Privacy Policy

The protection and confidentiality of your personal data is of particular importance for us. In order to ensure the protection of your personal data, we have taken technical and organizational measures to comply with the data protection regulations. With this data privacy policy, we inform about how we collect personal data as part of your application process and for what purpose the data is processed. Your data will be processed in accordance with this Privacy Policy and the applicable data protection laws.
This privacy policy applies to the career portal and the applicant management system of Penta Hotels Worldwide GmbH
This Privacy Statement also applies to the following companies:

• pentahotels Russia
• pentahotels Deutschland
• pentahotels Belgium
• pentahotels Česká republika
• pentahotels UK
• pentahotels France

Name and contact details of the controller

The controler in accordance with Art. 4 No. 7 of the General Data Protection Regulation (hereinafter referred to as the GDPR) is:
Penta Hotels Worldwide GmbH
Penta Hotels Worldwide GmbH
Mayfarthstraße 15-19
60314 Frankfurt am Main

Data protection officer

Penta Hotels Worldwide GmbH
Datenschutzbeauftragter
Mayfarthstraße 15-19
60314 Frankfurt am Main
Germany
E-Mail: datenschutzbeauftragter@pentahotels.com

Data processor

For the efficient execution of application procedures, we use an applicant management system of softgarden e-Recruiting GmbH, Tauentzienstr.14, 10789 Berlin (contact: datenschutz@softgarden.de), which operates the applicant management as a processor in accordance with Art. 4 No. 8 GDPR. A contract for order processing in accordance with Article 28 GDPR has been concluded with the supplier, which ensures compliance with data protection regulations.
We remain your first point of contact for the exercise of your affected rights as well as for the processing of the application process. You can contact us directly or, if specified, confidentially to the Data Protection Officer under the above-mentioned information of the controller.

Object of data protection

The object of data protection is the processing of personal data, in this case within the framework of applicant management. This includes, under Article 4 No. 1 GDPR, all information relating to an identified or identifiable natural person (“data subject”) which is necessary for the conduct of the application process and the initiation of an employment relationship, Section 26 of the German Data Protection Act or applicable national law.
In addition, in the context of the use of applicant management, data related to the use, so-called usage data, are also collected. Usage data is such data that is necessary to operate our websites, such as information about the start, end and extent of use of our website, such as login data. These processing operations are in accordance with data protection and telemedia law.
In the context of the application process and/or the use of the system, processing activities may also take place, which take place either on the basis of justified interest in accordance with Art. 6 (1) lit. f) GDPR or on the basis of your consent in accordance with Art. 6 (1) lit. a) GDPR. Also eligible are processing activities which involve a legal obligation to process or a public interest, Article 6 (1) lit.c) and (e) GDPR, such as in the context of law enforcement or the investigation of public authorities. You can determine and control the scope of the processing yourself by means of individual settings in your web browser, the configuration of the corresponding cookie settings and their user behaviour.

Collection and use of your data

Visit to the website

For operational and maintenance purposes and in accordance with the provisions of telemedia law, interactions ("system logs") that are necessary for the operation of the Website or processed for system security purposes are recorded for example to analyse attack patterns or unlawful usage behaviour ("evidence function").
Your Internet browser automatically transmits the following data as part of your access to the career portal:

• date and time of access,
• browser type and version,
• operating system used,
• Quantity of data sent.
• IP address of access

This data is not used for immediate assignment within the framework of applicant management and will be deleted in a timely manner in accordance with the legitimate retention periods, provided that no longer retention is required for legal or factual reasons, e.g. for evidence purposes. In individual cases, storage for the aforementioned purposes is considered. The legal basis is Art. 6 (1) lit. f) GDPR and/or the applicable tele media law.

Session-Cookies

We store so-called "cookies" in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. "Cookies" are small files that are stored on your computer with the help of your internet browser. If you do not wish to use "cookies", you can prevent the storage of "cookies" on your computer by adjusting the settings of your internet browser. Please note that the functionality and functionality of our offer may be limited as a result.
We use the cookie JSESSIONID on the career page as a technically necessary session cookie. This saves a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. This session cookie is deleted when you log out or close the browser.

Data entered by the user

Application process

As part of the application process, you can set up and manage an account in the career portal after configuring your username and password. In addition to the individual application, you can use other options in the softgarden applicant management system and make your individual settings (e.g. admission to a talent pool).
For the efficient and promising application, you can provide us with the following information as part of your application:

• Contact details (address, telephone number)
• CV data. B.
  • school education
  • vocational training
  • professional experience
  • language skills
• Social profiles (e.g. XING, LinkedIn, Facebook)
• Documents related to applications (application photos, cover letters, certificates, work certificates, work samples, etc.)

