Processing of (personal) data by the entity in charge of the online application process
General information
This data privacy statement, which refers exclusively to data collected as part of the online application process, is to inform you about how your personal data that is collected as part of the online application process is handled at our end.
The controller
The controllers under data protection law are the Bitly Group companies:
Bitly US
DPT 5006
601 W. 26th St., Suite 357 (3rd Floor)
New York, NY 10001-1101
Bitly Europe GmbH
Am Lenkwerk 13
33609 Bielefeld
Registered at the local court in Bielefeld
Registration number: HRB 43671
Data Protection Officer for Germany:
DataCo GmbH
Dachauer Straße 65
80335 Munich
Germany
+49 (0) 89 - 74 00 45 84 - 0
datenschutz@dataguard.de
www.dataguard.de
Personal data collected as part of the application process
Personal data includes any information concerning the personal or material circumstances of an identified or identifiable individual. Information such as your name, address, telephone number and date of birth, but also data relating to your specific career etc. by reference to which a specific individual can be identified with reasonable effort is personal data.
Fundamentals and purposes of processing personal data collected from application documents and during the application process
If you apply to us electronically, i.e. via e-mail or using our online form, we will collect and process your personal data for the purpose of executing the application process and for the decision making process regarding the start of an employment. The legal basis for this is article 88 (1) of the GDPR in conjunction with §26 (1) of the BDSG.
By submitting an application via our recruitment website, you express your interest in taking up work with us. In this context, you transmit personal data, which we will use and store exclusively for the purpose of your job search / application process.
In particular, the following data is collected during this process:
- name (first and last names)
- e-mail address
- phone number
- channel through which you found us
Furthermore, you can choose to upload expressive documents such as a cover letter, your CV and reference letters. These may contain additional personal data such as date of birth, email, and address.
Only authorized HR staff and/or staff involved in the application process have access to your data.
The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.
Your data will be stored for a period of 180 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
Furthermore, with your consent, we can store your data for 180 days after the application process has been concluded for the purpose of adding it to our Talent Pool in order to identify any other vacancies that may be of interest to you. This includes, for example, applications for apprenticeships or internships.
Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
Disclosure of data to third parties
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Greenhouse Software Inc. “Greenhouse”, which offers an applicant management software solution (https://www.greenhouse.io/uk/privacy-policy). In this context, Greenhouse is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Greenhouse.
Rights of data subjects
If we as the controller process personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR.
To assert your rights as a data subject in relation to the data processed during this online application process, please contact privacy@bit.ly with your request.
Concluding provisions
We reserve the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the application process or other processes. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.
In addition to this data privacy statement, please view our general data privacy statement - Bitly US & Bitly Europe.
Processing of (personal) data by the operator of the recruitment website
General information
This recruitment website is operated by Greenhouse Software Inc., which offers a candidate management software solution (https://www.greenhouse.io/uk/privacy-policy). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Greenhouse’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. The processing by Greenhouse is based on an agreement for the processing of orders between the controller and Greenhouse. In addition, Greenhouse Software Inc., processes further data, some of which may be personal data, to provide its services, in particular for operating the recruitment website.
The controller
The controller under data protection law is:
Greenhouse Software Inc.
18 West 18th Street, 11th Floor
New York, NY 10011
Phone: +1 917 780 4130
Greenhouse does not disclose Personal Information they collect about you, except as described in their Privacy Policy or as they disclose to you at the time this information is collected.
Cookies
For information about cookies employed by the Service and how to control them, see our Cookie Notice.
Mobile location data
You can disable Greenhouse’s access to your device’s precise geolocation in your mobile device settings.
Do Not Track
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. Greenhouse currently does not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit allaboutdnt.com.
How Greenhouse secures your information
We care about the security of your Personal Information, and take steps including implementing appropriate technical and organizational measures to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Information.
International data transfers
Your Personal Information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, our primary offices are located in the United States, and our third-party service providers and partners operate around the world. This means that when we collect your Personal Information, it may be processed in any of these countries.
Notice to European, Swiss and UK users
The information provided in this “Notice to European, Swiss, and UK Users” section applies only to individuals in the European Economic Area (the “EEA”), Switzerland, or the UK.
If you are a visitor from the EEA, Switzerland, or the UK, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
However, we will normally collect Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Information from you or may otherwise need the Personal Information to protect your vital interests or those of another person.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us at privacy@greenhouse.io.
EU/Swiss/UK Data Transfers
With respect to transfers of data from the EEA, Switzerland, or the UK, we have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Website Privacy Policy, and we will only transfer Personal Information to recipients that provide an adequate level of data protection or as permitted by applicable data protection laws by implementing appropriate safeguards, including but not limited to relevant data transfer agreements based on the Standard Contractual Clauses, when necessary. The Standard Contractual Clauses shall apply to any transfers of Personal Information from the EEA and/or its member states, Switzerland, and the United Kingdom to countries which do not ensure an adequate level of data protection within the meaning of applicable laws of the foregoing territories.
Data Protection Rights
As an EEA, Swiss, or UK data subject, you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your Personal Information, you can do so at any time by contacting us at privacy@greenhouse.io.
- You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. Again, you can exercise these rights by contacting us at privacy@greenhouse.io.
- Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority.
- We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Updates to Greenhouse privacy policy
Greenhouse may update its Privacy Policy from time to time in response to changing legal, technical, or business developments. When Greenhouse update its Privacy Policy, they will take appropriate measures to inform you, consistent with the significance of the changes made. Greenhouse will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.
You can see when the Greenhouse Privacy Policy was last updated by checking the “last updated” date displayed https://www.greenhouse.io/privacy-policy.