Data protection policy for applicants at Post Wertlogistik GmbH

Mandatory information according to Art 13 and 14 GDPR of a purely informative nature.
Status: September 2024

1.  To whom does this data protection policy apply?

1.1. This data protection policy is addressed to applicants of Post Wertlogistik GmbH ("PWL", "we", "us"), regardless of the application channel through which we receive your application.

1.2. If your application leads to employment with us, our relevant data protection policy for employees of PWL applies. This policy might already be available to you for your information.

2.  Who is in charge of handling your personal data?

2.1. Joint responsibility with Österreichische Post Aktiengesellschaft

2.1.1. If you apply to PWL via the career portal (karriere.post.at), if you contact PWL via the career portal via direct contact or if you consent to your application being forwarded to PWL for the purpose of finding a suitable position as part of your application to Österreichische Post Aktiengesellschaft via the career portal, your personal data will be processed in the career portal under joint responsibility with Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna.

2.1.2. In the case of joint responsibility, Österreichische Post Aktiengesellschaft is responsible for the following data processing operations:

  • receiving your application on behalf of PWL;
  • providing infrastructure, storage and security for the data you submit through your career profile in connection with an application to PWL and for any other data you submit and that will be uploaded to your career profile after you have been informed about it;
  • sending rejection letters;
  • correspondence with you if you initially contact Österreichische Post Aktiengesellschaft by e-mail or apply directly to Österreichische Post Aktiengesellschaft for a position at PWL;
  • processing and responding to your data subject rights requests in relation to your data in connection with an application to PWL, to the extent that this data has been stored by Österreichische Österreichische Post Aktiengesellschaft or uploaded to the career portal;
  • activation of your application for PWL in the career portal;
  • activation of your application for PWL if you have agreed to forward it to Group companies ("co-managed subsidiary" of Österreichische Post Aktiengesellschaft) and there is a suitable position with them.

2.1.3. In the case of joint responsibility, PLW is responsible for the following data processing:

  • Corresponding with you to schedule appointments for job interviews, as far as this correspondence is uploaded to the career portal;
  • corresponding with you for the purpose of sending acceptance letters via the career portal;
  • corresponding with you to send rejection letters via the career portal in special cases (esp. if you have already been in contact with PWL).

2.2. Sole responsibility of Post Wertlogistik GmbH

2.2.1. Post Wertlogistik GmbH, Steinheilgasse 1, 1210 Vienna ("PWL", "we", "us") is solely responsible for your personal data that we receive and process in the course of your application outside the career portal or in addition / following your application via the career portal.  This applies, for example, to applications that we receive directly, the organisation and execution of job interviews as well as acceptance or rejection letters that are not shared via the career platform. In this context, PWL is solely responsible for guaranteeing all data subject rights and other data protection obligations. PWL complies with all legal provisions about the protection, lawful handling and confidentiality of personal data as well as data safety.

2.2.2. We process your personal data in accordance with data protection regulations, above all the General Data Protection Regulation (GDPR), the Austrian Data Protection Act and other relevant laws.

2.3. Sole responsibility of Österreichische Post Aktiengesellschaft

2.3.1. For further information on data processing under the sole responsibility of Österreichische Post Aktiengesellschaft in connection with your application via the career portal, please refer to Österreichische Post Aktiengesellschaft's data protection policy ("data protection applicants").

3.  From whom do we receive your data from and do you have to provide it?

3.1. We receive your personal data either

  • directly from you (e.g., in the case of open applications), 
  • from Österreichische Post Aktiengesellschaft (if you apply via the career portal),
  • or also from third parties (e.g., personnel service providers, Talent Solutions GmbH (myVeeta-Talentepool), publicly available information).
     

3.2. During the application process, you have to provide the data required for a potential employment and which we are legally required to collect. If you do not provide this data, we usually refuse to offer employment. However, you do not have to provide your consent to data processing of data not relevant for a possible employment or that is not legally required.

 

4.  What interest does PWL have regarding my data and for what purpose may PWL process my data (data protection policy pursuant to Article 13 of the GDPR)?