The legal basis for processing for the purpose of carrying out the application procedure and the initiation of an employment relationship is Section 26 (1) of the German Data Code (BDSG) or the applicable national law. In addition, the use of the applicant management system by the controller is in the legitimate interest in accordance with Art. 6 (1) lit. f) GDPR. If consent is required for a particular processing activity, in accordance with Art. 6 (1) lit. a), this is obtained separately and transparently by the controller from you, provided that this does not result from a conclusive and voluntary behaviour on your part, such as the voluntary participation in a video interview, in accordance with the requirement of transparency.

Disclosure of data

Your data will not be passed on to unauthorized third parties as part of the applicant management and will be processed for the purposes specified in this data privacy policy. Thus, the inspection by internal authorities and experts of the controller is in the legitimate interest, insofar as the knowledge of the information from the application process is necessary and permissible for the selection of candidates or internal administrative purposes of the company. For this purpose, your information can be forwarded to third parties in the company by e-mail or within the management system. The legal basis may be Section 26 (1) of the German Social Protection Act (BDSG)/th applicable national law, Art. 6 (1) lit. f) and (a) GDPR.
The transfer to third parties also takes place in the context of order processing in accordance with Article 28 GDPR, i.e. in the context of processing activities in which the controller has a legitimate interest in outsourcing processing activities which he is otherwise entitled to carry out himself. To this end, the controller shall take the measures to ensure compliance with data protection regulations.
Disclosure to external third parties may also be made in the defence of legal claims based on legitimate interest or in the context of the investigation of or disclosure to public authorities, insofar as a law requires this or there is an obligation to disclose. The information obligations to data subjects in the terms of Art. 13, 14 GDPR are guaranteed in advance of the relevant disclosure, insofar as these are to be fulfilled separately.

CV-Parsing with Textkernel

We process and analyze documents uploaded by you using AI in order to extract CV data and convert them into a structured form (so-called "CV-Parsing"). 
In order to ensure affected parties' rights and security standards, a contract for order processing has been concluded with the providing service provider. Processor is the ISO27001-certified provider Textkernel  B.V. Nieuwendammerkade  26 A 5, (1022AB) Amsterdam, The Netherlands. The data processing takes place on a server in Germany in a secure environment. 
The legal basis for processing is Section 26 (1) of the German Data Protection Act (BDSG) (or applicable national law) and Article 6 (1) lit. f) GDPR in order to initiate an employment relationship and to make the application process efficient for you. Personal data will not be transferred to unsafe third countries. Your data is routinely deleted from the cache once a week.

Feedback Module

In addition to your application, we can ask you to provide your feedback after an interview and 3 months after your appointment. We will send you an invitation link that will guide you into the rating system to provide feedback. The purpose of the processing is the further development and optimization of our recruiting and application processes as well as the company image. 
For this purpose, the following data is processed automatically: 

• Contact details (name, e-mail)
• Position title of the job you applied for
• Location of the position
• Jobkategorie
• Applicant ID

The feedback itself is stored anonymously in the database. A personal reference is not produced. In addition to a star rating of individual questions, you have the opportunity to leave comments here. We expressly ask you not to leave any personal data in the commentary. The information collected in this way can be displayed on our evaluation page together with your feedback or transmitted to external partners such as kununu. 
Participation is purely voluntary and only with your consent, without which the feedback is not possible. The legal basis is Art. 6 (1) lit. a) GDPR.

Job subscription "Job-Abo"

In order to be informed about new job vacancies, you can subscribe to the job newsletter or have suitable jobs displayed on our career board (RSS feed). You can define the subscription by specifying the desired activity and the location.  
Your e-mail address is also required for the subscription. The legal basis for this is your consent to the receipt of the newsletter in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter(Opt-Out). 
The RSS feed itself does not process any personal data for information on new job advertisements.

Referral Manager

Through the Referral Manager tool, recruiters and employees have the opportunity to share vacancies in our company on social networks or by email to acquaintances and friends in order to reach potential applicants or make direct recommendations. 
If you decide to apply for a position directly or indirectly, your personal information will be processed in accordance with a regular application process. Your data is regularly displayed to responsible users and processed in applicant management. However, before submitting your application, you will be given the opportunity to view your application anonymously in the Referral Manager. The recommender can therefore only understand that a person has applied for a recommendation. Otherwise, the name, job and application photo can also be viewed by the recommended person in the Referral  Manager. 
The legal basis for the processing of your data for the purposes of recommendation and application is Art. 6 (1) lit. a) and f) GDPR as well as Section 26 (1) BDSG or the applicable national law. The data will be processed and deleted in the same way as the regular application procedure.

