Privacy Policy – Applications

1. Data Controller

1.1. The following companies are potentially Data Controllers for purposes of applications within the SES Group:

  • SES Spar European Shopping Centers GmbH
  • SES Center Management GmbH
  • EUROPARK Entwicklungs- und Betriebsgesellschaft m.b.H.
  • Forum Salzburg Verwaltungsgesellschaft m.b.H.
  • VARENA Betriebsgesellschaft m.b.H.
  • ZIMBAPARK Shopping Center GmbH
  • Liga Handelsgesellschaft m.b.H. & Co KG
  • max. center wels GmbH
  • MURPARK Shopping Center GmbH
  • SES Center Management d.o.o.
  • EUROPARK d.o.o.
  • SES Hrvatska d.o.o.
  • EUROPARK Management s.r.o.
  • SES Italy s.r.l.
  • SES Magyarország Kft.
  • ASPIAG SERVICE s.r.l.

1.2. Please refer to the relevant job advert or job offer to ascertain the relevant Data Controller and its contact details.

2. Purposes of the data processing

2.1. The Data Controller collects, stores and processes

  • your personal data which you provided during the course of the entire application process (e.g. cover letter, CV, certificates, correspondence),
  • data relating to your qualifications and activities from generally accessible data sources (in particular: from professional social networks) which the Data Controller has permissibly collected during the application process,
  • data arising in connection with applicant management and
  • communications with applicants and related appointment and interview management.

2.2. The data will be processed for purposes of dealing with your application for the position you have applied for. No automated decisions will be made (e.g. automatically generated rankings of various applicants).

3. Legal basis

3.1. The collection and processing of applicant data is based on the pre-contractual relationship with you (Art. 6 (1) (b) GDPR). Please note that we can only process your application if the necessary data are furnished to us.

3.2. If you have consented to the further processing of your personal data (for holding on file, for providing information on events), we will also process your data on the basis of that consent (Art. 6 (1) (a) GDPR). Applicants are entitled to withdraw their consent at any time (see sec. 4 below).

4. Duration of data storage

4.1. Your data will be erased no later than 8 months after the position is filled or your application has been received. If you have agreed that your application may be kept on file for other suitable positions, the Data Controller will keep your personal data until you withdraw consent, but for a maximum period of 28 months.

4.2. In addition, the Data Controller may, in individual cases, retrain your personal data for documentation purposes for so long as legal claims may be asserted in connection with your application.

4.3. In addition, we sometimes use service providers, so-called processors, for data processing. We use the following processors:

  • SPAR Business Services GmbH, Europastrasse 3, 5015 Salzburg

5. Rights of Users/Data Subjects

5.1. The GDPR grants certain rights to applicants, as Data Subjects, to which we refer below. These rights are complementary, such that a User may, for example, only demand either correction/completion of his or her data or its erasure.
Withdrawal of consent

5.2. If the Data Controller saves and processes your personal data based on your consent in order to keep your application on file, you are entitled to withdraw your consent at any time. However, this does not affect the legality of the processing carried out up to the time of your withdrawal of consent. Withdrawal of consent has the consequence that the Data Controller is no longer allowed to process the data in question for the purposes stated in the declaration of consent as of the date notice of withdrawal of consent is received. Such data will not be kept on file for future job vacancies.
Right of information, correction and erasure

5.3. Data Subjects have the right to (i) obtain confirmation from a Data Controller as to whether or not personal data concerning them are being processed and, if so, to be informed thereof, (ii) request that incorrect personal data concerning them be corrected, (iii) under certain circumstances, they may demand that personal data concerning them be erased.
Right to limit processing

5.4. Data Subjects are also entitled to ask the Controller to restrict processing if (i) they dispute the accuracy of the data concerning them, for a period of time sufficient to enable the Data Controller to verify its accuracy, (ii) the processing is unlawful and they decline to have it erased and request instead that it be restricted, (iii) the Data Controller no longer needs the personal data for purposes of data processing, but they do require the data for the assertion, exercise or defence of legal claims, or (iv) they have objected to the data processing and a decision is pending as to the underlying issues.
Right of objection

5.5. Furthermore, Data Subjects have the right to object to the processing of their personal data. In the event of such objection, the Data Controller will not carry out any further processing of the data unless (i) it is able to demonstrate compelling reasons for processing that merit protection and which outweigh the interests, rights and freedoms of the Data Subject or (ii) the processing serves to facilitate the assertion, exercise or defence of legal claims.
Right to data portability

5.6. Applicants may receive the personal data we process about them in a machine-readable format determined by us or may instruct us to transmit those data directly to a third party of their choice, provided that the recipient makes this technically possible for us and the data transmission is not hindered by unreasonable effort or by legal obligations or other duties of secrecy or confidentiality on our part or on the part of third parties.
Right of complaint

5.7. To exercise these rights, please contact the Data Controller in writing (by letter or e-mail). Of course, the Data Controller is also available at any time for other enquiries regarding the use and security of your data. If you are of the opinion that the Data Controller is using your data in an unauthorised manner, you may also lodge a complaint with the Austrian Data Protection Authority.

6. Contact

6.1. The contact details for purposes of contacting the Data Controller may be found in the relevant job advertisement or job offer.

Most recently updated in March 2021