Data Protection Applicants
The data protection information for job postings of the following Rentschler companies can be found below:
- Rentschler Biopharma SE
- Dr. Rentschler Holding GmbH
- Rentschler ATMP Ltd.
Privacy Statement Rentschler Biopharma SE
Controller’s contact details
The Controller within the meaning of the General Data Protection Regulation is:
Rentschler Biopharma SE
Erwin-Rentschler-Str. 21
88471 Laupheim
Tel. +49 7392 701-0
Fax +49 7392 701-300
E-Mail: info(at)rentschler-biopharma.com
Data protection officer’s contact details
You can contact our data protection officer at: datenschutzbeauftragter(at)rentschler-biopharma.com
Recruitment Process
Description and scope of data processing
The categories of personal data that we process include first name, surname, name affixes, nationality, contact details (such as private address, (mobile) phone number, email address), professional qualifications, school education, details of vocational training and other details where required. Bank details may be collected where appropriate for the purpose of reimbursing expenses arising in connection with your application. In addition, special categories of personal data may be included such as health data.
As a general rule, your personal data will be collected from you directly as part of the application. We may also receive data from third parties (e.g. employment agencies, the "Employees Recruit Employees” campaign).
In addition, we process personal data retrieved from publicly accessible sources (e.g. professional networks) which you make known to us voluntarily during the recruitment process.
Purpose and legal basis of data processing
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (General Data Protection Regulation), the German Data Protection Act (BDSG) and any other relevant laws (e.g. Works Constitution Act (BetrVG), Working Hours Act (ArbZG) etc.).
Data processing is principally used to reach a decision on establishing an employment relationship. The main legal basis for this is Art. 6 (1) (b) GDPR in conjunction with Section 26 (1) BDSG. Alongside this, your specific consent under Art. 6 (1) (a) and Art. 7 GDPR in conjunction with Section 26 (2) BDSG (e.g. candidate pool) may be used as a legal basis under data protection law.
If we have received your data from third parties (through the recruitment campaign "Employees Recruit Employees” etc.) we process your data based on legitimate interests pursuant to Art. 6 (1) (f) GDPR.
We also process your data in order to comply with our legal obligations as an employer, particularly in the area of tax law, where your application gives rise to the reimbursement of expenses. This takes place on the basis of Art. 6 (1) (c) GDPR in conjunction with Section 26 BDSG.
Furthermore, we may process your personal data where this is necessary to meet legal obligations (Art. 6 (1) (c) GDPR) or to defend legal claims that are brought against us.
The legal basis for this is Art. 6 (1) (f) GDPR.
Legitimate interests include for example the duty to provide evidence in proceedings under the General Law on Equal Treatment (AGG).
In the event that a contract of employment is established between us, we may, under Art. 88 GDPR in conjunction with Section 26 BDSG, continue to process the personal data which we have already received from you for the purpose of the employment relationship, provided that this is necessary for the implementation or termination of the employment relationship or to exercise or comply with rights and duties relating to the representation of the workforce arising under the law or under a collective bargaining agreement, works agreement or service agreement (collective agreement).
Transfer of data to other agencies
Within our company, your personal data will only be transmitted to those persons or agencies (e.g. specialist department, works council, disabled employees’ representative) that need it in order to ensure compliance with our contractual and statutory obligations.
Within our group of companies, your data will be transmitted to certain companies which perform centralised data processing tasks for the group companies (e.g. contract management, disposal of files).
In addition, for the purpose of complying with our contractual and statutory obligations, we sometimes use varying service providers (e.g. hosting and software service providers). For applicant management, in particular, we use Workday. Further information is available at www.workday.com.
In addition, we may transfer your personal data to other recipients outside the company, if necessary. This may be the case in order to fulfill contractual and legal obligations as an employer, for example, the applicant's bank for possible reimbursement of costs (SEPA payment carrier).
Period of storage
We will erase your personal data as soon as it is no longer required for the aforementioned purposes. Your personal data or application documents will be erased after a maximum of six months from the end of the recruitment procedure (e.g. notification of rejection) unless a longer period of storage is necessary or permitted by law. In this regard, it may be that personal data is stored for the period in which claims can be made against our company (statutory limitation periods of between three and thirty years).