4.1. You can apply to us by direct or open application or via the career portal (karriere.post.at).  If you apply to us via the career portal, the data you provide in the course of your application in the career portal will be processed under joint responsibility (Art. 26 GDPR) with Österreichische Post Aktiengesellschaft.

4.2. Your application and the processing of your application is  a processing of your personal data and might also be a processing of personal data of a special category.

4.3. The processing of your personal data that you share with us in the course of an application process is carried out for the purpose of processing and verifying the implementation of a non-discriminatory application procedure and for recruiting suitable personnel. Additional purposes that are attributable to the special legal requirements for security companies (PWL) are listed in the appropriate places under items 4.4, 4.5 and 5.

4.4. Data processing, depending on the application channel:

4.4.1. Application via our via the career portal (karriere.post.at)

We process your data as part of applicant management for the purpose of handling application processes via the career portal. If you apply for a position at Österreichische Post, the career portal karriere.post.at will be available to you. Every applicant can create their own user profile. Österreichische Post Aktiengesellschaft can create user profiles for applications received in writing. 
If you decide to apply via this system, you have to create a user account. For the creation and maintenance of your user accounts, the career platform's relevant data protection policy applies. This information will be provided to you when you create the account. You can access and read this information again here.

Legal basis for data processing: Art 6 (1) (b) of the GDPR (performance of a contract or pre-contractual measures), Art. 6 (1) (f) of the GDPR (legitimate interest in handling the application process via the career portal and managing your data), fulfilling our obligations under Section 18 of the Austrian Salaried Employees Act or Section 1157 of the Austrian Civil Code (employer's duty of care)), if applicable Art. 6 (1) (c) in conjunction with Art. 9 (2) (b) of the GDPR - fulfillment of a legal obligation, in particular with regard to obligations of the employment relationship to be established, provided that your application documents contain special category data.

  • If there is a suitable vacancy for you at a Group company ("co-managed subsidiary" of Österreichische Post Aktiengesellschaft) and you have consented to the forwarding, we or Österreichische Post Aktiengesellschaft may forward your application to a Group company. If you do not give your consent, your data will only be used for your application to PWL. This means that you will not be considered for possible job openings available at other group companies. You can revoke your consent at any time without stating reasons with future effect (see also item 7.44.).
     
    Legal basis for data processing: Art. 6 (1) (a) of the GDPR (consent regarding data transfer to group companies).
  • Please note that data processing in accordance with item 4.5. may also be relevant for you.

4.4.2. Open application and direct application to PWL

  • If you send an open application to PWL or apply directly to us (i.e., not via the career portal), you will send us the application documents - and ultimately personal data - that you consider necessary for the application.
  • In order for us to process your open/direct application and subsequently make the legally required background check about you, provided that we invite you to a job interview, we will need the following data from you: 
     
    First and last name, date of birth, place of birth, nationality and address.

    Legal basis for data processing: Art. 6 (1) (b) of the GDPR (performance of a contract or pre-contractual measures), Art. (6) (1) (f) of the GDPR (legitimate interest in handling the application process and managing your data), fulfilling our obligations under Section 18 of the Austrian Salaried Employees Act or Section 1157 of the Austrian Civil Code (employer's duty of care), if applicable Art. 6 (1) (c) in conjunction with Art. 9 (2) (b) of the GDPR (fulfillment of a legal obligation, in particular with regard to obligations of the employment relationship to be established, provided that your application documents contain special category data).
     
  • Please note that data processing in accordance with item 4.5. may also be relevant for you.

4.5. Possible data processing independently of the application channel:

4.5.1. To comply with statutory obligations
PWL has legal obligations, such as documentation duties, obligations from employer law, labour law, and social law as well as provisions from company law, tax law and entrepreneurial law. In addition, we have inspection and reporting duties. We process your data as required by law to comply with these regulations.
 Legal basis for processing: Art. 6 (1) of the GDPR (legal obligation)

