Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Privacy Policy

The protection and confidentiality of your personal data is of particular importance for us. In order to ensure the protection of your personal data, we have taken technical and organizational measures to comply with the data protection regulations. With this data privacy policy, we inform about how we collect personal data as part of your application process and for what purpose the data is processed. Your data will be processed in accordance with this Privacy Policy and the applicable data protection laws.
This privacy policy applies to the career portal and the applicant management system of Penta Hotels Worldwide GmbH
This Privacy Statement also applies to the following companies:
  • pentahotels Russia
  • pentahotels Deutschland
  • pentahotels Belgium
  • pentahotels Česká republika
  • pentahotels UK
  • pentahotels France

Name and contact details of the controller

The controler in accordance with Art. 4 No. 7 of the General Data Protection Regulation (hereinafter referred to as the GDPR) is:
Penta Hotels Worldwide GmbH
Penta Hotels Worldwide GmbH
Mayfarthstraße 15-19
60314 Frankfurt am Main

Data protection officer

Penta Hotels Worldwide GmbH
Datenschutzbeauftragter
Mayfarthstraße 15-19
60314 Frankfurt am Main
Germany
E-Mail: datenschutzbeauftragter@pentahotels.com

Data processor

For the efficient execution of application procedures, we use an applicant management system of softgarden e-Recruiting GmbH, Tauentzienstr.14, 10789 Berlin (contact: datenschutz@softgarden.de), which operates the applicant management as a processor in accordance with Art. 4 No. 8 GDPR. A contract for order processing in accordance with Article 28 GDPR has been concluded with the supplier, which ensures compliance with data protection regulations.
We remain your first point of contact for the exercise of your affected rights as well as for the processing of the application process. You can contact us directly or, if specified, confidentially to the Data Protection Officer under the above-mentioned information of the controller.

Object of data protection

The object of data protection is the processing of personal data, in this case within the framework of applicant management. This includes, under Article 4 No. 1 GDPR, all information relating to an identified or identifiable natural person (“data subject”) which is necessary for the conduct of the application process and the initiation of an employment relationship, Section 26 of the German Data Protection Act or applicable national law.
In addition, in the context of the use of applicant management, data related to the use, so-called usage data, are also collected. Usage data is such data that is necessary to operate our websites, such as information about the start, end and extent of use of our website, such as login data. These processing operations are in accordance with data protection and telemedia law.
In the context of the application process and/or the use of the system, processing activities may also take place, which take place either on the basis of justified interest in accordance with Art. 6 (1) lit. f) GDPR or on the basis of your consent in accordance with Art. 6 (1) lit. a) GDPR. Also eligible are processing activities which involve a legal obligation to process or a public interest, Article 6 (1) lit.c) and (e) GDPR, such as in the context of law enforcement or the investigation of public authorities. You can determine and control the scope of the processing yourself by means of individual settings in your web browser, the configuration of the corresponding cookie settings and their user behaviour.

Collection and use of your data

Visit to the website

For operational and maintenance purposes and in accordance with the provisions of telemedia law, interactions ("system logs") that are necessary for the operation of the Website or processed for system security purposes are recorded for example to analyse attack patterns or unlawful usage behaviour ("evidence function").
Your Internet browser automatically transmits the following data as part of your access to the career portal:
  • date and time of access,
  • browser type and version,
  • operating system used,
  • Quantity of data sent.
  • IP address of access
This data is not used for immediate assignment within the framework of applicant management and will be deleted in a timely manner in accordance with the legitimate retention periods, provided that no longer retention is required for legal or factual reasons, e.g. for evidence purposes. In individual cases, storage for the aforementioned purposes is considered. The legal basis is Art. 6 (1) lit. f) GDPR and/or the applicable tele media law.

Session-Cookies

We store so-called "cookies" in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. "Cookies" are small files that are stored on your computer with the help of your internet browser. If you do not wish to use "cookies", you can prevent the storage of "cookies" on your computer by adjusting the settings of your internet browser. Please note that the functionality and functionality of our offer may be limited as a result.
We use the cookie JSESSIONID on the career page as a technically necessary session cookie. This saves a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. This session cookie is deleted when you log out or close the browser.

Data entered by the user

Application process

As part of the application process, you can set up and manage an account in the career portal after configuring your username and password. In addition to the individual application, you can use other options in the softgarden applicant management system and make your individual settings (e.g. admission to a talent pool).
For the efficient and promising application, you can provide us with the following information as part of your application:
  • Contact details (address, telephone number)
  • CV data. B.
    • school education
    • vocational training
    • professional experience
    • language skills
  • Social profiles (e.g. XING, LinkedIn, Facebook)
  • Documents related to applications (application photos, cover letters, certificates, work certificates, work samples, etc.)
The legal basis for processing for the purpose of carrying out the application procedure and the initiation of an employment relationship is Section 26 (1) of the German Data Code (BDSG) or the applicable national law. In addition, the use of the applicant management system by the controller is in the legitimate interest in accordance with Art. 6 (1) lit. f) GDPR. If consent is required for a particular processing activity, in accordance with Art. 6 (1) lit. a), this is obtained separately and transparently by the controller from you, provided that this does not result from a conclusive and voluntary behaviour on your part, such as the voluntary participation in a video interview, in accordance with the requirement of transparency.

