Data protection information for applicants

Below we would like to inform you about the processing of your personal data:

1. The name and contact data of the data controller and of the Data Protection Officer

The responsible party for the collection, processing and use of your personal data within the meaning of the General Data Protection Regulation (GDPR) is

PHOENIX Pharmahandel GmbH & Co KG
Pfingstweidstraße 10 – 12
68199 Mannheim
Tel. +49 621 85050
Fax +49 621 8540-3
E-Mail info(at)

You can reach the Data Protection Officer at the above address with the addition "the data protection officer" or at the e-mail address: Datenschutz(at)

2. Data processing for the purpose of the job application process

We process personal data of applicants in order to carry out an application procedure for announced positions as well as for initiative applications.

All data of your application will be collected and processed in order to select the suitable applicant for the job position advertised with us. You determine the data we process yourself, as you initiate the data transfer yourself. For the purpose of applicant selection, the respective application will also be forwarded to managers of the respective department. The works council will also have access to your application in order to exercise its right of co-determination and control. The representative body for severely disabled persons or persons with disabilities will also make use of this right in the case of severely disabled applicants or applicants with equal status.

Provided the relevant consents have been given, we will also process your data,

  • to be able to include you in our pool of applicants,
  • to conduct an interview with you via audio and/or video conference, if necessary.

The legal basis for this is in each case § 26 para.2 Federal Data Protection Act new version (FDPA n.v.) in connection with Art. 6 para. 1 lit a) GDPR.

In the case of an employment relationship between you and us, we may process the data you have provided for the purpose of the employment relationship. The processing is then carried out for the implementation or termination of the employment relationship. The legal basis is § 26 FDPA n.v. in connection with Art. 88 GDPR.

Special categories of personal data will only be processed by PHOENIX if you have provided it to us so that we can consider your application as it stands or if there is a legal obligation to do so. This information will not be taken into account in the application process unless there is a legal obligation to do so. The legal basis is then Art. 9 para. 2 lit b), e) GDPR.

3. Optional interview via Microsoft Teams

After we received your application documents and if we are interested in an interview with you, we will contact you and ask whether an online interview using the service "Microsoft Teams" (MS Teams) is an option for you or whether you prefer another communication channel. When using MS Teams, data transmission is encrypted and protected from unauthorised access. Conversations conducted using MS Teams are not recorded. Please familiarise yourself with the settings options in your MS Teams account. For example, you have the option to choose a background.

If you would like to have an online interview with us via MS Teams regarding your application, we will send you an invitation. When using MS Teams, the following data will be processed:

  • Information for sending an invitation: email address and account name
  • Log data: IP address; date and time of use of MS Teams; information on the amount of data and the version of MS Teams
  • Meeting information: date and time of the meeting; meeting participants; meeting ID and meeting password; and other meeting information stored in MS Teams
  • Text, video and audio files: texts in chats; video and audio files for the transmission of the online conversation

Conducting the conversation using MS Teams is voluntary and you can also choose to have a conversation with us via another communication channel. However, your options to choose from do not mean that we are asking you for your consent to data processing, but only that other communication channels are available to you for communicating with us.

We process the above-mentioned data in connection with online meetings about your application based on our legitimate interests within the meaning of Art. 6 para. 1 lit f) GDPR. We have a legitimate interest in conducting an online conversation with applicants who have themselves chosen to conduct an online conversation with us using MS Teams regarding their application and in creating an online meeting and sending invitations using MS Teams. We create notes on online interviews that have taken place and also carry out this data processing on the basis of our legitimate interest within the meaning of Art. 6 para. 1 lit f) GDPR. The legitimate interest consists of the creation of notes that contain information about you as an applicant and our interview. Insofar as the use of personal data in connection with an online interview with the help of MS Teams is necessary for the defence or exercise of claims, we use personal data for the exercise of our legitimate interests in the defence or exercise of claims on the basis of Art. 6 para. 1 lit. f) GDPR. To exercise your right to object in accordance with Art. 21 GDPR, you can contact us by email.

The recipients of the data processed when conducting an online conversation using MS Teams include Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399
USA) and the subcontractors used by Microsoft to provide MS Teams. Microsoft provides an up-to-date list of subcontractors at the following URL under "List of subprocessors" and indicates which subcontractors are involved in which Microsoft services: More information on data processing by Microsoft itself can be found at the following URL:

When using MS Teams, data transfers outside the EU / EEA are carried out based on the EU controller to non-EU or EEA processor standard contractual clauses (available here: Furthermore, additional safeguards have been agreed with Microsoft which apply to data transfers outside the EU / EEA.

The retention period of data processed using MS Teams varies. Our criterion for determining the retention period is the necessity of the retention for pursuing a legitimate purpose. Interview notes are kept for a period of 6 months.

