Data protection information for applicants

Below we would like to inform you about the processing of your personal data:

 

1. The name and contact data of the data controller and of the Data Protection Officer

The responsible party for the collection, processing and use of your personal data within the meaning of the General Data Protection Regulation (GDPR) is the respective company of the PHOENIX group to which you have applied (hereinafter "PHOENIX"). Below you will find the respective contact details of the PHOENIX Group company and its Data Protection Officer:

Contact details of responsible partyContact e-mail-address of the Data Protection Officer
ADG Apotheken-Dienstleistungsgesellschaft mbH 
Salzachstraße 15
68199 Mannheim
Tel.: +49 (0) 621 8505-520
Fax: +49 (0) 621 8505-501
E-Mail: adg-hv(at)adg.de
datenschutz(at)adg.de
BlisterCenter Aschaffenburg GmbH
Bodelschwinghstraße 10a
63739 Aschaffenburg
Tel.: +49 (0)6021 45 615-50
Fax: +49 (0)6021 45 615-590
E-Mail: Info(at)Blister-Center.de
datenschutz(at)blister-center.de
Health Logistics GmbH
Vichystrasse 14
76646 Bruchsal
Tel.: +49 (0)7251 93257-0
Fax: +49 (0)7251 93257-19
E-Mail: info(at)health-logistics.de
Datenschutz(at)health-logistics.com
JDM Innovation GmbH
Carl-Benz-Straße 16
71711 Murr
Tel.: +49 (0)7144 / 8121 – 0
E-Mail: info(at)jdm.de
datenschutz(at)jdm.de
PARAM GmbH  
Bei der Neuen Münze 20
22145 Hamburg
Tel.: +49 (0) 40 - 538 997 – 0
Fax: +49 (0) 40 - 538 997 – 99
E-Mail: param(at)param.de
datenschutz(at)param.de
PHOENIX International Holdings GmbH  
Pfingstweidstraße 10-12
68199 Mannheim
Tel.: +49 (0) 621 8505-0
Fax: +49 (0) 621 85 40 31
E-Mail: service(at)phoenixgroup.eu
dataprotection(at)phoenixgroup.eu
PHOENIX Pharma-Einkauf GmbH  
Pfingstweidstraße 10-12
68199 Mannheim
Tel.: +49 (0) 621 8505-0
Fax: +49 (0) 621 85 40 31
E-Mail: service(at)phoenixgroup.eu
dataprotection(at)phoenixgroup.eu
PHOENIX Pharma SE  
Pfingstweidstraße 10-12
68199 Mannheim
Tel.: +49 (0) 621 8505-0
Fax: +49 (0) 621 85 40 31
E-Mail: service(at)phoenixgroup.eu
dataprotection(at)phoenixgroup.eu
PHOENIX Pharmahandel GmbH & Co KG
Pfingstweidstraße 10-12
68199 Mannheim
Tel.: +49 (0) 621 8505-0
Fax: +49 (0) 621 85 40 31
E-Mail: service(at)phoenixgroup.eu
dataprotection(at)phoenixgroup.eu
PXG Pharma GmbH
Pfingstweidstraße 10-12
68199 Mannheim
Tel.: +49 (0) 621 8505-0
Fax: +49 (0) 621 85 40 31
E-Mail: info(at)pxgpharma.com
dataprotection(at)phoenixgroup.eu
transmed Transport GmbH
Dr.-Gessler-Str. 37
93051 Regensburg
Tel.:  +49 (0) 941 92041 0
Fax: +49 (0) 941 92041 11
E-Mail: management(at)transmed.de
datenschutz(at)transmed.de
VIRION med. u. pharm. Handelsgesellschaft mbH  
Lippestr. 9A
D-63452 Hanau 
Tel.: +49 (0) 800 7241 264
Fax: +49 (0) 800 7241 265
E-Mail: Kundenservice(at)virion.hiv
datenschutz(at)virion.de
Hageda-Stumpf GmbH & Co KG  
Zielstattstraße 67
D-81379 München 
Tel.:  +49 (0) 89 12145 260
Fax: +49 (0) 89 12145 435
E-Mail: info(at)hagedastumpf.de
datenschutz(at)hagedastumpf.de

You can reach the company Data Protection Officers at the address given above in each case with the addition of "the Data Protection Officer" or at the contact e-mail address of the Data Protection Officer given above in each case.

 

2. Data processing for the purpose of the job application process

We process personal data of applicants in order to carry out an application procedure for announced positions as well as for initiative applications.

