Fabasoft’s Privacy Statement for Applicants

Who is responsible for data processing? - The Group’s Structure

The Group company to which you have applied for a position, is deemed the controller responsible for protecting your application.

Fabasoft International Services GmbH is the controller under data protection law for the Fabasoft Talent Pool.

You will find all Fabasoft companies listed below:

Additional Information:

* Mindbreeze GmbH (www.mindbreeze.com) and its subsidiary company, the Mindbreeze Corporation (hereinafter: “Mindbreeze”) belong to the Fabasoft Group, but have their own website, also for careers. The current privacy statement for applicants also includes Mindbreeze’s application process.

This privacy statement serves to elaborate on the general privacy statement of Fabasoft (available at www.fabasoft.com/privacy), the general privacy statement of Mindbreeze (available at www.mindbreeze.com/privacy), the general privacy statement of Xpublisher (available at www.xpublisher.com/privacy) and to provide more information for applicants.

The current version of this privacy statement is available on the Fabasoft website and is available as a PDF download free of charge.

** Xpublisher GmbH (www.xpublisher.com) and its subsidiary company, Xpublisher Inc. (hereinafter: “Xpublisher”) belong to the Fabasoft Group, but have their own website, also for careers. This privacy statement for applicants also includes the application process of Xpublisher.

Which data are processed? Where does the data come from (the data sources)?

1. Data collected from the applicant (Art 13 GDPR)
   Fabasoft processes personal data that has been collected directly from the data subject. In order to take part in the application process, the following personal data will be processed: Personal data that you have willingly provided through your application, namely: form of address, name, title, home address, date of birth, telephone number, email address, nationality, cover letter, motivation letter, CV, school and higher education details, employer references, proof of further study, professional history, photos and examples of work you have completed.
    
2. Data not collected from the applicant (Art 14 GDPR)

   In addition to the personal data you willingly provided, Fabasoft reserves the right to acquire data from business platforms such as XING and LinkedIn for the purpose of assessing your application. Whereby we compare the information on your CV, school and higher education details, further study and professional history from your application documents with information available on XING and LinkedIN and store these data. Fabasoft has a legitimate interest in this assessment.

   Fabasoft also uses external recruiters for its search for employees. If we receive application documents concerning you from a recruiter, then these include: Form of address, name, title, home address, date of birth, telephone number, email address, nationality, cover letter, motivation letter, CV, school and higher education details, employer references, proof of further study, professional history, photos and examples of work you have completed as well as information from the recruiter as to why you are suitable for the position advertised by us.

Why is personal data processed and what is the legal basis for doing this?

1. Compliance with pre-contractual obligations pursuant to Art. 6 (1)(b) GDPR
   In order to assess your application, it is necessary that staff in recruitment team process your personal data. As well as the recruitment staff of the company to whom you send your application, your data will be made available to a select number of Fabasoft’s human resource managers (line managers within the Group), so they can assess whether we can enter into an employment contract with you (see Art. 6 (1)(b) GDPR)
    
2. Data processing in the context of consent pursuant to Art 6 (1)(a) GDPR
   Processing for alternative vacancies

   Employees, who have been entrusted with the task of recruitment, are the main point of contact during the application process. As the documents provided in the application are assessed, it may transpire that the qualifications listed are more suitable for a different position within Fabasoft other than the one for which you have applied. If this is the case, you will receive a message from the recruitment team, as well as information on the proposed position. Your personal data will only be transferred to the relevant recruitment manager with your consent. If consent is not granted for this, your personal data will be processed within the context of your original application. Such consent can be withdrawn at any time. The legitimacy of the processing, for which consent was granted, remains intact until the consent is withdrawn.

   Processing in the context of joining the talent pool
   You may only join the talent pool if you expressly grant your consent for this. The talent pool is a platform that Fabasoft uses to stay in contact with applicants and people it has identified as having desirable skills. It is managed by Fabasoft International Services GmbH’s recruitment management. Based on your consent, data are transferred to other Fabasoft companies within the Group. People in the talent pool will receive targeted information about new and relevant vacancies. Such consent can be withdrawn at any time. The legitimacy of the processing, for which consent was granted, remains intact until the consent is withdrawn.
   Irrespective of the above-mentioned legal bases and cases of processing, Fabasoft may require supplementary consent for certain processing operations which it must obtain from you. If you grant Fabasoft consent to process personal data, the processing will be carried out exclusively in accordance with the purposes defined in the consent, for example, to sign up for the careers newsletter, for invitations to career events. Such consent can be withdrawn at any time. The legitimacy of the processing, for which consent was granted, remains intact until the consent is withdrawn.
    

3. Protection of legitimate interests pursuant Art. 6 (1)(f) in conjunction with Art. 10 GDPR
   Should your desired activity require special trustworthiness, we process the data you have provided with regard to criminal convictions and offences. We do this on the basis of legitimate interests of Fabasoft for the purpose of verifying your suitability in the context of self-protection and protection of responsibility pursuant to § 4 (3)(2) DSG (Data Protection Act). These data are only processed by us for a period of 7 months after provision.
    
4. Granting of explicit consent pursuant to Art 9 (2)(a) GDPR

   Art. 9 (2)(a) GDPR serves as the legal basis for data processing insofar the processing of special categories of personal data (“internal 2-G regulation”) is necessary. The processing of the data is carried out exclusively based on the explicit consent granted as part of the personal job interview and the protective measures this entails, which are intended to prevent the danger of infection of our employees in the continuing pandemic.
   The requirement and necessity of the processing of the data mentioned are evaluated at regular intervals and adjusted to bring them in line with the current situation. Such consent can be withdrawn at any time. The legitimacy of the processing, for which consent was granted, remains intact until the consent is withdrawn.
    

