Privacy notice (EEA & UK) Candidates
Thank you for your interest in our job offers. At the PHINIA group of companies we take data protection very seriously and are committed to respecting and protecting your privacy. We have developed this Notice in particular to clearly inform you about how we collect, use, disclose and otherwise process personal data as required by applicable law or as we require in the course of fulfilling our professional responsibilities and operating our business as well as about your rights under GDPR. Please find descriptions of all definitions used in Annex 1 of this Notice.
1. For whom is this Privacy Notice?
This Notice covers our processing of personal data under GDPR with respect to candidates that apply for a position at an entity of the PHINIA group in the EEA or in the UK.
Should you apply online via the Online Application Tool please also note the Website Privacy Notice available here.
By providing this Notice to you, we comply with our information obligations under GDPR. Please note that this Notice shall not confer upon you any rights or obligations that are not conferred upon you by law and regulations
2. Who are we and how can you contact us?
The controller of your personal data is the PHINIA entity which offers the vacancy you are applying for or to which you apply for a position proactively.
For a list of the relevant PHINIA entities with their contact details, please refer to Annex 2. For information regarding the contact details of the relevant data protection officer or other privacy contact (if no data protection officer is appointed locally by the relevant PHINIA entity), please contact PHINIA´s Compliance Office.
In any case, you may always contact PHINIA´s Compliance Office with respect to questions about this Notice, the processing of your personal data in general and to exercise your rights towards PHINIA as outlined below under no. 8.
3. Where do we collect your data?
We generally collect your personal data directly from you (e.g. if you provide information about you via the Online Application Tool or alongside your application that you mail to us):
Contact details, such as name, address (including country), telephone number and email address;
Application data, such as resume, job history, academic history, job reference, experience, certificates and qualifications;
Premise visit data should you be invited and come to an on-premise job interview, such as pictures/videos of you (should you visit areas on company premises monitored with CCTV due to security concerns), log data of entry and exit from company premises and vehicle information (e.g. license plate number);
- Any other data you provide us with in your application and over the course of the application process
In some cases, we may collect personal data about you from other sources:
- Recruitment agencies (contact details, application details);
You are generally not required to provide your personal data to us unless there is an obligation for such provision by local regulations or where we have to collect personal data for compliance with a legal obligation to which we are subject. However, if you do not provide your personal data, we might not be able to decide whether you qualify for a vacancy. In some cases this may mean that we will be unable to hire you.
4. How is your data used (purposes and legal bases)?
We process your personal data to make our hiring decision, operate our business and comply with our legal obligations. More specifically, we process your personal data for the purposes and rely on the legal bases set forth in the table below. Where relevant, the legitimate interest is included in the table below as well.
The relevant legal bases are:
Processing necessary to take steps at your request prior to entering into a contract (i.e. processing necessary to make a hiring decision and enter into an employment contract with you);
Compliance with legal obligations;
Protection of vital interests of you or of another natural person;
Legitimate interests; and
Consent.
Where we process special categories of personal data (e.g., data concerning health) it will be justified by one of the above mentioned legal bases and one of the following additional conditions:
The processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law, to the extent permissible under applicable laws;
The processing is necessary to protect your vital interests or of another person where you are physically or legally incapable of giving consent (for example in exceptional emergency situations, such as a medical emergency);
The processing is necessary for the establishment, exercise or defense of legal claims; or
In exceptional circumstances the processing is carried out subject to your explicit consent.