If you have consented to your personal data being included in the candidate pool and assessed for other suitable jobs, your data will be stored for 12 months.
If we have received your personal data from a third party (the recruitment campaign "Employees Recruit Employees”), your data will be erased after 30 days unless you are applying for a job or you have given us your consent to a longer period of storage.
Applicant’s account (Candidate Home Account by Workday)
Description and scope of data processing
The categories of personal data that are processed include in particular email address and password.
The applicant is free to set up a Candidate Home Account with Workday. The Candidate Home Account provides an overview of all recruitment activities.
Purpose and legal basis of data processing
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (General Data Protection Regulation), the German Data Protection Act (BDSG) and any other relevant laws (e.g. Works Constitution Act (BetrVG), Working Hours Act (ArbZG) etc.).
Data processing is principally used to reach a decision on establishing an employment relationship. The main legal basis for this is Art. 6 (1) (b) GDPR in conjunction with Section 26 (1) BDSG. Alongside this, your specific consent under Art. 6 (1) (a) and Art. 7 GDPR in conjunction with Section 26 (2) BDSG (e.g. Talent Management) may be used as a legal basis under data protection law.
Period of storage
You are responsible for the data in the Candidate Home Account with Workday and you can erase it at any time. If you have not logged into your Candidate Home Account for 18 months, recruitment data will be removed automatically.
Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis à via the controller:
- Right to information: You have the right to be informed about the data which we store, in particular the purpose for which it is processed and how long the data will be stored (Article 15 GDPR).
- Right to rectification of inaccurate data: You have the right to require us to rectify personal data concerning you, without undue delay, in the event that it is inaccurate (Article 16 GDPR).
- Right to erasure: You have the right to require us to erase personal data concerning you. These rules provide that you may require your data to be erased if e.g. we no longer need the personal data for the purposes for which it was collected or otherwise processed; we have processed the data unlawfully or you have legitimately objected or withdrawn your consent thereto or there is a legal obligation to erase the data (Article 17 GDPR).
- Right to restriction of processing: You have the right to place a restriction on the processing of your data. This right exists in particular during the verification process in the event that you contest the accuracy of personal data concerning you, and where you have the right to erasure of the data but opt instead for the restriction of its use. Restriction of processing also takes place in the event that the data is no longer required for our purposes but you require it in order to establish, exercise or defend legal claims, and where there is a dispute between us regarding the grounds for successfully asserting an objection (Article 18 GDPR).
- Right to data portability: You have the right to receive the personal data concerning you, which you have submitted to us, in a structured, commonly used and machine-readable format (Article 20 GDPR) insofar as it has not already been erased.
Right to object
If we process your data to safeguard legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if processing serves the establishment, exercise or defence of legal claims.
Withdrawal of consent
If you have consented to your application being assessed for other suitable jobs, you can withdraw this consent at any time. In such a case, we will erase your personal data regarding the application in accordance with the rules on length of storage.
Please send us an email in this connection to personalabteilung(at)rentschler-biopharma.com.
In this case, all personal data that is stored in the course of the recruitment process will be erased.
Automated individual decision-making, including profiling
As the decision regarding your application is not based exclusively on automated processing, no automated individual decision-making takes place within the meaning of Art. 22 GDPR.
Right of complaint to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Technical provisioning of the website for recruitment
Provisioning of website and creation of log files
1. Description and scope of data processing
Each time you access our website, our system automatically collects data and information about your computer.
The following data is collected in this connection:
(1) Information about the type of browser and the version being used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites via which the user’s system accesses our website
(7) Websites accessed by the user’s system via our website
The data is also stored in the log files on our system. This does not involve the user’s IP addresses or other data that enable the data to be assigned to a user. This data is not stored together with any other personal data of the user.
2. Legal basis of data processing
The legal basis for the temporary storage of data is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. For this, the user’s IP address must be stored for the duration of the session.
These purposes also provide the basis for our legitimate interest in the data processing under Art. 6 (1) (f) GDPR.
