Privacy notice for job applicants

Thank you for your interest in ECFR, we are very pleased you are considering applying for a position in our organization. Please take a moment to review the following information on processing of your personal data in connection with your application.

Who is responsible for the processing of your personal data?

This information applies to the entire pan-European ECFR organization, which is formed of five legal entities as detailed below. Since all ECFR legal entities operate in a highly integrated manner, they are jointly responsible for the processing of your personal data according to article 26 of the GDPR and UK GDPR.

The ECFR legal entities, as joint controllers according to Art. 26 GDPR and UK GDPR have amongst themselves agreed that European Council on Foreign Relations (ECFR) e.V. will take primary responsibility for complying with GDPR and UK GDPR obligations, in particular transparency obligations and individuals’ rights.

You can find further information about ECFR, the details of authorized representatives and other contact details in the imprint on our website.

Our data protection officer

European Council on Foreign Relations (ECFR) e.V. has appointed a data protection officer (DPO). In case of any queries you may contact the DPO by using the contact details above and adding “attn of the DPO” or via e-mail: [email protected]

How can you send us your application?

We kindly ask you to send your application using the online form. Your data will then be transferred through encrypted channels.

Recruiting platforms

We also advertise jobs on recruiting platforms, such as Indeed, Stepstone or LinkedIn. To enter your application, the platform will redirect you to our jobs website.

What personal data will we process and for which purposes?

We will process any information sent by you in connection with your job application to assess your suitability for the position (or any other open position within ECFR) and to carry out the subsequent screening and selection process and to contact you. This includes your name, e-mail and application documents.

Primarily, our legal basis for the processing of your personal data with regards to any application procedure is Article 6 (1) b GDPR. Thereafter, any processing of data which is necessary in connection with our decision to enter in an employment relationship with you shall be permitted.

Besides Article 6 (1) b GDPR, the legal basis for the processing of your personal data by one of our other ECFR legal entities may follow from relevant national data legislation, including:

  • the UK GDPR and the DPA 2018 in the UK,
  • the Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales in Spain,
  • the French Data Protection Act in France and
  • the Italian Privacy Code in Italy.

Should any data be necessary for legal prosecution after completion of the application process, data may be processed based on the requirements of Article 6 GDPR, in particular to safeguard our legitimate interests pursuant to Article 6 (1) 1 lit. f GDPR, these interests being the assertion of or defense from any claims.

Insofar as we process special category personal data according to Article 9 GDPR (for instance, health data), the legal basis is § 26 (3) BDSG in connection with Article 9 (2) b GDPR and Article 6 (1) b GDPR.

How long will we store your personal data?

If you are successful and we offer you a position within ECFR, we will transfer your personal data from our application process over to our human resource management system.

Should your application be rejected, we will delete your personal data within six months after the decision being made.

If you are sending a spontaneous application to work at ECFR, we will keep your personal data for a year. This will allow us to contact you with any other openings that could match your profile, including internships positions.

Who will receive your personal data?

Upon receiving your application, it will be reviewed by our HR department as well as any staff responsible for deciding on the position you are applying for. As a matter of principle, only ECFR staff who are directly involved in the handling of your application will be provided with access to your personal data.

We use Personio, a service provider based in Germany, with whom we have signed a data processing agreement (DPA), to store and manage all application data.

Where will your personal data be processed?

Your personal data will be processed on servers provided by our service provider within the European Union.

Your rights

You have the right to information about the personal data processed by us about your person.

In the case of a request for information which is not made in writing, we may ask you to provide us with further proof of identity.

Furthermore, you have the right to correction, deletion, or restriction of the processing of your personal data to the extent to which you are legally entitled to such rights.

You also have the right to object to the processing of your personal data within the scope of the statutory provisions.

You have a right to data portability, again with the scope of the statutory provisions.

To exercise your rights, we kindly ask you to address any queries to European Council on Foreign Relations (ECFR) e.V., using the contact details provided above.

Right to complain

Lastly, you have the right to complain to the data protection supervisory authorities about our processing of your personal data.