DATA PROTECTION POLICY REGARDING THE PROCESSING OF PERSONAL DATA OF THIRD PARTIES
This policy of Jenewein & Partner Ges.m.b.H. (“Amrop Jenewein“, respectively “We” or “Us“) applies to all third parties (“You” or “Your“).
We have extensive responsibilities in connection with the protection of Personal Data of Our Clients or Candidates. We ensure the compliance with the General Data Protection Regulation (GDPR) in close cooperation with our Clients or business partners. Our services are provided based on the principles of trust, confidentiality and the respect for the rights of individuals.
In accordance with our obligations under the GDPR, We would like to provide You with the following information about how We use Personal Data.
(B) Processing of Personal Data
Collection of Personal Data: We may collect Your Personal Data when performing Our services. These Personal Data may be collected for example from the following sources:
- Personal Data which has been provided by You (for example, if You provide us with Your CV or if You contact us via e-mail, telephone etc.).
- If We have connected You with any of Our Clients subject to Your consent.
- Personal Data provided by other Amrop offices.
- Personal Data available on social media, respectively publicly available Personal Data.
- Personal Data which has been provided by third parties, such as references by former employers or other third parties.
- Background checks which are performed subject to Your prior consent in accordance with applicable law.
Personal Data of third parties provided by You: If You provide Us with Personal Data of third parties in specific circumstances (for example by way of an e-mail recommending such third party attaching their CV), We assume that You have obtained the consent of such third party and that such disclosure is in accordance with Our data protection policy. Please do not transfer any Personal Data of third parties unless this is in accordance with the previous sentence.
Relevant Personal Data: Personal Data can in particular include the following:
- information based on a CV such as name and address as well as any further contact details including telephone numbers and e-mail-addresses, education, professional experience, qualifications, degrees and certificates, further qualifications, language and any other skills;
- age/date of birth;
- family status;
- professional title and functions;
- position within the organisational structure as well as reporting lines;
- salary and remuneration including any other benefits as performance bonuses and other finance-related information (such as shares in the company);
- holiday entitlement;
- information relating to suspensions of operations and pension entitlements;
- performance reviews;
- assessment and suitability/matching for a specific position;
- social media presence;
- supervisory board mandates;
- any memberships as well as any voluntary work and hobbies;
- shares in companies;
- third party feedback relating to Candidates and obtaining of references;
- records of Our contact history with You;
- if required in a mandate: official ID, passport or visa; criminal records;
- background checks: information obtained in the course of background checks performed subject to Your express consent (e.g. details relating to Your previous employment relationships or information relating to Your place of residence).
Legal basis for the Processing of Personal Data: The Processing of Personal Data for the purposes specified in this policy is based on the following:
- the data subject has given consent to the Processing of their Personal Data (consent is not required, if there is an alternative legal basis for the Processing);
- the Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- statutory requirement;
- the Processing is necessary in order to protect a relevant interest of an individual person; or
- the Processing is justified by Our, or a third party’s legitimate interest and such interest is not overridden by the interest, fundamental rights and freedoms of the data subject. We rely of the legitimate interest as a legal basis for
- the performance of Our services owed to Our Clients
- the management and sustainable development of Our business; and
Processing of Sensitive Data: We do not Process Sensitive Data unless in exceptional circumstances, if, for example
- the Processing is required by law;
- this is required to comply with Your legal rights; or
- You give your express consent.
Purposes for which We may Process Your Personal Data: pursuant to applicable law to perform Our services:
- Executive search: Finding potential Candidates on behalf of Our Clients for the placement of executive and management as well as specialist positions. If required, subject to prior advertisements.
- Board Consulting: Supporting our Clients in connection with the strategic composition of a supervisory board or an advisory board.
- Leadership Services: Advising and supporting our Clients in all “management” related matters (in particular, management audits, management consultation, coaching, team development, efficiency analysis or succession planning, executive sparring and executive positioning, onboarding)
- Individual communication: Any type of individual communication with You (including e-mails, calls, text messages, use of social medial, messenger services, via mail or in person); keeping information on file for the purpose of notification of employment opportunities (external or internal at your current employer) in connection with search mandates.
- Quality assurance of our services: Ensuring and further development of Our quality standards; further development of Our service portfolio.
