BACK

Job Applicants Privacy Policy

1. Scope

This Job Applicants Data Protection Policy (Policy) applies to all persons going through the selection process to potentially work at any affiliate of msg global solutions ag (hereinafter: “msg global” or the “company”) on the basis of an employment contract or a non-employment contract.

Additionally, this Policy may also apply to third parties, such as former managers or colleagues of the job candidate, whose personal data was provided by the job applicant, for example, through a CV or a letter of recommendation.

2. Purpose and Objectives

Transparency and care of your personal data are core values of msg global. This Policy is issued in alignment with the GDPR and other relevant data protection laws. It explains how msg global processes your personal information during the selection process to assess both whether you meet the criteria to become part of our team and whether your value system matches the business values of msg global.

3. Terms and Definitions

2025 01 08 job applicant privacy terms conditions

The terms "Data Subject", "Personal Data Breach", “Third Country” and "Supervisory Authority" have the meaning that is determined by the GDPR.

4. msg global as Data Controller

msg global determines the purposes and means in which your personal data is collected, used, and otherwise process. In this instance, during the recruitment process msg global acts as the controller of your personal data.

msg global can also act as a joint controller, together with other msg global entities, in which case such msg global companies jointly determine the purposes and means of processing of your personal data of which you will be informed.

The company shall register with the competent Data Protection Supervisory Authority as an organization that processes personal data, where applicable.

To ensure that data processing is lawful, fair and transparent, msg global maintains a Record of Processing Activities. The Record of Processing Activities is reviewed at least once a year or when such need arises.

Additional information on the way msg global maintains the Record of Processing Activates can be found on this LINK.

Questions, concerns, complaints, or disputes regarding this Policy, data privacy at msg global, or msg global’s compliance with applicable data protection laws and regulations may be sent by email at dataprotection@msg-global.com.

The DPO appointed to manage data protection issues related to employees of all European msg global entities is:

Erwin Kraus
msg global solutions Deutschland GmbH Robert-Bürkle-Str. 1
85737 Ismaning Germany

E-mail: dataprotection@msg-global.com

The DPO will be responsible for msg global’s continued compliance with this Policy which will be reviewed at least annually or sooner if the need arises.

For msg global companies that are not within the territorial scope of the GDPR, in accordance with local regulations, msg global may appoint a Local Data Protection Officer (Local DPO).

The DPO is supported by the Data Protection Coordinators (DPC) and Local DPOs.

You can find more about msg global’s Data Protection Organization on this LINK.

5. Data Protection Principles

msg global is committed to process your personal data in accordance with data protection principles as they are set out in Article 5 (1) of the GDPR.

The company guarantees that your personal data is:

  • Processed lawfully, fairly and in a transparent manner in relation to you.
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
  • Processed adequately, relevantly and limited to what is necessary in relation to the purposes for which it is processed (data minimization).
  • Accurate and, where necessary, kept up to date (every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay).
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed (personal data may be stored for longer periods insofar as the personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals).
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

6. Lawfulness of Processing

msg global may process your personal data in compliance with the GDPR and any other applicable data protection regulation under the following lawful basis: consent, contract, legal obligation, vital interests, public task, or legitimate interests. msg global will note the appropriate lawful basis for each process in the Record of Processing Activities.

For the management of the recruitment process, msg global processes your personal information for the purposes and based on the following legal basis:

  • Take steps at the request of the data subject prior to entering into an employment agreement.

Your personal data is processed for your possible employment commitment with msg global, that is, to conclude an employment agreement with you or another type of contractual relationship. However, before concluding a contractual relationship, it is necessary to evaluate whether you are the right person for the company, as well as whether you share msg global’s values.

  • Apply to open job offers at msg

In order to apply for an open job offer at msg global, the company mainly uses the SAP SuccessFactors Recruiting (hereinafter referred to as SF) tool. SF will also be msg global’s Applicant Tracking System and will support the company in the employee hiring process, including sourcing, recruiting, selecting and hiring new employees.