All data of your application will be collected and processed in order to select the suitable applicant for the job position advertised with us. You determine the data we process yourself, as you initiate the data transfer yourself. For the purpose of applicant selection, the respective application will also be forwarded to managers of the respective department and we can create notes as part of the application process to support applicant selection. If a works council is established in the company where you are applying, the works council will inspect your application documents in order to exercise its right of co-determination and control. The representative body for severely disabled persons or persons with disabilities will also make use of this right in the case of severely disabled applicants or applicants with equal status

The legal basis for this is § 26 para. 1 FDPA n.v. in connection with Art. 6 para. 1 lit b), Art. 88 GDPR.

Provided the relevant consents have been given, we will also process your data to be able to include you in our pool of applicants.

The legal basis here is § 26 para. 2 FDPA n.v. in connection with Art. 6 para. 1 lit. a), Art. 88 GDPR.

In the case of an employment relationship between you and us, we may process the data you have provided for the purpose of the employment relationship. The processing is then carried out for the implementation or termination of the employment relationship. The legal basis is § 26 FDPA n.v. in connection with Art. 6 para. 1 lit. 1 b), Art. 88 GDPR.

Special categories of personal data will only be processed by PHOENIX if you have provided it to us so that we can consider your application as it stands or if there is a legal obligation to do so. This information will not be taken into account in the application process unless there is a legal obligation to do so. The legal basis is then Art. 9 para. 2 lit b), e) GDPR.

Insofar as necessary, personal data is processed and stored for the defense, perception of claims and defense against recourse claims. The legal basis is the legitimate interest according to Art. 6 para. 1 lit. f) GDPR. To exercise your right to object in accordance with Art. 21 GDPR, you can contact us by e-mail.

 

3. Optional first contact via an instant messenger service

You can make initial contact via the instant messenger service WhatsApp. The WhatsApp application function is provided by PitchYou GmbH, Campusallee 9, 51379 Leverkusen, Germany, which has access to your data for this purpose as a processor. There is an agreement between PHOENIX and PitchYou GmbH for data processing in accordance with Art. 28 GDPR regarding the initial contact, conducting an initial interview in accordance with PHOENIX's content specifications and requesting application documents and transferring the documents to PHOENIX via an interface to PHOENIX's applicant tool. With the transfer of the data to PHOENIX, data processing at PitchYou GmbH is complete. Further information from PitchYou GmBH can be found under data protection (pitchyou.de).

You can find WhatsApp's privacy notice, for example on its processing or on exercising your data protection rights in relation to WhatsApp, here WhatsApp legal resources

If you use the WhatsApp applicant function, the legal basis for communication via WhatsApp is your consent, which can be revoked at any time (Art. 6 para. 1 lit. a GDPR). To document the corresponding consent, the time it was given and your IP address will be stored for as long as this is necessary.

 

4. Optional interview via Microsoft Teams

After we received your application documents and if we are interested in an interview with you, we will contact you and ask whether an online interview using the service "Microsoft Teams" (MS Teams) is an option for you or whether you prefer another communication channel. When using MS Teams, data transmission is encrypted and protected from unauthorised access. Conversations conducted using MS Teams are not recorded. Please familiarise yourself with the settings options in your MS Teams account. For example, you have the option to choose a background.

If you would like to have an online interview with us via MS Teams regarding your application, we will send you an invitation. When using MS Teams, the following data will be processed:

  • Information for sending an invitation: email address and account name
  • Log data: IP address; date and time of use of MS Teams; information on the amount of data and the version of MS Teams
  • Meeting information: date and time of the meeting; meeting participants; meeting ID and meeting password; and other meeting information stored in MS Teams
  • Text, video and audio files: texts in chats; video and audio files for the transmission of the online conversation

Conducting the conversation using MS Teams is voluntary and you can also choose to have a conversation with us via another communication channel. However, your options to choose from do not mean that we are asking you for your consent to data processing, but only that other communication channels are available to you for communicating with us.

We process the above-mentioned data in connection with online meetings about your application based on our legitimate interests within the meaning of Art. 6 para. 1 lit f) GDPR. We have a legitimate interest in conducting an online conversation with applicants who have themselves chosen to conduct an online conversation with us using MS Teams regarding their application and in creating an online meeting and sending invitations using MS Teams.

The recipients of the data processed when conducting an online conversation using MS Teams include Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18, Ireland); parent company Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399 USA) and the subcontractors used by Microsoft to provide MS Teams. Microsoft provides an up-to-date list of subcontractors at the following URL under "List of subprocessors" and indicates which subcontractors are involved in which Microsoft services: https://www.microsoft.com/en-us/trust-center/privacy. More information on data processing by Microsoft itself can be found at the following URL: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy?view=o365-worldwide.

When using MS Teams, data transfers outside the EU / EEA are carried out based on the EU standard contractual clauses (available here: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en). Furthermore, additional safeguards have been agreed with Microsoft which apply to data transfers outside the EU / EEA.