4. Period of storage
Data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. If data is collected for the purpose of providing the website, this is the case when the respective session comes to an end.
5. Objection and removal
The collection of data for the purpose of providing the website, and storage of the data in log files, is essential for the operation of the website. Therefore, the user has no possibility to object.
Use of cookies
Details and scope of data processing
Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user’s computer system. If the user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a unique character sequence enabling clear identification of the browser when the website is accessed again.
We set cookies in order to make our website more user friendly. Some elements of our website also require the accessing browser to be identified after leaving the site.
In this regard, the following data is stored and transmitted by the cookies:
Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.
Purpose of data processing
Technical cookies make it easier for the user to use the website. Some functions of our website cannot be provided without the use of cookies. For these the browser needs to be recognised even after leaving the site.
The user data collected by technical cookies is not used to create user profiles.
These purposes also provide the basis for our legitimate interest in the processing of personal data under Art. 6 (1) (f) GDPR.
Details of the cookies used
We use the following strictly necessary cookies to ensure the proper functioning of our website. These cookies cannot be deactivated.
Cookie name PLAY_LANG
Content: Details of the user’s language settings on the browser, e.g. en-US
Category: Session management
Storage period: End of session
Purpose: Transmission of the user’s language settings on the browser to ensure consistency of the session.
Cookie name PLAY_SESSION
Content: User’s session ID.
Category: Session management
Storage period: End of session
Purpose: To identify the session in subsequent enquiries
Cookie name timezoneOffset
Content: Decimal value indicating the number of minutes to get to the UTC time zone
Category: Session management
Storage period: End of session
Purpose: Processing applications and identifying applications that have expired based on a common time zone,
Cookie name WorkdayLB_UICLIENT
Content: Hexadecimal coded value indicating the IP address and TCP port number to which all subsequent enquiries to the UI Client Service should be sent.
Category: Load balancing
Storage period: End of session
Purpose: To keep enquiries from an individual user on the same server for this function in order to ensure consistency of experience.
Cookie name WorkdayLB_SAS
Content: Hexadecimal coded value indicating the IP address and TCP port number to which all subsequent enquiries to the Statis-Asset-Service should be sent.
Category: Load balancing
Storage period: End of session
Purpose: To keep enquiries from an individual user on the same server for this function in order to ensure consistency of experience.
Cookie name wday_vps_cookie
Content: Hexadecimal coded value indicating the IP address and TCP port number to which all subsequent enquiries to VPS should be sent.
Category: Load balancing
Storage period: End of session
Purpose: To keep enquiries from an individual user on the same server for this function in order to ensure consistency of experience.
Cookie name enablePrivacyTracking
Content: Boolean tracker for external career site cookie banner
Category: Cookie management
Storage period: End of session
Purpose: To record and respect the user’s choices regarding the acceptance or rejection of cookies that are not strictly necessary.
Cookie name TS*
Content: Hash value of the associated cookies
Category: Management of application security
Storage period: End of session
Purpose: This cookie ensures that the domain and sub-domain cookies sent to the client from the web server are not modified.
Cookie name wd-browser-id
Content: ID for tabs/windows
Category: Session management
Storage period: End of session
Purpose: The wd-browser-id is used to manage sessions where the user has opened several browser tabs/windows. It assigns an ID to each tab/window.
Privacy Statement Dr. Rentschler Holding GmbH & Co. KG
Controller’s contact details
The Controller within the meaning of the General Data Protection Regulation is:
Dr. Rentschler Holding GmbH & Co. KG
Lange Str.. 35
88471 Laupheim
Tel. +49 7392 9384-100
Fax +49 7392 9384-100
Data protection officer’s contact details
You can contact our data protection officer at: datenschutzbeauftragter(at)rentschler-biopharma.com
Recruitment Process
Description and scope of data processing
The categories of personal data that we process include first name, surname, name affixes, nationality, contact details (such as private address, (mobile) phone number, email address), professional qualifications, school education, details of vocational training and other details where required. Bank details may be collected where appropriate for the purpose of reimbursing expenses arising in connection with your application. In addition, special categories of personal data may be included such as health data.