4.5.2. Based on your consent

During the application process, we usually do not process any data on the basis of your consent. 
We will only ask for your additional consent if none of the grounds for processing as defined in items 4.4.1, 4.4.2, 4.5.1, 4.5.3, 4.5.4 and 4.5.5 applies (e.g., if you wish for your application to be kept on file). If you have provided your consent for an individual case, you can revoke this at any time with future effect and without having to state reasons.
Legal basis for processing: Art. 6 (1) (a) of the GDPR (consent)

4.5.3. Insurance data excerpt from your social security provider
Provided that we invite you to a job interview, we will ask you to send us an insurance data excerpt from your social security provider (without information about your assessment basis). 
You can request this document from your social security provider;  further information is available here. When compiling this insurance data excerpt, the social security provider acts as an independent responsible party as defined in Article 4 (7) of the GDPR. The processing of the insurance data extract transmitted by you to us is based on the legitimate interest and for the purpose of 

  • prevention and containment (general prevention) of behavior relevant under criminal and civil law,
  • self-protection (property/assets),
  • the protection of responsibility (protection of customers' property/contractual liability towards customers).

Among others, the legal basis for data processing are the following laws (as amended) and contractual obligations: Art. 6 (1) (f) of the GDPR (legitimate interest), Sections 129 (4) and Section 5 (3) in connection with Section 130 (8) of the 1994 Industrial Code, Sections 353 ff of the Austrian Civil Code, contractual liability.


4.5.4. Creditworthiness data
If we invite you to a job interview, we kindly ask you to request an "InfoPass Bewerber" or "InfoPass Finanzierer" with information about your creditworthiness from KSV 1870 Information AG, Wagen-seilgasse 7, 1120 Vienna, Austria (hereinafter referred to as: KSV 1870) before the interview, to bring this document to the interview and to give it to us. This has the advantage that you will be able to see the creditworthiness information provided by KSV 1870 and all included data before this information is handed over to PWL. As a result, you will know exactly what personal data we will process from this "InfoPass Bewerber" or "InfoPass Finanzierer". When making this creditworthi-ness assessment and when collecting information for the "InfoPass Bewerber" or "InfoPass Finanzierer", KSV 1870 acts as an independent processor as defined in Article 4 (7) of the GDPR. Please note that for requesting and  obtaining the product "InfoPass Bewerber " and "InfoPass Finanzierer" by KSV 1870, the data protection policy of KSV 1870 alone applies.

Information about "InfoPass Bewerber" is available here.

We will process this "InfoPass Bewerber" or "{InfoPass Finanzierer" sent to us by you based on our legitimate interest for the purpose of

  • avoiding and controlling (general prevention) as well as resolving behaviour punishable by criminal and civil law,
  • self-protection (property/assets)
  • responsibility protection (protection of clients' property/contractual liability towards clients)
    from a legal obligation (duty of care).
     

Among others, the legal basis for data processing are the following laws (as amended) and contractual obligations: Art. 6 (1)  (f) of the GDPR (legitimate interest), Sections 129 (4) and (5) (3) in connection with Section 130 (8) of the 1994 Industrial Code, Sections 353 ff of the Austrian Civil Code, Section 1157 of the Austrian Civil Code, contractual liability.

4.5.5. Photo for employee ID
If we hire you, we will issue an employee ID that will include a photo of your face. In order for us to be able to provide an employee ID on your first day of work, we kindly ask you to bring an ID photo (passport format) to the job interview. If you do not bring an ID photo to your job interview, we will use the picture you previously sent us in your application package to issue your employee ID. The processing of the photo will be done in our legitimate interest for the purpose of 

  • avoiding and controlling (general prevention) as well as resolving behaviour punishable by criminal and civil law,
  • self-protection (property/assets).
  • responsibility protection (protection of clients' property/contractual liability towards clients)
     

Among others, the legal basis for data processing are the following laws (as amended) and contractual obligations: 
Art. 6 (1) (f) of the GDPR (legitimate interest), Sections 353 ff of the Austrian Civil Code, contractual liability.

 

5.  What data categories are processed from external sources (data protection information pursuant to Article 14 of the GDPR in the case of indirect data collection)?