The retention period of data processed using MS Teams varies. Our criterion for determining the retention period is the necessity of the retention for pursuing a legitimate purpose. Application-related data exchanged via MS Teams will be retained for a maximum period of 6 months.

 

5. Assessment Centers

We process your personal data in order to be able to carry out an assessment centre, insofar as this is necessary for the selection for the described position. For this purpose, we transmit your personal data within the framework of order processing so that you can be invited to the assessment centre. Further information on data protection can be found in the data protection declaration of the assessment centre.

The legal basis is your consent according to § 26 para. 2 FDPA n.v. in connection with Art. 6 para. 1 lit a), Art. 88 GDPR.

 

6. Background-Check

Under certain circumstances, a so-called background check is carried out as part of the application process. This is used for senior management and applicants to critical roles or access to critical systems in the field of IT and serves the purpose of a background check and the verification of the authenticity and correctness of the information, documents and references.

The legal basis is your consent according to § 26 para. 2 FDPA n.v. in connection with Art. 6 para. 1 lit a), Art. 88 GDPR. The applicant receives further information on the background check as part of the consent.

 

7. Categories of the data

The processing includes applicant basic data, qualifications, certificates, interview notes, if applicable assessment data in the context of an assessment centre and reference data in the background check. Special categories of data are only processed if their collection is required by law or if you provide us with such data voluntarily and the requirements of Art. 9 para. 2 GDPR are met.

 

8. Sources of the data

Where we have not received the data from you directly, we may obtain it from a service provider for a background check.

 

9. Purposes of the processing

We process your data for the following purposes:

  • Candidate selection
  • Verification of data and information
  • reliability check
  • Defence against claims for compensation and recourse
  • Proof of proper data processing

 

10. Recipients of data

We share your data with the following recipients:

  • Authorities in accordance with legal requirements (e.g. tax authorities, supervisory authorities, law enforcement authorities).
  • Service providers, insofar as they are required as part of the selection process, e.g. to carry out the background check or the assessment centre.
  • Affiliated companies within the meaning of Section 15 of the German Stock Corporation Act (AktG)

In some cases, we use carefully selected external service providers to process your data, as well as internal service providers of the PHOENIX group, who, for example, operate the maintenance and administration of our IT systems or support the application process. Should data be passed on to service providers within the framework of so-called data processing, this is done based on Art. 28 GDPR. Our processors are carefully selected, are bound by our instructions and are regularly monitored by us.

Information is only passed on to state institutions and authorities entitled to receive such information within the framework of mandatory legal provisions or if we are obliged to do so by a court order.

 

11. International data transfer outside EU/EEA

No data processing takes place outside the EU / EEA, unless otherwise explicitly stated in this data protection information. Insofar as communication with our branch in Switzerland is necessary for the fulfilment of the contract, an adequate level of data protection exists. Switzerland is a member of EFTA and has acceded to the GDPR 2018. Personal data will not be transferred to third countries without your consent.

 

12. data erasure and retention periods

The data will be erased or locked as soon as the purpose of the storage no longer applies. The data may also be stored if this has been provided for by European or national legislators in Union regulations, laws or other provisions. Blocking or deleting will also take place if a retention period prescribed by the standards mentioned expires, unless there is a necessity for the continued storage of the data for the conclusion of a contract, the fulfilment of a contract or a documentation obligation. We do not store application data for longer than a maximum of 6 months after rejection for the purpose of carrying out the application procedure. Storage beyond this period may be based on consent or for the purpose of defending claims. In the event of consent, your personal data will be stored in our applicant pool for one year as part of the application.

 

13. Your rights

Below we would also like to inform you about your rights under the GDPR.

  • Right to information according to Art.15 GDPR

You can request information from the controller about the processing of your data.

  • Correction of data

You have the right to have data corrected in accordance with Art.16 GDPR if the data concerning you is incorrect or incomplete.

  • Right to erasure

You have the right to erasure, provided that the requirements of Art. 17 GDPR are met and there are no reasons why processing is still necessary.

  • Right to restriction

You have the right to restriction of processing in accordance with the requirements of Art. 18 GDPR, insofar as the processing does not serve to assert, exercise or defend legal claims.

  • Right to data transferability

Under the conditions of Art. 20 GDPR, you have the right of data portability.

  • Right to objection

You have a right of objection under Art. 21 GDPR, unless there are demonstrably compelling legitimate grounds for the processing or the processing serves the assertion, exercise or defence of legal claims

Furthermore, you have the option of submitting a complaint to the above-mentioned data protection officer or to a data protection supervisory authority. In accordance with Art. 77 GDPR, you have the right to file a complaint with the responsible supervisory authority.

 

Last update: Mai 2024