As a general rule, your personal data will be collected from you directly as part of the application. We may also receive data from third parties (e.g. employment agencies, the "Employees Recruit Employees” campaign).
In addition, we process personal data retrieved from publicly accessible sources (e.g. professional networks) which you make known to us voluntarily during the recruitment process.
Purpose and legal basis of data processing
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (General Data Protection Regulation), the German Data Protection Act (BDSG) and any other relevant laws (e.g. Works Constitution Act (BetrVG), Working Hours Act (ArbZG) etc.).
Data processing is principally used to reach a decision on establishing an employment relationship. The main legal basis for this is Art. 6 (1) (b) GDPR in conjunction with Section 26 (1) BDSG. Alongside this, your specific consent under Art. 6 (1) (a) and Art. 7 GDPR in conjunction with Section 26 (2) BDSG (e.g. candidate pool) may be used as a legal basis under data protection law.
If we have received your data from third parties (through the recruitment campaign "Employees Recruit Employees” etc.) we process your data based on legitimate interests pursuant to Art. 6 (1) (f) GDPR.
We also process your data in order to comply with our legal obligations as an employer, particularly in the area of tax law, where your application gives rise to the reimbursement of expenses. This takes place on the basis of Art. 6 (1) (c) GDPR in conjunction with Section 26 BDSG.
Furthermore, we may process your personal data where this is necessary to meet legal obligations (Art. 6 (1) (c) GDPR) or to defend legal claims that are brought against us.
The legal basis for this is Art. 6 (1) (f) GDPR.
Legitimate interests include for example the duty to provide evidence in proceedings under the General Law on Equal Treatment (AGG).
In the event that a contract of employment is established between us, we may, under Art. 88 GDPR in conjunction with Section 26 BDSG, continue to process the personal data which we have already received from you for the purpose of the employment relationship, provided that this is necessary for the implementation or termination of the employment relationship or to exercise or comply with rights and duties relating to the representation of the workforce arising under the law or under a collective bargaining agreement, works agreement or service agreement (collective agreement).
Transfer of data to other agencies
Within our company, your personal data will only be transmitted to those persons or agencies (e.g. specialist department, works council, disabled employees’ representative) that need it in order to ensure compliance with our contractual and statutory obligations.
Within our group of companies, your data will be transmitted to certain companies which perform centralised data processing tasks for the group companies (e.g. contract management, disposal of files).
In addition, for the purpose of complying with our contractual and statutory obligations, we sometimes use varying service providers (e.g. hosting and software service providers). For applicant management, in particular, we use Workday. Further information is available at www.workday.com.
In addition, we may transfer your personal data to other recipients outside the company, if necessary. This may be the case in order to fulfill contractual and legal obligations as an employer, for example, the applicant's bank for possible reimbursement of costs (SEPA payment carrier).
Period of storage
We will erase your personal data as soon as it is no longer required for the aforementioned purposes. Your personal data or application documents will be erased after a maximum of six months from the end of the recruitment procedure (e.g. notification of rejection) unless a longer period of storage is necessary or permitted by law. In this regard, it may be that personal data is stored for the period in which claims can be made against our company (statutory limitation periods of between three and thirty years).
If you have consented to your personal data being included in the candidate pool and assessed for other suitable jobs, your data will be stored for 12 months.
If we have received your personal data from a third party (the recruitment campaign "Employees Recruit Employees”), your data will be erased after 30 days unless you are applying for a job or you have given us your consent to a longer period of storage.
Applicant’s account (Candidate Home Account by Workday)
Description and scope of data processing
The categories of personal data that are processed include in particular email address and password.
The applicant is free to set up a Candidate Home Account with Workday. The Candidate Home Account provides an overview of all recruitment activities.
Purpose and legal basis of data processing
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (General Data Protection Regulation), the German Data Protection Act (BDSG) and any other relevant laws (e.g. Works Constitution Act (BetrVG), Working Hours Act (ArbZG) etc.).
Data processing is principally used to reach a decision on establishing an employment relationship. The main legal basis for this is Art. 6 (1) (b) GDPR in conjunction with Section 26 (1) BDSG. Alongside this, your specific consent under Art. 6 (1) (a) and Art. 7 GDPR in conjunction with Section 26 (2) BDSG (e.g. Talent Management) may be used as a legal basis under data protection law.