5.1. From staffing agencies
If you applied for a position with PWL via a staffing agency, the staffing agency will collect your personal data (usually your first and last name, your date of birth, your place of birth, your nationality and address, your education, previous career, résumé and sometimes your cover letter and other personal data that you consider relevant for your application) and will transfer this data to us for evaluation. 
Also, we will let the staffing agency know if and when we hired you (see item 6.4 below).

Staffing agencies will provide us all information that you have shared with the staffing agency (application package).

Among others, the legal basis for data processing are the following laws (as amended) and contractual obligations: Article 6 (1) (b) of the GDPR  (performance of a contract/pre-contractual measures), Article 6 (1) (f) of the GDPR (legitimate interest).

5.2. MyVeeta Talent Pool
The technology for our talent pool is called "myVeeta" and is operated and provided by Talent Solutions GmbH (Kölblgasse 2, 1030 Vienna, Austria). When you register for myVeeta, you create a confidential, private account and grant myVeeta access to your data. Talent Solutions GmbH is the independent controller for the processing of your personal data in myVeeta (myVeeta profile). 

The privacy policy of myVeeta is available hereRegistration in the myVeeta talent pool is voluntary and by no means required for an application to PWL.

We receive from myVeeta all information that you have provided in the myVeeta portal (application documents and other personal data that you consider necessary for your application).

Among others, the legal basis for data processing are the following laws (as amended) and contractual obligations: 
Art. 6 (1) (b) of the GDPR (performance of a contract/pre-contractual measures), Art. 6 (1) (f) of the GDPR (legitimate interest).

5.3. Background check by a security authority pursuant to Section 130 (9) of the 1994 Industrial Code

As a security operator, PWL is obliged to use only those employees who are authorised and have the necessary aptitude and reliability to carry out activities, especially in the security and transport industry. 
As a security operator, PWL is legally required to have a background check performed by the competent security authority no later than two weeks before hiring the employee in question.

For the competent security authority to be able to perform this background check, we will share the following data: 
First and last name, date of birth, place of birth, nationality and address.

The security authority will perform an internal check about you. After finishing this assessment, they will let PWL know if you are a person "reliable and qualified" to perform the desired job whom we are allowed to hire or not. 
If the authority tells us that you are not a "reliable" or qualified person for this profession, we may not hire you. 
The security authority does not provide us with any information about the data used for the internal assessment (including criminal record or administrative fines). Also, we do not question the results we receive.

Among others, the legal basis for data processing are the following laws (as amended): 
Art. 6 (1) (c) (legal obligation), Sections 129 (4) and (5) (3) in connection with Section 130 (9) of the 1994 Industrial Act.

5.4. Social media check
In addition, we reserve the right to perform a search about you (by entering your first and last name) in popular search engines (e.g., Google) and social media prior to offering your employment. 
These checks performed by PWL will only include publicly available/accessible postings and profiles as well as information from public and generally accessible sources (e.g., newspaper articles). 
If we find postings or information that we consider to speak against your reliability or qualification (Section 130 (8) of the 1994 Industrial Code), we will let you know during or before the job interview.

In this context, we process the data that appears when you enter your first name and last name. However, this does not result in any storage (e.g., download) or disclosure to third parties.

The social media check is performed based on a legitimate interest for the following purposes:

  • avoiding and controlling (general prevention) behaviour punishable by criminal and civil law,
  • self-protection (property/assets).
  • responsibility protection (protection of clients' property/contractual liability towards clients),
  • compliance with statutory obligations (duty of care).
     

Among others, the legal basis for data processing are the following laws (as amended) and contractual obligations: 
Art. 6 (1) (f) of the GDPR (legitimate interest), Sections 129 (4) and (5) (3) in connection with Section 130 (8) of the 1994 Industrial Code, Sections 353 ff of the Austrian Civil Code, Section 1157 of the Austrian Civil Code, contractual liability.

 

6.  With whom/which recipients may your data be shared?

6.1. Below you will find a list of the potential categories of recipients and specific recipients (insofar as this is possible) at PWL to whom personal data may be transferred in the context of the aforementioned data processing.