Disclosure of data

Your data will not be passed on to unauthorized third parties as part of the applicant management and will be processed for the purposes specified in this data privacy policy. Thus, the inspection by internal authorities and experts of the controller is in the legitimate interest, insofar as the knowledge of the information from the application process is necessary and permissible for the selection of candidates or internal administrative purposes of the company. For this purpose, your information can be forwarded to third parties in the company by e-mail or within the management system. The legal basis may be Section 26 (1) of the German Social Protection Act (BDSG)/th applicable national law, Art. 6 (1) lit. f) and (a) GDPR.
The transfer to third parties also takes place in the context of order processing in accordance with Article 28 GDPR, i.e. in the context of processing activities in which the controller has a legitimate interest in outsourcing processing activities which he is otherwise entitled to carry out himself. To this end, the controller shall take the measures to ensure compliance with data protection regulations.
Disclosure to external third parties may also be made in the defence of legal claims based on legitimate interest or in the context of the investigation of or disclosure to public authorities, insofar as a law requires this or there is an obligation to disclose. The information obligations to data subjects in the terms of Art. 13, 14 GDPR are guaranteed in advance of the relevant disclosure, insofar as these are to be fulfilled separately.

CV-Parsing with Textkernel

We process and analyze documents uploaded by you using AI in order to extract CV data and convert them into a structured form (so-called "CV-Parsing"). 
In order to ensure affected parties' rights and security standards, a contract for order processing has been concluded with the providing service provider. Processor is the ISO27001-certified provider Textkernel  B.V. Nieuwendammerkade  26 A 5, (1022AB) Amsterdam, The Netherlands. The data processing takes place on a server in Germany in a secure environment. 
The legal basis for processing is Section 26 (1) of the German Data Protection Act (BDSG) (or applicable national law) and Article 6 (1) lit. f) GDPR in order to initiate an employment relationship and to make the application process efficient for you. Personal data will not be transferred to unsafe third countries. Your data is routinely deleted from the cache once a week.

Feedback Module

In addition to your application, we can ask you to provide your feedback after an interview and 3 months after your appointment. We will send you an invitation link that will guide you into the rating system to provide feedback. The purpose of the processing is the further development and optimization of our recruiting and application processes as well as the company image. 
For this purpose, the following data is processed automatically: 
  • Contact details (name, e-mail)
  • Position title of the job you applied for
  • Location of the position
  • Jobkategorie
  • Applicant ID
The feedback itself is stored anonymously in the database. A personal reference is not produced. In addition to a star rating of individual questions, you have the opportunity to leave comments here. We expressly ask you not to leave any personal data in the commentary. The information collected in this way can be displayed on our evaluation page together with your feedback or transmitted to external partners such as kununu. 
Participation is purely voluntary and only with your consent, without which the feedback is not possible. The legal basis is Art. 6 (1) lit. a) GDPR.

Job subscription "Job-Abo"

In order to be informed about new job vacancies, you can subscribe to the job newsletter or have suitable jobs displayed on our career board (RSS feed). You can define the subscription by specifying the desired activity and the location.  
Your e-mail address is also required for the subscription. The legal basis for this is your consent to the receipt of the newsletter in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter(Opt-Out). 
The RSS feed itself does not process any personal data for information on new job advertisements.

Referral Manager

Through the Referral Manager tool, recruiters and employees have the opportunity to share vacancies in our company on social networks or by email to acquaintances and friends in order to reach potential applicants or make direct recommendations. 
If you decide to apply for a position directly or indirectly, your personal information will be processed in accordance with a regular application process. Your data is regularly displayed to responsible users and processed in applicant management. However, before submitting your application, you will be given the opportunity to view your application anonymously in the Referral Manager. The recommender can therefore only understand that a person has applied for a recommendation. Otherwise, the name, job and application photo can also be viewed by the recommended person in the Referral  Manager. 
The legal basis for the processing of your data for the purposes of recommendation and application is Art. 6 (1) lit. a) and f) GDPR as well as Section 26 (1) BDSG or the applicable national law. The data will be processed and deleted in the same way as the regular application procedure.

Salary Statistics

softgarden will give you the opportunity to provide feedback on your salary expectations and salaries offered to you in various steps of the application process.
The information transmitted will be anonymised and processed without linking to your name and contact details. softgarden processes this data anonymously for its own purposes (statistics, analysis, studies) and is responsible for this processing in the form of Art. 4 No. 7 GDPR. 
The processing takes place only with your consent by participation and on a purely voluntary basis. The legal basis is Art. 6 (1) lit. a) GDPR.

