Privacy notice for job applicants

Thank you for your interest in ECFR, we are very pleased you are considering applying for a position in our organization. Please take a moment to review the following information on processing of your personal data in connection with your application.

Who is responsible for the processing of your personal data?

This information applies to the entire pan-European ECFR organization, which is formed of six legal entities as detailed below. Since all ECFR legal entities operate in a highly integrated manner, they are jointly responsible for the processing of your personal data according to article 26 of the GDPR and UK GDPR.

The ECFR legal entities, as joint controllers according to Art. 26 GDPR and UK GDPR have amongst themselves agreed that ECFR Deutschland GmbH will take primary responsibility for complying with GDPR and UK GDPR obligations, in particular transparency obligations and individuals’ rights.

You can find further information about ECFR, the details of authorized representatives and other contact details in the imprint on our website.

Our data protection officer

ECFR Deutschland GmbH has appointed a data protection officer (DPO). In case of any queries you may contact the DPO by using the contact details above and adding “attn of the DPO” or via e-mail: [email protected]

How can you send us your application?

We kindly ask you to send your application by using the online form. Your data will then be transferred through encrypted channels. To enter your data and documents in the online form, you will be asked to provide your e-mail and a password. You can use these details to review, complete, amend or delete your application later.

What personal data will we process and for which purposes?

We will process any information sent by you in connection with your job application to assess your suitability for the position (or any other open position within ECFR) and to carry out the subsequent screening and selection process. This includes your name, gender, e-mail, password and application documents.

Primarily, our legal basis for the processing of your personal data with regards to any application procedure is § 26 BDSG (German national data protection law) in connection with art. 6 (1) b GDPR. Thereafter, any processing of data which is necessary in connection with our decision to enter in an employment relationship with you shall be permitted.

Besides art. 6 (1) b GDPR, the legal basis for the processing of your personal data by one of our other ECFR legal entities may follow from relevant national data legislation, including:

  • the UK GDPR and the DPA 2018 in the UK,
  • the Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales in Spain,
  • the French Data Protection Act in France and
  • the Italian Privacy Code in Italy.

In those cases where we keep your application even after the position has been filled, the legal basis is art. (6) a GDPR.

Should any data be necessary for legal prosecution after completion of the application process, data may be processed based on the requirements of art. 6 DSGVO, in particular to safeguard our legitimate interests pursuant to art. 6 (1) 1 lit. f GDPR, these interests being the assertion of or defense from any claims.

How long will we store your personal data?

If you are successful and we offer you a position within ECFR, we will transfer your personal data from our application process over to our human resources department.

Should your application be rejected, we will delete your personal data within six months after the decision being made, unless you have consented to being added to the applicant pool. In this case we will store your application for another twelve months and contact you in case of any future suitable openings within ECFR.

If you are sending a spontaneous application to work at ECFR, we will keep your personal data for a year, unless you specify otherwise via e-mail. This will allow us to contact you with any other openings that could match your profile, including internships positions.

Who will receive your personal data?

Upon receiving your application, it will be reviewed by our HR department as well as any staff responsible for deciding on the position you are applying for. As a matter of principle, only ECFR staff who are directly involved in the handling of your application will be provided with access to your personal data.

We use a service provider based in Switzerland, with whom we have signed a data processing agreement (DPA) to store and manage all application data.

Where will your personal data be processed?

Your personal data will be processed solely on servers provided by our service provider within the European Union.

Your rights

You have the right to information about the personal data processed by us about your person.

In the case of a request for information which is not made in writing, we may ask you to provide us with further proof of identity.

Furthermore, you have the right to correction, deletion, or restriction of the processing of your personal data to the extent to which you are legally entitled to such rights.

You also have the right to object to the processing of your personal data within the scope of the statutory provisions.

You have a right to data portability, again with the scope of the statutory provisions.

 To exercise your rights, we kindly ask you to address any queries to ECFR Deutschland GmbH, using the contact details provided above.

Right to complain

Lastly, you have the right to complain to the data protection supervisory authorities about our processing of your personal data.