Please note:

  • The listed recipients will only receive your data if this is necessary to provide a service or to maintain PWL's business operations. 
  • If data are shared with recipients for processing, this does not mean that all data sets will be shared, but merely those that are required for processing by third parties. 
  • At PWL, only those departments and employees that are in charge of meeting contractual and legal obligations and legitimate interests receive personal data so that they can fulfill their duties.
  • Contracts have been concluded with all processors that precisely regulate their obligations with regard to data and data security.
     

6.2. Courts, authorities, insurances: There are some statutory provisions that PWL can only comply with by sharing your personal data with public authorities (such as social security organisations, tax offices
or prosecuting bodies, supervisory bodies, etc.) or courts in the required scope.

Public bodies and institutions that receive your data in any case in the course of the application process:

  • District administrative authority (pursuant to Section 130 of the Industrial Code)
6.3. External service providers (processors): In a world of labour division, the required data processing work is oftentimes provided by specialised businesses, so-called service providers (processors). 

These businesses can provide such services at attractive rates while, most importantly, delivering high quality. Therefore, we transfer your personal data to such businesses in the scope necessary for them to provide the contractually agreed services. Such services include, among others, data storage in our secure data centres.

We currently use the following processors:

  • Atos IT Solutions and Services GmbH,
  • Österreichische Post Aktiengesellschaft

6.4. Other recipients: In individual cases, as part of the precontractual relationship, your personal data might be shared with additional parties (such as insurance companies or brokers, human resources providers, etc.) These recipients are each independent controllers within as defined in Art. 4 (7) of the GDPR.

  • Group companies ("co-managed subsidiary" of Österreichische Post Aktiengesellschaft) - only if you have given your consent,
  • Talent Solutions GmbH (myVeeta), 
  • personnel service providers.

6.5. If data are shared with recipients for processing, this does not mean that all data sets will be shared, but merely those that are required for processing by third parties.

7.  How long will your data be stored?

7.1. Applications that do not lead to employment are automatically deleted within seven months of completion of the application process (acceptance, rejection or withdrawal of application). 
The deletion includes all data that you have made available to us (your application documents, InfoPass Bewerber or InfoPass Finanzierer, photo for the employee ID, etc.)
and also those that we receive/collect from third parties (result of the background check and the social media check, application documents from myVeeta/personnel service providers). 
In individual cases, your data may also be stored longer if this is necessary for legal prosecution (see item 8.1.1.).

7.2. If your application leads to employment, we will provide the data protection policy for our employees that will apply to you as soon as you have been hired.

7.3. If you applied via our career portal (karriere.post.at), you can delete your career portal user account yourself. Please refer again to the relevant data protection policy of Österreichische Post Aktiengesellschaft. If you do not sign in to your user account for seven months, it will automatically be deleted. If you applied for a position and you went through the entire application process, we will, even if you delete your account, keep your application package for seven months after the conclusion of the application process, and delete it immediately after this period.

7.4. If you have given us your consent to data processing in individual cases (e.g., keeping a record of your application or forwarding it to a co-managed subsidiary of Österreichische Post Aktiengesellschaft), you can revoke this consent at any time and without giving reasons. If you revoke your consent, we will immediately delete the personal data processed based on your consent. A revocation will not affect the lawfulness of data processing performed until that point in time. If the consent only concerned the forwarding of data, a revocation of your consent does not lead to the deletion of your personal data. If you went through the entire application process, your application package will be deleted in accordance with item 7.1. or, in the case of employment, processed in accordance with item 7.2.

7.5. Please note that, in exceptional cases, a different and/or additional retention period may apply to you if your personal data is processed lawfully in accordance with item 8.

8.  Any possible processing for other purposes

8.1. Below you will find a list of the potential purposes for which your personal data may be further processed, the legal bases for processing and the storage period. 
In addition, we disclose the possible recipients of your data in connection with this data processing.

Please note:

  • The processing (and especially the additional storage) of your personal data for other purposes will only be performed if it is absolutely necessary and legally permissible. 
    Only those data records / data categories that are required to fulfill the additional purpose are affected by processing. This is not the rule. Under certain circumstances, processing may only take place in response to your request for information, e.g., in accordance with Art. 15 of the GDPR.
  • If  data are shared with recipients for processing, this does not mean that all data sets will be shared, but merely those that are required for processing. 
  • At PWL, only those departments and employees that are in charge of meeting contractual and legal obligations and legitimate interests receive personal data so that they can fulfill their duties.
     