5. Profiling
   No automated processing of personal data is undertaken. This means that we use no personal data for the purpose of creating a profile of you in order to analyse your preferences and interests.

Who receives the personal data?

As the processor, Fabasoft International Services GmbH provides the recruitment team for Fabasoft, as well as (human resources) marketing and communication services. Within Fabasoft, only those individual employees, departments or Fabasoft companies receive the personal data, that require these in order to fulfil above-mentioned purposes. Furthermore, in exceptional circumstances, and only insofar as necessary, data may be transferred to certain officials (such as lawyers). In individual cases, we also forward your data to our data protection officers in Austrian or Germany, in order to obtain their advice on the implementation of data protection regulations, e.g. in the event you assert data subject rights against us.

There are different interfaces and data processing steps within the Fabasoft Group, in which the different individual personal data processing services are carried out among the companies of the group. Within Fabasoft, only those individual employees, departments or Fabasoft companies receive personal data, that require these in order to fulfil contractual or legal obligations and legitimate interests.

The regulations defined in the “Framework agreement for internal data processing within the Fabasoft Group” reflect the respective roles of the companies of the Fabasoft Group as joint controllers in a transparent manner pursuant to Art. 26 GDPR or as controller and processor pursuant to Art. 28 GDPR as well as the legally-compliant form of this legal relationship, in particular in compliance with the regulations of the GDPR or the respective national data protection regulations. In the event of a breach of this framework agreement and/or of applicable data protection regulations, Fabasoft International Services GmbH, FN 271303a, Honauerstrasse 4, 4020 Linz, has undertaken to assume the liability for any claims asserted by a data subject. This means the data subjects have a place of jurisdiction within the EU at their disposal for asserting their rights.

The Framework Agreement is available for downloading at https://www.fabasoft.com/de/about us/transparency.

Insofar personal data are to be transmitted to the USA or any other country with a less stringent level of data protection, Fabasoft ensures in advance that a suitable level of data protection is in place. The appropriate or reasonable guarantees agreed in individual cases, as well as the possibility of obtaining a copy of these, are available at privacy@fabasoft.com.

For how long is data stored?

Fabasoft stores your personal data collected during the application process, for a period of 7 months after the application process has ended.

If we receive your data from a recruiter, we store your data for a period of 7 months after the application process has ended, regardless of whether we contact you or not.

By consenting to join the talent pool, you are granting permission for your personal data to be stored for 3 years after joining Fabasoft’s talent pool.

Personal information, which was transferred to Fabasoft upon permission being granted (e.g. to receive the careers newsletter or invitations to career events) will be stored for a maximum of three years after the last activity, provided that it is not re-used before then.

Where is the data stored?

Fabasoft stores data on its own hardware in highly secure, external data centres in Germany, Austria and Switzerland.

What are the data subject’s data protection rights?

Pursuant to Article 15 GDPR you have the right to demand information at any time regarding what data concerning you we process. Furthermore, you have the right to demand rectification or completion of inaccurate or incomplete data concerning you (see Art 16 GDPR for more detail in this context). On principle you have the right to the erasure of your data (see Art. 17 GDPR for more detail in this context). However, there is no right to erasure if, for example, the processing is necessary in order to fulfil a legal or contractual obligation. Under certain conditions, you have the right to demand the restriction of the processing of your data (see Art. 18 GDPR for more detail in this context). You have the right to object to a processing of your data that is necessary for the purpose of protecting our legitimate interests or those of a third party. In the event of an objection we will no longer process your data, unless the processing is required for the establishment, exercise or defence of legal claims or we have compelling legitimate grounds for the processing which override your interests (see Art 21 GDPR for more detail in this context). On principle you also have the right to receive the personal data you have provided, in a structured, commonly used and machine-readable format. However, the right to data portability only applies insofar the processing is based on consent or on a contract (see Art 20 GDPR for more detail in this context).

If the processing of your data is based on your consent, you can withdraw this at any time without having to give reasons. The legitimacy of the processing, for which consent was granted, remains intact until the consent is withdrawn (see Art 7 (3) GDPR for more detail in this context).

All of the above listed rights can be asserted against all Fabasoft’s associated companies through the following channels.

By email:    privacy@fabasoft.com
By post: Fabasoft AG, c/o Datenschutz, Honauerstraße 4, 4020 Linz, Austria

All rights must be asserted against Fabasoft in writing. In order to prevent any unauthorized persons from abusing these rights, you must prove your identity to Fabasoft in an appropriate manner, insofar this cannot be ascertained by us with certainty.

In the event of an unexpected breach of your right to lawful processing of your data, despite our obligation to process your data in a lawful manner, you have the right to lodge a complaint with the Austrian Data Protection Authority or with another data protection supervisory authority in the EU, in particular at your place of residence or place of work.

Contact with Data Protection Officers

Fabasoft has a data security team at its disposal that is dedicated to data protection issues (“Privacy Team”) The contact details for this privacy team are available at: https://www.fabasoft.com/privacy. The privacy team can be contacted at: privacy@fabasoft.com

If the GDPR and/or national regulations require, Fabasoft will appoint a data protection officer. The contact details of this data protection officer are available at: https://www.fabasoft.com/privacy