Period of storage
You are responsible for the data in the Candidate Home Account with Workday and you can erase it at any time. If you have not logged into your Candidate Home Account for 18 months, recruitment data will be removed automatically.
Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis à via the controller:
- Right to information: You have the right to be informed about the data which we store, in particular the purpose for which it is processed and how long the data will be stored (Article 15 GDPR).
- Right to rectification of inaccurate data: You have the right to require us to rectify personal data concerning you, without undue delay, in the event that it is inaccurate (Article 16 GDPR).
- Right to erasure: You have the right to require us to erase personal data concerning you. These rules provide that you may require your data to be erased if e.g. we no longer need the personal data for the purposes for which it was collected or otherwise processed; we have processed the data unlawfully or you have legitimately objected or withdrawn your consent thereto or there is a legal obligation to erase the data (Article 17 GDPR).
- Right to restriction of processing: You have the right to place a restriction on the processing of your data. This right exists in particular during the verification process in the event that you contest the accuracy of personal data concerning you, and where you have the right to erasure of the data but opt instead for the restriction of its use. Restriction of processing also takes place in the event that the data is no longer required for our purposes but you require it in order to establish, exercise or defend legal claims, and where there is a dispute between us regarding the grounds for successfully asserting an objection (Article 18 GDPR).
- Right to data portability: You have the right to receive the personal data concerning you, which you have submitted to us, in a structured, commonly used and machine-readable format (Article 20 GDPR) insofar as it has not already been erased.
Right to object
If we process your data to safeguard legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if processing serves the establishment, exercise or defence of legal claims.
Withdrawal of consent
If you have consented to your application being assessed for other suitable jobs, you can withdraw this consent at any time. In such a case, we will erase your personal data regarding the application in accordance with the rules on length of storage.
Please send us an email in this connection to personalabteilung(at)rentschler-biopharma.com.
In this case, all personal data that is stored in the course of the recruitment process will be erased.
Automated individual decision-making, including profiling
As the decision regarding your application is not based exclusively on automated processing, no automated individual decision-making takes place within the meaning of Art. 22 GDPR.
Right of complaint to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Technical provisioning of the website for recruitment
Provisioning of website and creation of log files
1. Description and scope of data processing
Each time you access our website, our system automatically collects data and information about your computer.
The following data is collected in this connection:
(1) Information about the type of browser and the version being used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites via which the user’s system accesses our website
(7) Websites accessed by the user’s system via our website
The data is also stored in the log files on our system. This does not involve the user’s IP addresses or other data that enable the data to be assigned to a user. This data is not stored together with any other personal data of the user.
2. Legal basis of data processing
The legal basis for the temporary storage of data is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. For this, the user’s IP address must be stored for the duration of the session.
These purposes also provide the basis for our legitimate interest in the data processing under Art. 6 (1) (f) GDPR.
4. Period of storage
Data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. If data is collected for the purpose of providing the website, this is the case when the respective session comes to an end.
5. Objection and removal
The collection of data for the purpose of providing the website, and storage of the data in log files, is essential for the operation of the website. Therefore, the user has no possibility to object.
Use of cookies
Details and scope of data processing
Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user’s computer system. If the user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a unique character sequence enabling clear identification of the browser when the website is accessed again.
We set cookies in order to make our website more user friendly. Some elements of our website also require the accessing browser to be identified after leaving the site.
In this regard, the following data is stored and transmitted by the cookies:
Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.
Purpose of data processing
Technical cookies make it easier for the user to use the website. Some functions of our website cannot be provided without the use of cookies. For these the browser needs to be recognised even after leaving the site.
The user data collected by technical cookies is not used to create user profiles.
These purposes also provide the basis for our legitimate interest in the processing of personal data under Art. 6 (1) (f) GDPR.
Details of the cookies used
We use the following strictly necessary cookies to ensure the proper functioning of our website. These cookies cannot be deactivated.