8.1.1. Legal matters and disputes

  • Purpose and legitimate interest: to the extent required, we process your data for the execution and file management of civil, corporate and administrative legal matters, the establishment, review, negotiation or execution of contracts and declarations, corporate documents and out-of-court correspondence, including the management of the data of parties and natural persons acting on their behalf (including insurance companies, legal representatives, lawyers, notaries) for the purpose of processing. 
  • Data categories: the categories of data processed in this context originate from the application process (usually your first and last name, your date of birth, your place of birth, your nationality as well as your address, career/education, previous professional career, résumé and in some cases cover letter, other personal data that you consider necessary for your application).
  • Legal basis:
    • Safeguarding the legitimate interests of the controller following a proportionality test Art. 6 (1) (f) of the GDPR in conjunction with Art. 9 (2) (f) of the GDPR  
  • Storage period: decisions/judgments and documents relevant to the outcome of the proceedings are stored generally for 30 years from the legally binding conclusion of the proceedings/dispute (court decision/official decision/conclusion of court settlement /out-of-court settlement). 
  • Recipients: Österreichische Post Aktiengesellschaft (processor), Atos IT Solutions and Services GmbH (sub-processor), ADVOKAT Unternehmensberatung GREITER & GREITER GmbH (sub-processor), Lawlift GmbH (sub-processor), SAP Österreich GmbH (sub-processor), Atos IT Solutions and Services GmbH (processor), authorities/courts (public bodies and institutions), Österreichische Post Aktiengesellschaft (other external recipients - as independent controllers), auditors (other external recipients - independent controller), insurance companies (other external recipients - independent controllers), insurance brokers (other external recipients - independent controllers), expert lawyers, notaries, tax consultants (other external recipients - independent controllers), works council (other external recipients - independent controller).
  • Other information about this processing: the data are partly provided by you, partly by third parties (e.g., authorities) or they come from public registers. 

8.1.2. Exercising your rights as a data subject under the GDPR

  • Purpose and legitimate interest: if you exercise your rights under Art. 15-22 of the GDPR, the data you provide in this context and any additional information will be processed to prove the lawful processing of your request and for the possible exercise or defense of legal claims.
  • Data categories: the data processed in this context will be disclosed by you in the course of your request / exercise of rights or originate from the processing activities about which you are informed in our data protection policy.
  • Legal basis:
    • Fulfillment of a legal obligation (Art. 6 (1) (c) of the GDPR in conjunction with  Art. 15-22 of the GDPR),
    • safeguarding the legitimate interests of the controller after a proportionality test (Art. 6 (1) (f) of the GDPR).
  • Storage period: data in connection with your exercise of rights in accordance with Art. 15-22 of the GDPR will be deleted after 37 months from receipt of your request. If official/judicial proceedings have been initiated, your data will be deleted in accordance with item 8.1.1.
  • Recipients: Österreichische Post Aktiengesellschaft (processor), Atos IT Solutions and Services GmbH (sub-processor), Atos IT Solutions and Services GmbH (processor), EBERHARDT Rechtsanwälte OG (data protection officer PWL - other external recipients).

8.1.3. Processing for handling data protection incidents

  • Purpose and legitimate interest: if a (potential) data protection incident is suspected/exists, your data will be processed for the purpose of reporting and processing corresponding (including alleged) data protection incidents. 
  • Data categories: the data categories processed in this context originate from the application process (usually your first and last name, date of birth, place of birth, nationality and address, career/education, previous professional career, résumé and in some cases cover letter, other personal data that you consider necessary for your application).
  • Legal basis:
    • Safeguarding the legitimate interests of the controller after a proportionality test (Art. 6 (1) (f) of the GDPR).
    • Fulfillment of a legal obligation (Art. 6 (1) (c) of the GDPR in conjunction with Art 33 and Art. 34 of the GDPR)
  • Storage period: data processing in connection with (potential) data protection incidents will be deleted after 37 months from the time we become aware of the alleged data protection violation or from the time the last required notifications are sent to the data protection authority or the data subject. If official/judicial proceedings have been initiated, this data will be deleted in accordance with item 8.1.1.
  • Recipients: Österreichische Post Aktiengesellschaft (processor), Atos IT Solutions and Services GmbH (sub-processor), Atos IT Solutions and Services GmbH (processor), EBERHARDT Rechtsanwälte OG (data protection officer PWL - other external recipients), data protection authority (public bodies and institutions).