(C) Disclosure of Personal Data to third parties
We may disclose Your Personal Data to other Amrop partner offices for legitimate purposes. In accordance with applicable law, these purposes include the performance of Our services and the operation of Amrop Partner offices. We may also disclose relevant demographic information to Our Clients for purposes specified in this policy.
Furthermore, We may disclose Your Personal Data to:
- Our Clients, to provide our services in accordance with this data protection policy;
- tax advisors, auditors, lawyers and other external advisors of Amrop Jenewein and the Amrop group, which are subject to a professional secrecy or contractual confidentiality obligation;
- external service providers, which may be established abroad and are subject to the obligations set out in section (C) as they are Processing Personal Data;
- We may use plugins or third party content (such as Xing or LinkedIn). Your Personal Data may be disclosed to third parties if You decide to interact via such plugins.
If We instruct a service provider with the Processing of Your Personal Data, such service provider is subject to the contractual obligation (i) to Process such Personal Data only in accordance with Our prior written instructions and (ii) to implement appropriate measures to ensure confidentiality and security of Personal Data.
(D) International transfer of Personal Data
As We offer Our services on a global level, We may have to disclose Your Personal Data to Amrop group offices, Clients, or third parties as defined above in section (C) for the purposes specified in this policy.
If We transfer Your Personal Data outside of Austria, such transfer is exclusively based on valid agreements.
(E) Data security
We implement appropriate technical and organisational measures in accordance with applicable law in order to protect Your Personal Data against accidental or unlawful destruction, alteration, unauthorised disclosure or access and any other unlawful or unauthorised Processing.
However, it is Your responsibility to ensure that You provide any Personal Data in a secure manner.
We will update Your Personal Data to the extent possible. We may from time to time ask You to confirm the accuracy of Your Personal Data.
(G) Data minimisation
We will only Process Your Personal Data to the extent required for the purposes specified in this policy.
We will only store Your Personal Data as long as there is a legitimate purpose for such storage.
We may store Personal Data during the existing client relationship and, following its termination, as long as there is a corresponding statutory retention obligation, or a party could assert any claims arising from or in connection with the client relationship or in the event of any other justified reasons. We may also retain Personal Data in order to include You in future search and selection processes and to contact You accordingly and, if applicable, also if this would exceed the scope of an actual job opportunity.
(I) Your rights
Your rights in accordance with applicable law as a data subject in connection with Our processing activities are: the right to access, rectification, erasure, restriction of Processing or, if applicable, to object to the Processing, to data portability and to lodge a complaint with the competent supervisory authority.
Any use of Our websites is subject to Our data protection and cookie policies.
(L) Your responsibilities
If You are a Candidate, We assume that the Personal Data provided to Us is complete and accurate allowing Us to offer Our Clients impeccable services.
If you are the Source, we assume that You disclose the Personal Data specified in this policy lawfully.
Should You have any comments or questions in connection with this data protection policy or in the event of any other request relation to the Processing of Personal Data by Amrop Jenewein, please contact: firstname.lastname@example.org
- ‘Candidate‘ means a current or potential candidate for a present job opportunity or a candidate with whom We work in connection with the performance of our leadership services.
- ‘Client‘ means a client of Amrop Jenewein or of any other Amrop office.
- ‘Controller‘ means someone who decides about the manner and purposes of the Processing of Personal Data. Many jurisdictions provide that the Controller is primarily responsible for the compliance with applicable data protection law.
- ‘Data Protection Authority‘ means an independent authority which is responsible to monitor compliance with applicable data protection law.
- ‘Leadership Assessment‘ means any leadership assessment service (in particular, management audits, management consulting, coaching, team development, efficiency analysis or succession planning, executive sparring and executive positioning) to assess the management potential of the Client’s own personnel or of any external Candidates nominated by the Client.
- ‘Personal Data‘ means any information relating to an identified or identifiable natural person (“data subject”)
- ‘Processing‘ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure.
- ‘Sensitive Data‘ or ‘Special Categories of Personal Data‘ include any Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sexual orientation, or any other information which is considered equivalent under applicable law.
- ‘Source‘ means any individual who provides recommendations, appraisals or opinions about Candidates, in particular with regard to their suitability for a specific position.