Cookie name PLAY_LANG
Content: Details of the user’s language settings on the browser, e.g. en-US
Category: Session management
Storage period: End of session
Purpose: Transmission of the user’s language settings on the browser to ensure consistency of the session.
Cookie name PLAY_SESSION
Content: User’s session ID.
Category: Session management
Storage period: End of session
Purpose: To identify the session in subsequent enquiries
Cookie name timezoneOffset
Content: Decimal value indicating the number of minutes to get to the UTC time zone
Category: Session management
Storage period: End of session
Purpose: Processing applications and identifying applications that have expired based on a common time zone,
Cookie name WorkdayLB_UICLIENT
Content: Hexadecimal coded value indicating the IP address and TCP port number to which all subsequent enquiries to the UI Client Service should be sent.
Category: Load balancing
Storage period: End of session
Purpose: To keep enquiries from an individual user on the same server for this function in order to ensure consistency of experience.
Cookie name WorkdayLB_SAS
Content: Hexadecimal coded value indicating the IP address and TCP port number to which all subsequent enquiries to the Statis-Asset-Service should be sent.
Category: Load balancing
Storage period: End of session
Purpose: To keep enquiries from an individual user on the same server for this function in order to ensure consistency of experience.
Cookie name wday_vps_cookie
Content: Hexadecimal coded value indicating the IP address and TCP port number to which all subsequent enquiries to VPS should be sent.
Category: Load balancing
Storage period: End of session
Purpose: To keep enquiries from an individual user on the same server for this function in order to ensure consistency of experience.
Cookie name enablePrivacyTracking
Content: Boolean tracker for external career site cookie banner
Category: Cookie management
Storage period: End of session
Purpose: To record and respect the user’s choices regarding the acceptance or rejection of cookies that are not strictly necessary.
Cookie name TS*
Content: Hash value of the associated cookies
Category: Management of application security
Storage period: End of session
Purpose: This cookie ensures that the domain and sub-domain cookies sent to the client from the web server are not modified.
Cookie name wd-browser-id
Content: ID for tabs/windows
Category: Session management
Storage period: End of session
Purpose: The wd-browser-id is used to manage sessions where the user has opened several browser tabs/windows. It assigns an ID to each tab/window.
Rentschler ATMP Ltd. - Privacy Policy Applicant
1.1. Controller’s contact details
The Controller within the meaning of the General Data Protection Regulation is:
Rentschler ATMP Ltd.
Sycamore House
2 Gunnels Wood Road
Stevenage, SG1 2BP UK
P +44 1438 567870
E-Mail: humanrelations-uk(at)rentschler-biopharma.com
Data protection officer’s contact details
You can contact our data protection officer at:
datenschutzbeauftragter(at)rentschler-biopharma.com
1.2. Recruitment Process
Description and scope of data processing
The categories of personal data that we process include first name, surname, name affixes, nationality, contact details (such as private address, (mobile) phone number, email address), professional qualifications, school education, details of vocational training and other details where required. Bank details may be collected where appropriate for the purpose of reimbursing expenses arising in connection with your application. In addition, special categories of personal data may be included such as health data.
We do not envisage that we will process information about criminal convictions.
As a general rule, your personal data will be collected from you directly as part of the application. We may also receive data from third parties (e.g. employment agencies, the "Employees Recruit Employees” campaign).
In addition, we process personal data retrieved from publicly accessible sources (e.g. professional networks) which you make known to us voluntarily during the recruitment process.
Purpose and legal basis of data processing
We process your personal data in compliance with the provisions of UK Data Protection Act 2018 (DPA) and the GDPR (the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as defined in the DPA) any other relevant laws.
Data processing is principally used to reach a decision on establishing an employment relationship. The main legal basis for this is Art. 6 (1) (b) GDPR. Alongside this, your specific consent under Art. 6 (1) (a) and Art. 7 GDPR may be used as a legal basis under data protection law.
If we have received your data from third parties (through the recruitment campaign "Employees Recruit Employees” etc.) we process your data based on legitimate interests pursuant to Art. 6 (1) (f) GDPR.