Purpose of processing | Legal basis | Legitimate interest (where relevant) | Categories of personal data |
To respond to your application | Making a hiring decision and entering in an employment contract with you | N/A | Contact details |
To assess your suitability to work for us and make a decision whether to offer you employment. To consider and adjustments or accommodations for the recruitment process or if you were to commence work with us in the event you have a disability. | (i) Compliance with legal obligations (e.g. ensuring that we do not unlawfully discriminate in our hiring decisions) or (ii) making a hiring decision where (i) does not apply. In case you voluntarily provide us with the information that you have a disability we process this information only to the extent this is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law. | N/A | Contact details, application data, any other data you provide us with in your application and over the course of the application process |
To ensure that you are a suitable candidate for a vacancy | (i) Compliance with legal obligation (e.g. establishment of the right to work in the country in which you shall be employed) or (ii) making a hiring decision where (i) does not apply or (iii) legitimate interests where (i) and (ii) do not apply | We have a legitimate interest in ensuring that candidates do not pose an unacceptable risk to the PHINIA group of companies and/or its clients. | Contact details, application data, any other data you provide us with in your application and over the course of the application process |
To offer jobs and provide contracts of employment | (i) Compliance with legal obligations (e.g. requirement to issue written particulars or terms of employment and not to unlawfully discriminate in the terms of any offer to you) or (ii) entering into an employment contract with you where (i) does not apply | N/A | Contact details, application data, any other data you provide us with in your application and over the course of the application process |
To include you in our talent pool and contact you should a suitable position be available | Consent | N/A | Contact details, application data, any other data you provide us with in your application and over the course of the application process |
To operate CCTV on our premises (if any) | Legitimate interests | We have a legitimate interest in ensuring the security of our premises. | Pictures/videos of you |
To facilitate visits to our premises and ensure security of our premises | (i) Making a hiring decision or (ii) legitimate interests where (i) does not apply | We have a legitimate interest in ensuring the security of our premises. | Contact details, premise visit data |
To protect your vital interests or those of another natural person (this will only apply in case you require emergency medical care while visiting our premises but are unconscious or otherwise incapable of giving consent) | Protection of vital interests of you or of another natural person | N/A | Contact details |
To safeguard our rights | Legitimate interests We process special categories of personal data in this context only to the extend necessary for the purpose of establishment, exercise and defense of legal claims. | We have a legitimate interest in the establishment, exercise and defense of legal claims. | Contact details, application data, premise visit data, any other data you provide us with in your application and over the course of the application process |
To comply with legal obligations to which we are subject (e.g. deriving from tax law, foreign trade law or sanctions regulations) | Compliance with legal obligations We process special categories of personal data in this context only to the extent that is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law. | N/A | Contact details, application data, premise visit data, any other data you provide us with in your application and over the course of the application process |
To carry out compliance investigations | Legitimate interests | We have a legitimate interest carrying out compliance investigations to safeguard that we comply with our legal obligations. | Contact details, application data, premise visit data, any other data you provide us with in your application and over the course of the application process |
For any of the above listed purposes it might be necessary to transfer data to our Affiliates | (i) Consent where the relevant processing activity listed above relies on consent or (ii) Making a hiring decision or (ii) legitimate interests in case (i) and (ii) do not apply | We, as part of the PHINIA group, have a legitimate interest in transferring your personal data within the group for internal administrative purposes where this is necessary for the purposes of effective recruitment. | The data categories correspond to those listed with respect to the relevant purpose for processing. |
In some cases, your personal data may be processed based on your freely-given consent. You will be informed about the purposes of such processing prior to being asked to give consent.
5. Who has access to your information (recipients)?
Within the Controller, only authorized employees with appropriate responsibilities have access to your personal data. In addition, we may share your personal data with the following categories of recipients:
5.1 - We may share your personal data with service providers that process personal data on our behalf and subject to our instructions as so-called processors, for the purpose of providing their professional services to us:
Online Application Tool provider (USA)
IT service providers (hosting services, email services, document processing software) (USA)
5.2 - We may share your personal data with the following third parties:
Other entities of the PHINIA group of companies: We may share your personal data with other entities of the PHINIA group of companies for the purposes listed in no. 4 above.
Other third parties:
Tax and other state authorities (including social security institutions and law enforcement agencies) for the purpose of compliance with laws and regulations applicable to us
Consultants (lawyers and auditors) for the purpose of compliance with legal obligations and safeguarding our rights
Courts in the EEA and outside the EEA for the purpose of safeguarding our rights
The legal bases relevant for the transfer of personal data to third parties can be found in no. 4 above.
6. Do we transfer your data internationally (third country transfers)?
Some recipients of personal data may be located outside the EEA/UK and in countries that do not offer a level of protection equivalent to the one granted in the EEA/UK. Where personal data is transferred to locations outside the EEA/UK, we will, as required by law, ensure that your privacy rights are adequately protected either because the European Commission has decided that the country to which personal data are transferred ensures an adequate level of protection (Art. 45 GDPR) or the transfer is subject to appropriate safeguards provided by entering into standard data protection clauses of the European Union with the recipient (Art. 46 GDPR) unless GDPR provides for an exception (Art. 49 GDPR). In addition to this, we intend to, where necessary, agree on additional measures with recipients to ensure an adequate level of data protection.
A copy of the standard data protection clauses of the European Union can be found here. Copies of other safeguards can be requested by contacting PHINIA´s Compliance Office.