Your personal data processed in SF is used to search, evaluate, select, and hire employees for msg global job vacancies. Applying for a job through SF means that you:

  • Create an account by yourself.
  • The account has been created manually in your name and with your approval through a member of msg global’s HR team.
  • The account has been created manually in your name and with your approval through recruiting agencies.

(all together “SF Application process”).

You can also apply for job openings using the following methods:

  • By e-mail to the named person/contact (available either on website (if provided), through msg global’s employees or by other means).
  • Through direct messages on professional network platforms, such as LinkedIn (and not through a job posting on LinkedIn).
  • Through the company’s “Job for Friends” program.
  • By postal mail to the address of the correspondent msg global company.

The above-mentioned methods for applying for open job offers do not represent a complete list and if there are additional methods for the purposes mentioned above, you will be informed.

Local HR representatives will manually enter into SF the personal data that msg global receives through the methods mentioned above to apply for open job offers.

  • Background checks

msg global will also collect and process your personal data to conduct background checks. The purpose of this screening is to verify the information you shared during the recruiting process or to assess if you might pose any threat to msg global, its members or its clients. Background checks are intended to reinforce a hiring decision and ensure that candidates who have been selected for a job position are a good fit. Background checks are carried out in full compliance with applicable laws.

  • Consent

msg processes your personal data based on your consent taking into full account your interests and fundamental rights. 

Where consent is used as the legal basis for processing your personal data, evidence of such consent will be retained. You may revoke your consent at any time by sending an e-mail to the following email address: dataprotection@msg-global.com or by postal mail to the address of the correspondent msg global company.

After withdrawing your consent, the company will immediately act on your request, stop the processing and delete the personal data in any case within three months of receiving the withdrawal.

  • Compliance with legal obligations

msg global will process your personal data when that processing is necessary for compliance with legal obligations or other requirements.

Your personal data can also be processed for claims management and compliance with the legal obligation to provide information to the parties in the event of defending, lodging, or formulating a claim against a data subject, a controller or a third party.

Compliance with local laws and certain job-specific requirements may include processing criminal records in situations where it is strictly necessary.

  • Legitimate interest

msg global processes your data based on its legitimate interest to protect job applicants, employees, work processes and its physical premises.

The company will only use the personal data necessary for a particular purpose and will always try to limit the use of your personal data.

The company is interested in developing its business, ensuring your safety and providing a safe working environment. The company will assess its own legitimate interest and will only rely on it when your interests, rights and fundamental freedoms do not prevail over said interest.

Based on the company’s legitimate interest, your personal data may be processed in the following situations:

  • To send you electronic communications strictly related to job opportunities, such as the celebration of a work fair organized by any msg global company.
  • Identify and prevent fraud and other illegal

You can at any moment object to the processing based on the company’s legitimate interest by sending an e-mail to the following email address: dataprotection@msg-global.com or by postal mail to the address of the correspondent msg global company. For more information on your rights, please see Section 9 below.

  • Protection of your vital interests

Also, the company may process your personal data where such processing is necessary for the protection of your vital interests.

If the company processes your personal data for the protection of your vital interests, you will be notified as soon as possible.

7. Categories of Personal Data

msg global will process the personal data provided in your job application and CV and other personal data that may arise during the selection process.

In the normal course of such recruitment process, msg global processes the following categories of personal data:

  • Personal identification and location information: name, surname, job applicant contact details (e.g. email, telephone number, postal address), photographs, videos, voice recording, language(s) spoken, gender, date and place of birth, national identification number, social security number, and personal image.
  • Documentation required by labor and immigration laws: nationality, passport data, national ID, residence status, and work permit data.
  • Remuneration and salary information: offered and proposed salary.
  • Recruitment related data: objectives, ratings, career history, competencies, reason of hiring, data contained in the job application, such as cover letters, CV, testimonials, certificates, , evaluations and notes collected by the personnel selection manager during interviews, earliest possibility to start working, training programs planned and attended, and any other personal data provided during the recruitment process.
  • Educational and training information: educational awards, certificates, and licenses, inhouse training attendance, performance management information and qualification, distance learning programs, and performance and development assessments.
  • Publicly available data: data obtained from publicly accessible sources, such as social media profiles (LinkedIn, etc.).
  • Special categories of personal data: In situations where it is strictly necessary and there is a legal basis for this, the company may also process special categories of data, which could include criminal records, such as information about criminal convictions and prosecution, (only when required or permitted by law), medical/health-related information or disability status, including any medical condition, such as medical certificate, union membership information, data that reveal ethnic or racial origin (derived, for example, from one's own personal image), political opinions or religious beliefs (for example, for the purpose of obtaining paid time off) and biometric data when necessary, in a justified manner and proportionate to the purpose pursued.

Please note that the list of Categories of Personal Data processed by the company is illustrative, not exhaustive. Consequently, if it is necessary to process other Categories of Personal Data apart from those described above, the company will inform job applicants in accordance with current regulations.

8. Recipients of Personal Data

The company may share your personal data for the purposes set out in this Policy with the entities described below, which may be established both inside and outside the European Economic Area (“EEA”), in compliance with the provisions of Section 10.

Your personal data may be shared with:

  • msg global solutions ag and other msg global entities that need to access your personal data to manage services and activities coordinated at Group level, such as those carried out by Global Operations departments, including HR, among others.

Third parties that may have access to your personal data in accordance with agreed rights and obligations, when strictly necessary or for security purposes, include:

  • Information technology service providers, such as cloud providers, hosting companies, support providers or software companies.
  • Governmental authorities, public administration bodies, and public authorities.
  • A newly formed or acquiring organization if msg global is involved in a merger, sale, transfer, or any other change in ownership status of some or all of its business.
  • Any recipient, if the company is required to do so, such as by applicable court order or law, including government institutions and Data Protection Supervisory Authorities.
  • Any recipient when reasonably necessary such as in the event of a life-threatening emergency.

Where appropriate, the abovementioned recipients will be required to have appropriate technical and organizational measures in place to ensure the protection of your personal data. Where necessary, data processing arrangements will also be implemented.

9. Your Rights

Under the GDPR, you may exercise, at any moment, certain rights related to the personal data msg global processes about you in connection with the selection process.

As a data subject you have the following rights:

  • Information: right to know how the company processes your personal data (this right has been met by providing you with this Policy).
  • Access: request access to your personal data processed by msg global. If your request is made electronically, and unless you request otherwise, the information will be provided in a commonly used electronic format.
  • Rectification: ask to have inaccurate data held about you rectified without undue delay or to have incomplete personal data Please notify the company if your personal details change or if you become aware of any inaccuracies in the personal data msg global holds about you.
  • Erasure: request erasure of personal data (except to the extent it may be limited, excused or prohibited by applicable law) without undue delay.
  • Restriction: request that the company restricts the processing of your data.
  • Data portability: you have the right to receive the personal data concerning you, which you have provided to msg global, in a structured, commonly used, and machine-readable format and you have the right to transmit that data to another controller where the processing is based on your consent, a contract or has been carried out by automated means.
  • Objection: where processing is based on the company’s legitimate interests, or for direct marketing, including profiling, you have the right to be given the option to object to processing.
  • Withdrawal of consent: when processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

You can exercise your rights, free of charge, by sending an e-mail to: dataprotection@msg-global.com or by postal mail to the address of the correspondent msg global company.

msg global will inform you of the measures taken without undue delay and, in any case, within one month following receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. This period may not exceed three months and the company will specially inform you about this.

If your request is manifestly unfounded or frequently repeated, the company may deny it or charge you for it. Repetition is considered to be frequent when you contact the company with a request to exercise the same right more than once every six months, unless there is legitimate cause for it. If you contact the company two or more times in a six-months period to exercise the same right, the company will manage your request only if you have a valid reason.