We also process your data in order to comply with our legal obligations in connection with employment. This takes place on the basis of Art. 6 (1) (c) and 9 (2) (b) GDPR and section 10 (2) and Schedule 1 (1) DPA. In particular, we may use information about your health to consider whether we need to provide appropriate adjustments during the recruitment process.
Furthermore, we may process your personal data where this is necessary to meet legal obligations (Art. 6 (1) (c) GDPR) or to defend legal claims that are brought against us.
Transfer of data to other agencies
Within our company, your personal data will only be transmitted to those persons or agencies (e.g. specialist department, works council, disabled employees’ representative) that need it in order to ensure compliance with our contractual and statutory obligations.
Within our group of companies, your data will be transmitted to certain companies which perform centralised data processing tasks for the group companies (e.g. contract management, disposal of files).
In addition, for the purpose of complying with our contractual and statutory obligations, we sometimes use varying service providers (e.g. hosting and software service providers). For applicant management, in particular, we use Workday. Further information is available at www.workday.com.
In addition, we may transfer your personal data to other recipients outside the company, if necessary. This may be the case in order to fulfill contractual and legal obligations as an employer, for example, the applicant's bank for possible reimbursement of costs (SEPA payment carrier).
Period of storage
We will erase your personal data as soon as it is no longer required for the aforementioned purposes. Your personal data or application documents will be erased after a maximum of six months from the end of the recruitment procedure (e.g. notification of rejection) unless a longer period of storage is necessary or permitted by law. In this regard, it may be that personal data is stored for the period in which claims can be made against our company (statutory limitation periods of between three and thirty years).
If you have consented to your personal data being included in the candidate pool and assessed for other suitable jobs, your data will be stored for 12 months.
If we have received your personal data from a third party (the recruitment campaign "Employees Recruit Employees”), your data will be erased after 30 days unless you are applying for a job or you have given us your consent to a longer period of storage.
1.3. Applicant’s account (Candidate Home Account by Workday)
Description and scope of data processing
The categories of personal data that are processed include in particular email address and password.
The applicant is free to set up a Candidate Home Account with Workday. The Candidate Home Account provides an overview of all recruitment activities.
Purpose and legal basis of data processing
We process your personal data in compliance with the provisions of the GDPR, the DPA and any other relevant laws.
Data processing is principally used to reach a decision on establishing an employment relationship. The main legal basis for this is Art. 6 (1) (b). Alongside this, your specific consent under Art. 6 (1) (a) and Art. 7 GDPR may be used as a legal basis under data protection law.
Period of storage
You are responsible for the data in the Candidate Home Account with Workday and you can erase it at any time. If you have not logged into your Candidate Home Account for 18 months, recruitment data will be removed automatically.
1.4. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis à via the controller:
- Right to information: You have the right to be informed about the data which we store, in particular the purpose for which it is processed and how long the data will be stored (Article 15 GDPR).
- Right to rectification of inaccurate data: You have the right to require us to rectify personal data concerning you, without undue delay, in the event that it is inaccurate (Article 16 GDPR).
- Right to erasure: You have the right to require us to erase personal data concerning you. These rules provide that you may require your data to be erased if e.g. we no longer need the personal data for the purposes for which it was collected or otherwise processed; we have processed the data unlawfully or you have legitimately objected or withdrawn your consent thereto or there is a legal obligation to erase the data (Article 17 GDPR).
- Right to restriction of processing: You have the right to place a restriction on the processing of your data. This right exists in particular during the verification process in the event that you contest the accuracy of personal data concerning you, and where you have the right to erasure of the data but opt instead for the restriction of its use. Restriction of processing also takes place in the event that the data is no longer required for our purposes but you require it in order to establish, exercise or defend legal claims, and where there is a dispute between us regarding the grounds for successfully asserting an objection (Article 18 GDPR).
- Right to data portability: You have the right to receive the personal data concerning you, which you have submitted to us, in a structured, commonly used and machine-readable format (Article 20 GDPR) insofar as it has not already been erased.
Right to object
If we process your data to safeguard legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if processing serves the establishment, exercise or defence of legal claims.
