)

·         rectify personal data relating to you that is inaccurate (Art. 16 GDPR) and/or

·         erase your personal data (Art. 17 GDPR), restrict it (Art. 18 GDPR) and/or release it (Art. 20 GDPR).

 

2.       Please address your request to:

 

·         by e-mail to HR[at]eventim[dot]de or

·         in writing to CTS EVENTIM AG & Co. KGaA, Contrescarpe 75 A, 28195 Bremen.

 

3.       If you assert your rights towards us, we will process your personal data collected in this context to the extent needed to address your request. In this case your personal data is processed to meet a legal obligation on the basis of Art. 6 (1) Sentence 1 lit. c) GDPR.

 

4.       Notwithstanding your rights under 7, you have the right to lodge a complaint with a supervisory authority for data protection if you are of the opinion that the processing of your personal data by EVENTIM breaches the terms of the GDPR (Art. 77 GDPR).

 

8.     Miscellaneous

 

1.       The terms of this data protection information (available at no charge from Karriere.EVENTIM.de/en or  corporate.EVENTIM.de/en) including the information on the use of cookies for applicants at CTS EVENTIM AG & Co. KGaA (available at no charge from Karriere.EVENTIM.de/en / corporate.EVENTIM.de/en) apply in the version currently in force on the date of your application.

 

2.       We reserve the right to supplement and amend the contents of this data protection information. The updated data protection information applies from the date on which it is published on our website.

 

3.       You will be informed in good time of such supplements and amendments on our website and, if your contact data are already on our files, informed via e-mail or by standard mail. You will be given the opportunity to view, print and save the amended data protection information at no charge.

 

9.     Contact details of the data protection officer

 

Please address any questions relating to data protection to:

 

Data protection officer

CTS EVENTIM AG & Co. KGaA

Contrescarpe 75 A

28195 Bremen

E-mail: datenschutz[at]eventim[dot]de