In case you consider that any of these rights are not respected or that the company acts against the law, you can at any moment file a complaint with the competent Data Protection Supervisory Authority.

10. International Transfer of Personal Data

The company may disclose your personal data to other countries outside the European Economic Area (EEA) in order to fulfill the purposes described in Section 6 of this Policy. The personal data subject to transfer is described in Section 7 of this Policy.

msg global may transfer your personal data to third countries or international organizations, that have been declared to have an adequate level of protection by the European Commission, to manage relationships with its employees and job applicants, conduct business with customers, and participate in relevant projects with its partners, among others.

In specific cases where the recipient does not have an adequate level of protection, the transfer of your personal data will be subject to appropriate safeguards in accordance with the applicable law. Where appropriate, in accordance with Chapter V of the GDPR, such safeguards include, but are not limited to, standard contractual clauses (SCCs) adopted by the Commission and binding corporate rules (BCRs).

In the event that your personal data is shared between any or all msg global entities, the transfer of such data will be governed by an Intra-Group Data Transfer and Processing Agreement implementing all applicable TOM’s as set out in Section 12 of this Policy.

11. Storage Period

msg global retains your personal data:

  • For the duration of the selection process or for an even longer period in accordance with the applicable legal Once the selection process has ended, certain personal data may be kept duly blocked. The blocked information will only be used, if necessary, to make it available to judges and courts, the prosecutor's office or competent public administrations, in particular Data Protection Supervisory Authorities, with a view to ensuring compliance with the responsibilities arising from the processing and only for the period of limitation of said information.
  • As long as there is a purpose for which you have given the company your consent or until you withdraw such consent.
  • As long as msg global is legally required to store your data under applicable legal requirements.
  • As long as msg global has a legitimate interest to process your personal data and you don’t object it.

In any case, the company will implement technical and organizational measures to ensure that the processing of your personal data is relevant and does not exceed its intended use, and that it is accurate and complete to satisfy the purposes described in this Policy.

msg global retains your personal data in SF, for a maximum of 6 months counting from the moment where your status on SF is moved to either "rejected" or "hired". We will also process the personal data entered through SF for a longer period of time if you have given us consent to do so or if prescribed so by applicable local laws as stated in the table below:

2022 10 31 storage period

If you give us the consent to process your personal data originating from your SF account – the maximum period we will process your personal data in this case is 2 years, counting from the “period of inactivity” of your account and not from the moment of providing consent. It is a fixed duration until anonymization of your personal data.

If you give us consent for processing your personal data for the purpose of keeping you informed and sending similar adequate job offers in our company (i.e., Job Newsletter), the maximum period for which we will process your personal data in this case is 2 years, counting from the “period of inactivity” of your account and not from the moment of providing consent. It is a fixed duration until anonymization of your personal data.

If you don't provide us with the consent to process your personal data, your personal data will be anonymized.

12. Security Measures to Protect your Personal Data

msg global takes reasonable and appropriate physical, administrative, procedural, and technical measures to protect your personal data from loss, misuse and accidental, unlawful, or unauthorized access, disclosure, alteration, and destruction. msg global applies the best industry standards regarding data protection.

Access to personal data is limited to personnel who need to access it and appropriate security measures have been implemented to prevent unauthorized disclosure of information.

When personal data is deleted, it is done securely, so that such data is irrecoverable.

Appropriate back-up and disaster recovery solutions are in place.

msg global continually takes appropriate security measures to protect your personal data in accordance with the GDPR and other relevant data protection laws. These measures are set up in the correspondent TOM’s for each msg global entity.

You will find more information about the security measures applicable to msg global's computer systems, the Internet and technological solutions from approved providers used within the company in the various IT Security policies adopted by msg global.

13. Possible Consequences of Failure to Provide Personal Data

Submission of your personal data in the application form or other document is a necessary condition for msg global to consider you for vacancies in the company.

However, if you do not provide the company with the necessary personal data, this would greatly impact the company's decision-making process and would not allow msg global to complete the selection process for the position you are applying for.