8.1.4. Compliance management

  • Purpose and legitimate interest: under certain circumstances, your personal data may also be processed for the purpose of fulfilling internal and Group compliance regulations. As a subsidiary of Österreichische Post Aktiengesellschaft, PWL is also subject to the compliance requirements of its parent company. 
  • Data categories: the categories of data processed in this context originate from the application process.
  • Legal basis: 
    • Compliance with a legal obligation (Article 6 (1)  (c) of the GDPR in conjunction with  International Accounting Standards (IAS) and Section 132 of the Austrian Federal Tax Code), 
    • Safeguarding the legitimate interests of the controller after a proportionality test (Art. 6 (1) (f) of the GDPR), establishment, exercise or defence of legal claims (Art. 9 (2) (f) of the GDPR).
  • Storage period: data processed in this context are generally deleted after a maximum of 3 years. If the data are tax-relevant, they will be deleted after 7 years.
  • Recipients: Österreichische Post Aktiengesellschaft (processor), Atos IT Solutions and Services GmbH (subprocessor), Atos IT Solutions and Services GmbH (processor), Compliance Committee ÖPAG (other external recipient: body not bound by instructions - independent controller), auditor (other external recipient).

9.  To what extent is automated decision-making used?

9.1. Our application process does not include any automated decision-making. Humans alone decide if you will be hired and if your application is successful. 
In addition, the creditworthiness information provided by you, the social media check performed by us and the background check to assess your qualification and reliability by a security authority all rely on human decisions. However, at PWL, we are bound by the result of the reliability assessment and we are not allowed to hire employees that do not have the required reliability or qualification.
 

10. May your data also be shared with third parties in another country (including outside the EU)?

10.1. Yes, provided that the European Commission has confirmed that this third country has an adequate data protection level and that adequate data protection safeguards exist (e.g. binding in-house data protection provisions or standard EU data protection clauses).

10.2. In exceptional cases, the data may also be shared with a third country with your explicit consent, provided that we have informed you about possible risks associated with the planned disclosure and the lack of adequate data protection guarantees.

11.  What rights do you have?

11.1. If you so desire, we will provide information about your personal data that we process whenever you like. In addition, in some cases, you also have the right to data portability, meaning that we would give you all personal data you have disclosed to us in a structured, standard and machine processable format.

11.2. Under certain conditions, you can also demand that the processing of your data is limited or that your personal data is rectified or deleted. In addition, you can object to the processing. In some of the above-mentioned cases, your consent will give PWL the right to process your data. You can revoke this consent at any time without the need to state reasons with future effect. Until then, we will lawfully process your data.

11.3. Your right to object: Under certain conditions, you can also object to the processing, provided that this is justified by special circumstances. You can object to the processing independently of the circumstances if the purpose of the processing is direct advertising. 
For contact information, please see item 12 below.

11.4. In addition, you have the option of filing a complaint with the Austrian Data Protection Authority: Österreichische Datenschutzbehörde,  Barichgasse 40-42, 1030 Vienna. In the case of unlawful processing of your personal data, you can also turn to the competent court civil court.

 

12.  Who is the data protection officer and how can I get in touch?

12.1. EBERHARDT Attorneys-at-Law OG, Weihburggasse 18-20, 1010 Vienna. To get in touch with the data protection officer of Post Wertlogistik GmbH, please e-mail us at wertlogistik.datenschutzbeauftragter@post.at or write to Post Wertlogistik GmbH, Datenschutz/data protection, Steinheilgasse 1, 1210 Vienna.