7. How long do we store your data?
Your personal data will generally only be stored until the personal data are no longer necessary in relation to the purposes for which they were collected (or otherwise processed).
If we cannot offer you the job which you are applying for, we will delete your personal data in accordance with the requirements of national law, at the latest six months after the completion of the application process.
In case you consent to storage of your personal data in the internal talent pool, we will store the data for a period of 12 months from the time you have been informed that the initial application was unsuccessful. This storage period will be extended by six months each time we contact you specifically in relation to the initiation of an employment with us.
As an exception, personal data may be stored longer where their processing is necessary for compliance with a legal obligation – including compliance with statutory retention periods – to which we are subject or for the establishment, exercise or defense of legal claims.
8. What rights do you have under GDPR?
You have the following rights under GDPR provided that the legal requirements therein are met:
Right of access. You may request information about the processing of your personal data and a copy of the personal data undergoing processing insofar as such copy does not adversely affect the rights and freedoms of others.
Right to rectification. You may request correction of your personal data that is inaccurate and/or completion of such data which is incomplete.
Right to erasure. You may request deletion of your personal data, in particular where (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) you objected to the processing and there are no overriding legitimate interests for the processing, (iii) your personal data has been unlawfully processed or (iv) your personal data has to be erased for compliance with a legal obligation to which we are subject. The right to deletion, however, does not apply in particular where the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
Restriction of processing. You may request restriction of processing (i) for the period in which we verify the accuracy of your personal data if you contested the accuracy of the personal data, (ii) where the processing is unlawful and you request restriction of processing instead of deletion of the data, (iii) where we no longer need the personal data, but you require the data for the establishment, exercise or defense of legal claims or (iv) if you objected to processing until it has been verified whether our legitimate grounds override your interests, rights and freedoms.
Right to data portability. You may request to receive your personal data, which you have provided to us, in a structured, commonly used machine-readable format and transmit those data to another controller without hindrance from us, where the processing is based on consent or a contract and the processing is carried out by automated means; in these cases you may also request to have the personal data transmitted directly to another controller where this is technically feasible (data portability).
Right to withdraw consent. You may withdraw your consent at any time for the future where processing is based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to object.
- Right to lodge a complaint. You may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of an alleged infringement if you consider that the processing of your personal data infringes the GDPR.
A list of the European supervisory authorities can be found here.
France – Right to digital legacy. Should you apply to a PHINIA entity in France, you additionally have the right to define (general or specific) directives regarding the fate of your personal data after your passing.
Please address your requests to exercise your rights to PHINIA´s Compliance Office (except for the right to lodge a complaint with a supervisory authority).
9. Changes to this Notice
We reserve the right to amend or modify this Notice at any time to ensure compliance with applicable laws. Please check regularly whether this Notice has been updated. We will notify you in case there are substantial changes to this Notice that affect you.
This Notice has been updated last in June 2023.
Annex 1 – Definitions
The terms and expressions in capital letters used in this policy have the meanings set forth below. Additionally, the definitions included in Art. 4 of the GDPR shall apply.
“Affiliate” shall mean PHINIA Inc. and any entity which directly or indirectly controls, or is controlled by, PHINIA Inc. ‘Control’ means direct or indirect ownership or domination of more than 50% of the voting interest of the respective entity.
“Controller”, “we”, “us”, “our” shall mean the PHINIA entity which is controller of your personal data according to no. 2 of the Notice.
“DPO” shall mean data protection officer.
“EEA” shall mean European Economic Area.
“GDPR” shall mean the General Data Protection Regulation (Regulation (EU) 2016/679) or UK GDPR where UK GDPR is relevant.
“Notice” shall mean this privacy notice for candidates (EEA).
“Online Application Tool” shall mean the tool that can be accessed via the website of the PHINIA group of companies in order to apply for vacancies online. Said tool is hosted by a service provider which processes the collected personal data on our behalf (as a so called processor).
“UK” shall mean United Kingdom.
“UK GDPR” shall mean the GDPR as transposed into UK national law by operation of section 3 of the European Union (Withdrawal) Act 2018, together with the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 and other data protection or privacy legislation in force from time to time in the UK.
Name | Address | Contact details |
|
|
|
|
|
|
PHINIA we take data protection very seriously. We have developed this Privacy Notice in particular to clearly inform you about how we collect, use, disclose and otherwise process personal data as required by applicable law or as we require in the course of fulfilling our professional responsibilities and operating our business and about your rights under GDPR. Please find descriptions of all definitions used in Annex 1 of this Notice.