Salary Statistics

softgarden will give you the opportunity to provide feedback on your salary expectations and salaries offered to you in various steps of the application process.
The information transmitted will be anonymised and processed without linking to your name and contact details. softgarden processes this data anonymously for its own purposes (statistics, analysis, studies) and is responsible for this processing in the form of Art. 4 No. 7 GDPR. 
The processing takes place only with your consent by participation and on a purely voluntary basis. The legal basis is Art. 6 (1) lit. a) GDPR.

Social Share Buttons

It is possible to share the job ads on different social networks. Different buttons are offered per network. After clicking on one of these buttons, you will be directed to the respective networks and will be taken to their login pages. These buttons do not represent plug-ins and do not transmit personal data directly to the operators of the social networks. 
Currently, job ads can be shared on the following social networks: 

• Facebook ( https://de-de.facebook.com/privacy/explanation )
• Twitter ( https://twitter.com/de/privacy )
• LinkedIn ( https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-join-privacy-policy )
• Xing ( https://privacy.xing.com/de/datenschutzerklaerung )

The legal basis is Article 6 (1) lit. f) GDPR for statistical analysis and range measurement of job advertisements.
You can also find out how the aforementioned social networks process your personal data by using the links provided. We have no influence on the processing of your personal data by the social networks.

Online Surveys "easyfeedback"

At the end of the application process, softgarden can send you an invitation to a survey via a link. The survey takes place via a service of easyfeedback GmbH in order to check the application experience. softgarden conducts this survey as controller, Article 4 No. 7 GDPR and processes the collected data anonymously for its own purposes (statistics, analysis, studies) as well as for the further development of softgarden products. 
The collection of the survey data is secured by default via the SSL encryption method and softgarden does not establish a personal reference within the scope of processing. The survey can be cancelled at any time. The data processed up to the time of termination can be used for these purposes. 
Your participation in the survey is purely voluntary and you agree to participate, without which your participation is not possible, Art. 6 (1) lit. a) GDPR. The processing of the data is carried out anonymously. Anonymised data is not subsequently subject to the substantive scope of the GDPR. 
Further information on the data protection of easyfeedback  can be found in the following notes: https://easy-feedback.de/privacy/datenschutzerklaerung.

Talentpool

As part of your application or via the "Stay in touch" button, you have the opportunity to recommend yourself for our talent pool. Processing is necessary in order to be automatically considered for further vacancies, i.e. for similar or otherwise suitable positions. 
When you register for the talent pool using the Get In Contact button, the following information is queried: 

• Salutation, academic title (optional)
• First, last name, e-mail address
• Job fields in interest
• Current career level
• Preferred location(s)
• XING profile or CV

The inclusion in the talent pool takes place on a purely voluntary basis with your consent as well as by using an opt-in link. The legal basis is Art. 6 (1) lit. 1 GDPR.

Scheduling "Cronofy"

We use an integrated service of Cronofy Limited, 9a Beck Street, Nottingham, NG1 1EQ, UK for scheduling and invitation. 
If we invite you to a conversation via this function, you will receive an appointment invitation created via Cronofy via e-mail. This will send your e-mail address as well as the title of the appointment, a description and a location where the appointment will take place. In addition, no other personal data will be transferred from you to Cronofy. 
The legal basis for processing is Art. 6 (1) lit. f GDPR in order to integrate scheduling into our applicant management system as well as to plan and manage job interviews and other appointments more efficiently. 
Data processing takes place encrypted in an isolated environment on a server in Germany. Adequate security standards for data processing have been agreed with the provider and proven by the provider. Further information can also be found at the following link: Scheduling Platform for Business | Cronofy the scheduling experts 
If you do not wish to receive any data processing by Cronofy or any further information, please provide this in advance of the appointment coordination.

Deletion and use of data

Your data will be stored for the duration of the application process and in accordance with legitimate retention periods after completion of the application process. In case of a cancellation, the data will be kept for 6 months. After the retention period has expired, the data is completely anonymized. The processing of anonymized data records is not subject to the material scope of data protection regulations, so that anonymized data may be processed for statistical and analytical purposes, for the preparation of market studies or for product development.