Withdrawal of consent
If you have consented to your application being assessed for other suitable jobs, you can withdraw this consent at any time. In such a case, we will erase your
personal data regarding the application in accordance with the rules on length of storage.
Please send us an email in this connection to humanrelations-uk(at)rentschler-biopharma.com.
In this case, all personal data that is stored in the course of the recruitment process will be erased.
Automated individual decision-making, including profiling
As the decision regarding your application is not based exclusively on automated processing, no automated individual decision-making takes place within the meaning of Art. 22 GDPR.
Right of complaint to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
1.5. Technical provisioning of the website for recruitment
Provisioning of website and creation of log files
1. Description and scope of data processing
Each time you access our website, our system automatically collects data and information about your computer. The following data is collected in this connection:
(1) Information about the type of browser and the version being used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites via which the user’s system accesses our website
(7) Websites accessed by the user’s system via our website
The data is also stored in the log files on our system. This does not involve the user’s IP addresses or other data that enable the data to be assigned to a user. This data is not stored together with any other personal data of the user.
2. Legal basis of data processing
The legal basis for the temporary storage of data is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. For this, the user’s IP address must be stored for the duration of the session. These purposes also provide the basis for our legitimate interest in the data processing under Art. 6 (1) (f) GDPR.
4. Period of storage
Data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. If data is collected for the purpose of providing the website, this is the case when the respective session comes to an end.
5. Objection and removal
The collection of data for the purpose of providing the website, and storage of the data in log files, is essential for the operation of the website. Therefore, the user has no possibility to object.
Use of cookies
Details and scope of data processing
Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user’s computer system. If the user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a unique character sequence enabling clear identification of the browser when the website is accessed again. We set cookies in order to make our website more user friendly. Some elements
of our website also require the accessing browser to be identified after leaving the site. In this regard, the following data is stored and transmitted by the cookies:
Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR. Purpose of data processing Technical cookies make it easier for the user to use the website. Some functions of our website cannot be provided without the use of cookies. For these the browser needs to be recognised even after leaving the site.
The user data collected by technical cookies is not used to create user profiles.
These purposes also provide the basis for our legitimate interest in the processing of personal data under Art. 6 (1) (f) GDPR.
Details of the cookies used
We use the following strictly necessary cookies to ensure the proper functioning of our website. These cookies cannot be deactivated.
Cookie Name |
Content |
Category |
Storage period |
Purpose |
---|---|---|---|---|
PLAY_LANG | Details of the user’s language settings on the browser, e.g. en-US | Session management | End of session | Transmission of the user’s language settings on the browser to ensure consistency of the session. |
PLAY_SESSION | User’s session ID. | Session management | End of session | To identify the session in subsequent enquiries. |
timezoneOffset | Decimal value indicating the number of minutes to get to the UTC time zone | Session management | End of session | Processing applications and identifying applications that have expired based on a common time zone |
WorkdayLB_UICLIENT | Hexadecimal coded value indicating the IP address and TCP port number to which all subsequent enquiries to the UI Client Service should be sent. | Load balancing | End of session | To keep enquiries from an individual user on the same server for this function in order to ensure consistency of experience. |
WorkdayLB_SAS | Hexadecimal coded value indicating the IP address and TCP port number to which all subsequent enquiries to the Statis-Asset-Service should be sent. | Load balancing | End of session | To keep enquiries from an individual user on the same server for this function in order to ensure consistency of experience. |
wday_vps_cookie | Hexadecimal coded value indicating the IP address and TCP port number to which all subsequent enquiries to VPS should be sent. | Load balancing | End of session | To keep enquiries from an individual user on the same server for this function in order to ensure consistency of experience. |
enablePrivacyTracking | Boolean tracker for external career site cookie banner. | Cookie management | End of session | To record and respect the user’s choices regarding the acceptance or rejection of cookies that are not strictly necessary. |
TS* | Hash value of the associated cookies | Management of application security | End of session | This cookie ensures that the domain and sub-domain cookies sent to the client from the web server are not modified. |
wd-browser-id | ID for tabs/windows. | Session management | End of session | The wd-browser-id is used to manage sessions where the user has opened several browser tabs/windows. It assigns an ID to each tab/window. |