4. Assessment Centers

We process your personal data in order to be able to carry out an assessment centre, insofar as this is necessary for the selection for the described position. For this purpose, we transmit your personal data within the framework of order processing so that you can be invited to the assessment centre. Further information on data protection can be found in the data protection declaration of the assessment centre. The legal basis for this is § 26 para. 2 FDPA n.v. and Art. 6 para. 1 lit a) GDPR.

5. Background-Check

Under certain circumstances, a so-called background check is carried out as part of the application process. This is used for senior management and serves the purpose of a background check and the verification of the authenticity and correctness of the information, documents and references. The legal basis is then the consent according to Art. 9 para. 2 lit b), e) GDPR. The applicant receives further information on the background check as part of the consent.

6. Categories of the data

The processing includes applicant basic data, qualifications, certificates, if applicable assessment data in the context of an assessment centre and reference data in the background check.

7. Sources of the data

Where we have not received the data from you directly, we may obtain it from a service provider for a background check.

8. Purposes of the processing

We process your data for the following purposes:

  • Candidate selection
  • Verification of data and information
  • reliability check
  • Defence against claims for compensation and recourse
  • Proof of proper data processing

9. Recipients of data

We share your data with the following recipients:

  • Authorities in accordance with legal requirements (e.g. tax authorities, supervisory authorities, law enforcement authorities).
  • Service providers, insofar as they are required as part of the selection process, e.g. to carry out the background check or the assessment centre.
  • Affiliated companies within the meaning of Section 15 of the German Stock Corporation Act (AktG)

In some cases, we use carefully selected external service providers to process your data, as well as internal service providers of the PHOENIX group, who, for example, operate the maintenance and administration of our IT systems. Should data be passed on to service providers within the framework of so-called data processing, this is done based on Art. 28 GDPR. Our processors are carefully selected, are bound by our instructions and are regularly monitored by us.

Information is only passed on to state institutions and authorities entitled to receive such information within the framework of mandatory legal provisions or if we are obliged to do so by a court order.

10. International data transfer outside EU/EEA

No data processing takes place outside the EU / EEA. Insofar as communication with our branch in Switzerland is necessary for the fulfilment of the contract, an adequate level of data protection exists. Switzerland is a member of EFTA and has acceded to the GDPR 2018.

Personal data will not be transferred to third countries without your consent.

11. Cookies

Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser.

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested are stored based on Art. 6 (1) lit. f ) GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as other cookies are stored, these are treated separately in this data protection information.

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact sheet) is made by a human being or by an automated programme. The website operator has a legitimate interest in protecting its websites from abusive automated spying and SPAM.

For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website. For more information on Google reCAPTCHA and Google's privacy policy, please see the following links: and

There is currently no guarantee of an adequate level of data protection in the US. There is a possibility that US authorities may access data about you and you may not have any legal recourse or enforceable rights. The data is deleted one day after the session.

12. Data erasure and retention periods

The data will be erased or locked as soon as the purpose of the storage no longer applies. The data may also be stored if this has been provided for by European or national legislators in Union regulations, laws or other provisions. Blocking or deleting will also take place if a retention period prescribed by the standards mentioned expires, unless there is a necessity for the continued storage of the data for the conclusion of a contract, the fulfilment of a contract or a documentation obligation.

We do not store application data for longer than 6 months after rejection for the purpose of carrying out the application procedure. Storage beyond this period may be based on consent or for the purpose of defending claims. In the event of consent, your personal data will be stored in our applicant pool for one year as part of the application.

13. Your rights

Below we would also like to inform you about your rights under the GDPR.

  • Right to information according to Art.15 GDPR
    You can request information from the controller about the processing of your data.
  • Correction of data
    You have the right to have data corrected in accordance with Art.16 GDPR if the data concerning you is incorrect or incomplete.
  • Right to erasure
    You have the right to erasure, provided that the requirements of Art. 17 GDPR are met and there are no reasons why processing is still necessary.
  • Right to restriction
    You have the right to restriction of processing in accordance with the requirements of Art. 18 GDPR, insofar as the processing does not serve to assert, exercise or defend legal claims.
  • Right to data transferability
    Under the conditions of Art. 20 GDPR, you have the right of data portability.
  • Right to objection
    You have a right of objection under Art. 20 GDPR, unless there are demonstrably compelling legitimate grounds for the processing or the processing serves the assertion, exercise or defence of legal claims.

Furthermore, you have the option of submitting a complaint to the above-mentioned data protection officer or to a data protection supervisory authority.

In accordance with Art. 77 GDPR, you have the right to file a complaint with the responsible supervisory authority.