Your rights as a data subject

Rights of data subjects

Data subjects are entitled at any time to know whether their personal data have been stored and can assert a right of access to stored data (right of access), check their accuracy (right to rectification), request their addition and updating, request their deletion (right to be forgotten), request the restriction of processing (right to restriction) as well as have the data ported/ported in a common, machine-readable format (data portability). These rights shall apply insofar as there are no compelling and/or justified reasons on the part of the controller. Please contact datenschutzbeauftragter@pentahotels.com or by post at the address above.
In cases where we process data on the basis of your consent (Art. 6 sec. 1 lit. a) GDPR), you have the right at any time to revoke your consent without giving reasons and with effect for the future. The corresponding data processing will no longer take place in the future, but does not affect the legality of the processing carried out up to the time of revocation. In addition, you have the right to object to processing, for example if the data are or have been processed incorrectly, or if other reasons in the interest of the data subject preclude (further) processing. Affected parties also have the right to complain to the data controller.
Please note that in the event of an objection and/or revocation, certain services/processing activities cannot be performed or can be used, insofar as the processing is necessary for these purposes.

Automated decision-making

Automated decision-making does not take place. Should this be or become necessary, we will obtain a transparent consent in advance of processing.

Changes to this Privacy Policy

We reserve the right to change or supplement this data protection declaration at any time with regard to the constantly changing legal, technical and organisational requirements of the processing of personal data. This also applies to possible translation errors and differences with regard to national requirements of data protection law.

Version

Document ID: D404en
Valid from: 15.09.2023
Rev. 3.2

Verarbeitung (personenbezogener) Daten durch den Betreiber der Recruiting-Seite

Allgemeines

Diese Recruiting-Seite wird von der Personio SE & Co. KG betrieben, einem Unternehmen mit Sitz in Deutschland, welches eine Personalverwaltungs- und Bewerbungsmanagement-Software anbietet (https://www.personio.com/legal-notice/). Data). Die im Rahmen Ihrer Bewerbung übermittelten Daten werden per TLS-Verschlüsselung übertragen und in einer Datenbank gespeichert. Für diese Daten ist allein das Unternehmen verantwortlich im Sinne von Art. 24 DSGVO, das dieses Online-Bewerbungsverfahren durchführt. Personio ist lediglich Betreiber der Software und dieser Recruiting-Seite und in dem Zusammenhang Auftragsverarbeiter nach Art. 28 DSGVO. Die Grundlage für die Verarbeitung durch Personio ist hierbei ein Vertrag zur Auftragsverarbeitung zwischen der verantwortlichen Stelle und Personio. Zudem verarbeitet die Personio SE & Co. KG zur Erbringung ihrer Dienstleistungen, insbesondere für den Betrieb dieser Recruiting-Seite, weitere Daten, die zum Teil auch personenbezogene Daten sein können. Darauf wird im Folgenden näher eingegangen.

Verantwortliche Stelle

Verantwortliche Stelle im Sinne des Datenschutzrechts ist:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Eintragung im Handelsregister
Registernummer: HRA 115934
Registergericht: Amtsgericht München
Datenschutzbeauftragter: privacy@personio.com

Zugriffsprotokolle („Server-Logs“)

Mit jedem Zugriff auf diese Recruiting-Seite werden automatisch allgemeine Protokolldaten, sogenannte Server-Logs, erfasst. Diese Daten sind in der Regel Pseudonyme und erlauben daher keine Rückschlüsse auf eine natürliche Person. Ohne diese Daten wäre es technisch teilweise nicht möglich, die Inhalte der Software auszuliefern und darzustellen. Zudem ist die Verarbeitung dieser Daten aus Sicherheitsaspekten, insbesondere zur Zugriffs-, Eingabe-, Weitergabe- und Speicherkontrolle, zwingend notwendig. Darüber hinaus können die anonymen Informationen für statistische Zwecke sowie für die Optimierung des Angebots und der Technik verwendet werden. Zudem können die Log-Files bei Verdacht auf eine rechtswidrige Nutzung der Software nachträglich kontrolliert und ausgewertet werden. Die Rechtsgrundlage hierfür findet sich in § 25 Absatz 2 Satz 2 TDDDG. Erfasst werden allgemein Daten wie der Domainname der Webseite, der Webbrowser und die Webbrowser-Version, das Betriebssystem, die IP-Adresse sowie der Zeitstempel des Zugriffs auf die Software. Der Umfang dieser Protokollierung geht nicht über den gängigen Umfang jeder anderen Webseite im Internet hinaus. Die Speicherdauer dieser Zugriffsprotokolle beträgt bis zu 7 Tage. Ein Widerspruchsrecht besteht nicht.

