Privacy Notice for Applicants

1. What is this Privacy Notice about?
2. Who is responsible for processing your data?
3. What data do we process and for what purpose?
4. On what basis do we process your data?
5. Who do we disclose your data to?
6. In which countries does your personal data end up?
7. How long do we process your data?
8. How do we protect your data?
9. What rights do you have?

Implenia AG, its affiliated subsidiaries and Group companies (hereinafter referred to as Implenia) would like to inform you about how we internally process your data as an applicant or interested party. This privacy notice applies in addition to our general privacy notice, which informs you about how and for what purpose your personal data is processed in connection with our websites, among other things. This privacy notice complies with the EU General Data Protection Regulation ("GDPR") and the Swiss Data Protection Act ("DSG"). However, the application of these laws depends on each individual case.

Integrity is a special value for Implenia and part of our mission statement (Mission Statement Implenia - Implenia AG), so we have attempted to present the following to you as clearly and transparently as possible. If, despite all our efforts, there are still any uncertainties, please do not hesitate to contact us.

The specific Implenia Group company that has published a particular job vacancy is responsible for collecting and processing your data in connection with the respective job vacancy (the particular position you’re applying for) in order to carry out the recruitment process, unless another company has been designated as the responsible entity. You can contact this specific Implenia Group company for any data protection concerns and to exercise your rights under section 9 using the contact details provided in the job ad.

If you have any questions or concerns about data protection at Group level, please contact:

Implenia AG
Thurgauerstrasse 101 A
CH-8152 Glattpark (Opfikon)
Switzerland 
dataprivacy@implenia.com

In addition, a data protection officer has been appointed for the Group companies in Germany in accordance with Article 37 et seq. DSGVO and Section 38 of the Federal Data Protection Act (BDSG), who can be contacted as follows:

Implenia Deutschland GmbH
Data Protection Officer
Am Prime Parc 1
D- 65479 Raunheim
dataprivacy-germany@implenia.com

Your personal data will be processed by us for the following purposes:

• Evaluation whether you are a suitable candidate for an open position of ours,
• Initiation and establishment of the employment relationship,
• Contact and general communication,
• For information on other jobs within Implenia (with your prior consent).

In doing so, we mainly process the data you provided us. We can only consider your application if you provide us with your master and skills data. If you do not provide us with the data required for the position you are applying for, this may possibly mean that we cannot consider your application. In this case, however, we will give you the opportunity to provide us with the missing information or documents within a specified period before declining your application. In addition, we examine publicly available data on career social media portals in connection with your application, e.g. to get a better picture of you.  Likewise, we can only communicate with you or respond to your request if we process communication data. If you have provided us with reference data, this will also be processed internally. We process your photos if you have provided them as part of your application files. No individual profiling takes place when processing your data.

Unless we ask for your consent, the use of your personal data is based on the purpose of establishing an employment contract with you or on our legitimate interest in the respective processing (e.g., checking documents, reviewing your information from public profiles from professional social networks).

Insofar as we ask your consent for certain processing activities (e.g., for the management of sensitive staff data), we will inform you separately about the respective processing purposes. Consents are always voluntary, so you can withdraw your consent at any given time and with future effect by notifying us in writing (by post or email); once we have received the notice of your withdrawal of consent, we will no longer process your data for the purpose(s) to which you initially consented to, unless we have another legal reason to do so. However, a withdrawal of consent does not affect the legitimacy of the processing carried out based on your consent prior to your withdrawal. If you withdraw your consent to the processing of personal data that we require to assess you or employ you for a particular job, then your application for that position can no longer be considered. 

In certain circumstances, we may continue to use your data because of other legal grounds, for example in the event of a dispute, where this is necessary in connection with a potential legal dispute or for the enforcement or defence of legal claims. In some cases, a different legal basis may apply, which we will inform you of separately if necessary.

We work with service providers in the EEA (European Economic Area), Switzerland and other countries who process your data on our behalf or as joint controllers or receive data concerning you as appointed controllers. This may include health data. To reach new applicants and receive their applications, to optimise our IT systems and internal applications and tools, and to focus on our core competencies, we procure services from third parties in various areas. These include IT services, information transfer, communication services, services from recruitment agencies and staffing companies. We share the data that these providers need to fulfil their services. They may also use this data for their own purposes, for example anonymised information to improve their services. In addition, we conclude contracts with these providers to ensure compliance with data protection, insofar as this does not result directly from the law (e.g., authorities).

For our (video-) conferences we use Microsoft Teams from Microsoft Ireland Operations Limited. Where we are the data controller, we only process and share data with Microsoft that is necessary to use the features of Microsoft Teams (e.g., your email address to send you an invitation). Microsoft may also collect data about you to provide their services to us (e.g., recording conferences) and use it for their own purposes. More information about how Microsoft processes your data given here: 

Microsoft Teams Privacy - Microsoft Teams | Microsoft Learn

If you provide us with external references so that we can contact them, this is deemed to be consent under data protection law and we may exchange your data with the reference provider (e.g., former employers or other organisations), who acts as a individual data controller. We will particularly share data about your reference, your identity, and any information we wish to have verified. However, we only do this with your prior consent.

As explained in section 5, we share data with other parties. These are not all located in the EEA and in Switzerland. Your data may therefore also be processed in further countries, exceptionally in any country in the world. If a recipient is located in a country without adequate legal data protection, we oblige them to comply with the applicable data protection law (for this purpose we use the European Commission's standard contractual clauses, which are accessible here) unless they are already subject to legally recognised regulations to ensure data protection and we do not rely on an exemption. An exception may apply in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data that you have made generally accessible and the processing of which you have not objected to.

We only process your personal data for as long as the original processing purpose requires. In exceptional cases, a new processing purpose may arise, such as defending legal claims. The regular retention period is 6 months after the position has been awarded. This is necessary according to various national standards such as the Equal Treatment Act.

Wir treffen angemessene Sicherheitsmassnahmen, um die Vertraulichkeit, Integrität und Verfügbarkeit Ihrer Personendaten zu wahren, um sie gegen unberechtigte oder unrechtmässige Verarbeitungen zu schützen und den Gefahren des Verlusts, einer unbeabsichtigten Veränderung, einer ungewollten Offenlegung oder eines unberechtigten Zugriffs entgegenzuwirken.

Applicable data protection laws give you the right to object to the processing of your data under certain circumstances, in particular for processing actions based on legitimate interest. To help you control the processing of your personal data, you have the following rights in relation to our data processing, depending on the applicable data protection law:

• the right to request information from us as to whether and what data of yours we process; 
• the right to have data corrected by us if it is inaccurate; 
• the right to request that we delete data; 
• the right to request that certain personal data is provided to you in a commonly used electronic format or have it transferred to another controlling instance;
• the right to withdraw your consent where our processing is based on your consent. 
• the right to obtain, upon request, further information useful for the exercise of these rights. 

If you wish to exercise any of the above rights against us or any of our Group companies, please contact us in writing addressed to our premises or, unless otherwise stated or agreed, by email; our contact details are given in section 2. In order for us to be able to prevent abuse, we will need to identify you (e.g., by means of a copy of an identity document, if identification is otherwise not possible). 

If you are in the EEA or Switzerland, you also have the right to file a complaint with the responsible data protection supervisory authority in your country. 

A list of authorities in the EEA is available here: Members | European Data Protection Board (europa.eu).

You can contact the Swiss supervisory authority as follows: Contact (admin.ch).