Social Share Buttons

It is possible to share the job ads on different social networks. Different buttons are offered per network. After clicking on one of these buttons, you will be directed to the respective networks and will be taken to their login pages. These buttons do not represent plug-ins and do not transmit personal data directly to the operators of the social networks. 
Currently, job ads can be shared on the following social networks: 
The legal basis is Article 6 (1) lit. f) GDPR for statistical analysis and range measurement of job advertisements.
You can also find out how the aforementioned social networks process your personal data by using the links provided. We have no influence on the processing of your personal data by the social networks.

Online Surveys "easyfeedback"

At the end of the application process, softgarden can send you an invitation to a survey via a link. The survey takes place via a service of easyfeedback GmbH in order to check the application experience. softgarden conducts this survey as controller, Article 4 No. 7 GDPR and processes the collected data anonymously for its own purposes (statistics, analysis, studies) as well as for the further development of softgarden products. 
The collection of the survey data is secured by default via the SSL encryption method and softgarden does not establish a personal reference within the scope of processing. The survey can be cancelled at any time. The data processed up to the time of termination can be used for these purposes. 
Your participation in the survey is purely voluntary and you agree to participate, without which your participation is not possible, Art. 6 (1) lit. a) GDPR. The processing of the data is carried out anonymously. Anonymised data is not subsequently subject to the substantive scope of the GDPR. 
Further information on the data protection of easyfeedback  can be found in the following notes: https://easy-feedback.de/privacy/datenschutzerklaerung.

Talentpool

As part of your application or via the "Stay in touch" button, you have the opportunity to recommend yourself for our talent pool. Processing is necessary in order to be automatically considered for further vacancies, i.e. for similar or otherwise suitable positions. 
When you register for the talent pool using the Get In Contact button, the following information is queried: 
  • Salutation, academic title (optional)
  • First, last name, e-mail address
  • Job fields in interest
  • Current career level
  • Preferred location(s)
  • XING profile or CV
The inclusion in the talent pool takes place on a purely voluntary basis with your consent as well as by using an opt-in link. The legal basis is Art. 6 (1) lit. 1 GDPR.

Scheduling "Cronofy"

We use an integrated service of Cronofy Limited, 9a Beck Street, Nottingham, NG1 1EQ, UK for scheduling and invitation. 
If we invite you to a conversation via this function, you will receive an appointment invitation created via Cronofy via e-mail. This will send your e-mail address as well as the title of the appointment, a description and a location where the appointment will take place. In addition, no other personal data will be transferred from you to Cronofy. 
The legal basis for processing is Art. 6 (1) lit. f GDPR in order to integrate scheduling into our applicant management system as well as to plan and manage job interviews and other appointments more efficiently. 
Data processing takes place encrypted in an isolated environment on a server in Germany. Adequate security standards for data processing have been agreed with the provider and proven by the provider. Further information can also be found at the following link: Scheduling Platform for Business | Cronofy the scheduling experts 
If you do not wish to receive any data processing by Cronofy or any further information, please provide this in advance of the appointment coordination.

Deletion and use of data

Your data will be stored for the duration of the application process and in accordance with legitimate retention periods after completion of the application process. In case of a cancellation, the data will be kept for 6 months. After the retention period has expired, the data is completely anonymized. The processing of anonymized data records is not subject to the material scope of data protection regulations, so that anonymized data may be processed for statistical and analytical purposes, for the preparation of market studies or for product development.

Your rights as a data subject

Rights of data subjects

Data subjects are entitled at any time to know whether their personal data have been stored and can assert a right of access to stored data (right of access), check their accuracy (right to rectification), request their addition and updating, request their deletion (right to be forgotten), request the restriction of processing (right to restriction) as well as have the data ported/ported in a common, machine-readable format (data portability). These rights shall apply insofar as there are no compelling and/or justified reasons on the part of the controller. Please contact datenschutzbeauftragter@pentahotels.com or by post at the address above.
In cases where we process data on the basis of your consent (Art. 6 sec. 1 lit. a) GDPR), you have the right at any time to revoke your consent without giving reasons and with effect for the future. The corresponding data processing will no longer take place in the future, but does not affect the legality of the processing carried out up to the time of revocation. In addition, you have the right to object to processing, for example if the data are or have been processed incorrectly, or if other reasons in the interest of the data subject preclude (further) processing. Affected parties also have the right to complain to the data controller.
Please note that in the event of an objection and/or revocation, certain services/processing activities cannot be performed or can be used, insofar as the processing is necessary for these purposes.

Automated decision-making

Automated decision-making does not take place. Should this be or become necessary, we will obtain a transparent consent in advance of processing.

Changes to this Privacy Policy

We reserve the right to change or supplement this data protection declaration at any time with regard to the constantly changing legal, technical and organisational requirements of the processing of personal data. This also applies to possible translation errors and differences with regard to national requirements of data protection law.

Version

Document ID: D404en
Valid from: 15.09.2023
Rev. 3.2

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.