Fehlerprotokolle („Error-Logs“)

Zum Zwecke der Fehleridentifizierung und -behebung werden sogenannte Fehlerprotokolle („Error-Logs“) angefertigt. Dies ist zwingend erforderlich, um auf mögliche Probleme bei der Darstellung und Umsetzung von Inhalten möglichst zeitnah reagieren zu können (berechtigtes Interesse). Diese Daten sind in der Regel Pseudonyme und erlauben daher keine Rückschlüsse auf eine natürliche Person. Die Rechtsgrundlage hierfür findet sich in § 25 Absatz 2 Satz 2 TDDDG. Bei Auftreten einer Fehlermeldung werden allgemeine Daten wie der Domainname der Webseite, der Webbrowser und die Webbrowser-Version, das Betriebssystem, die IP-Adresse sowie der Zeitstempel bei Auftreten der entsprechenden Fehlermeldung/-spezifikation erfasst. Die Speicherdauer dieser Fehlerprotokolle beträgt bis zu 7 Tage. Ein Widerspruchsrecht besteht nicht.

Einsatz von Cookies

Teilweise werden auf dieser Recruiting-Seite sogenannte Cookies eingesetzt. Dies sind kleine Textdateien, welche auf dem Gerät, mit welchem Sie auf diese Recruiting-Seite zugreifen, gespeichert werden. Grundsätzlich dienen Cookies dazu, die Sicherheit beim Besuch einer Website zu gewährleisten („unbedingt erforderlich“), gewisse Funktionalitäten wie Standard-Spracheinstellungen umzusetzen („funktional“), das Nutzungserlebnis oder die Performance auf der Webseite zu verbessern („Performance“) oder zielgruppenbasierte Werbung auszuspielen („Marketing“). Auf dieser Recruiting-Seite kommen grundsätzlich nur unbedingt erforderliche, funktionale und Performance Cookies zum Einsatz, insbesondere zur Umsetzung gewisser Voreinstellungen wie bspw. der Sprache, zur Identifizierung des Bewerbungskanals oder zur Analyse der Performance einer Stellenausschreibung, über die eine nutzende Person auf diese Recruiting-Seite gelangt ist. Die Nutzung von Cookies ist für die Erbringung unserer Dienstleistungen und damit für die Erfüllung des Vertrags (Art. 6 (1) b) DSGVO) zwingend erforderlich. Speicherdauer: Bis zu 1 Monat bzw. bis zur Beendigung der Browser-Session Widerspruchsrecht: Sie können über Ihre Browser-Einstellungen selbst bestimmen, ob Sie Cookies erlauben oder der Nutzung von Cookies widersprechen möchten. Bitte beachten Sie, dass eine Deaktivierung der Cookies zu einer eingeschränkten oder komplett unterbundenen Funktionalität dieser Recruiting-Seite führen kann.

Betroffenenrechte

Sofern durch die Personio SE & Co. KG als verantwortliche Stelle personenbezogene Daten verarbeitet werden, haben Sie als betroffene Person in Abhängigkeit von Rechtsgrundlage und Zweck der Verarbeitung bestimmte Rechte aus Kapitel III der EU Datenschutzgrundverordnung (DSGVO), dabei ggf. insbesondere Recht auf Auskunft (Art. 15 DSGVO), Recht auf Berichtigung (Art. 16 DSGVO), Recht auf Löschung (Art. 17 DSGVO), Recht auf Einschränkung der Verarbeitung (Art. 18 DSGVO), Recht auf Datenübertragbarkeit (Art. 20 DSGVO), Recht auf Widerspruch (Art. 21 DSGVO). Sofern die Verarbeitung von personenbezogenen Daten auf Ihrer Einwilligung beruht, haben Sie nach Art. 7 III DSGVO das Recht auf Widerruf dieser datenschutzrechtlichen Einwilligung. Bitte wenden Sie sich zur Geltendmachung Ihrer Betroffenenrechte in Bezug auf die für den Betrieb dieser Recruiting-Seite verarbeiteten Daten an den Datenschutzbeauftragten der Personio SE & Co. KG (siehe Ziffer B.).

Abschließende Bestimmungen

Personio behält sich vor, diese Datenschutzerklärung jederzeit anzupassen, damit sie stets den aktuellen rechtlichen Anforderungen entspricht oder um Änderungen der Leistungen in der Datenschutzerklärung umzusetzen, z.B. bei der Einführung neuer Services. Für einen erneuten Besuch dieser Recruiting-Seite oder eine erneute Bewerbung gilt dann die neue Datenschutzerklärung.