WOLT RECRUITMENT PRIVACY NOTICE

1. ABOUT THIS PRIVACY NOTICE

At Wolt Enterprises Oy and Wolt Enterprises Deutschland GmbH (“Wolt”, “we”), we take data protection seriously.

This Recruitment Privacy Notice concerns the personal data of our job applicants processed by us for recruitment purposes, as well as the personal data of any potential job applicants we may ourselves contact in regard to job opportunities at Wolt. Thus, this Recruitment Privacy Notice aims to give you information on how Wolt collects and processes recruitment related personal data and informs you on your rights when your personal information is used for Wolt’s recruitment purposes. Please note that this Recruitment Privacy Notice only applies to the processing of personal data carried out by Wolt as a data controller and only in recruitment context.

Wolt Recruitment Privacy Notice may be updated from time to time.

2. DATA CONTROLLER

In relation to the processing of personal data in recruitment context, Wolt Enterprises Deutschland GmbH and Wolt Enterprises Oy act as joint data controllers. This means that Wolt Enterprises Deutschland GmbH and Wolt Enterprises Oy jointly determine the purposes for and means by which personal data is processed. 

Contact details of Wolt: 

Wolt Enterprises Deutschland GmbH

Business ID: HRB 217122 B

Correspondence address: Große Hamburger Str. 32 10115, 3rd floor

Wolt Enterprises Oy

Business ID: 2646674-9

Correspondence address: Arkadiankatu 6, 00100 Helsinki

 Wolt has appointed a data protection officer who you can reach through the above contact details.

E-mail address: recruiting@wolt.com

3.   PERSONAL DATA COLLECTED

We may process the following information relating to job applicants:

·     Identity data such as full name, date of birth, gender, username or similar identifier;

·     Contact data such as contact details including residential address, email address, phone number or other related information;

·     Application data such as application, curriculum vitae, work history or other related information;

·     Skills and Competencies data such as educational and professional background, certificates, qualifications and skills (for example language skills), test or evaluation results and other related data;

·     Admission Test data (if conducted during the recruitment process) such as outcome and results of any test or evaluation results carried out in connection with recruitment (whether technical, written or oral) and other related data and information;

In addition, we collect any other information provided by the applicant or generated by us during recruitment process and communication with us.

We only collect and store information that is either relevant for filling in the position in question or necessary for the rights and obligations of either party in the context of establishing an employment relationship.

In certain cases, we may also engage in candidate sourcing and headhunting in order to fill certain positions (“Headhunting”). In this context we may collect and process personal data available from public sources, such as the information available on potential candidate’s LinkedIn profile or similar profile.

4.   SOURCES OF PERSONAL DATA

Primarily we receive personal data directly from you.

With your consent and when legally allowed, we may also acquire certain information from relevant authorities or public registers. Indeed, in limited situations we may collect background information such as information on credit checks and criminal convictions and offences. In such limited cases where we do process such data, we do this in accordance with applicable legislation as in force from time to time and inform you about such collection and ask for your consent when necessary.

During a recruitment process we may, with your consent, contact a reference you have provided us with, such as your former employer and/or external websites if you have referred to such websites. In this case we may get some information from such reference. 

5.   THE PURPOSE AND LEGITIMATE GROUNDS OF PROCESSING

We process your personal data in accordance with the regulations of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)).

Personal data processed under this Recruitment Privacy Notice is processed in order to carry out candidate sourcing, recruitment processes, candidate evaluation and communication. Applicant data is processed on the basis of a pre-contractual relationship at your request in order for us to assess the potential grounds for entering into an employment contract with you.

When engaging in Headhunting we process personal data based on our legitimate interests.

You are not required to provide personal data to us, but where we need the personal data for evaluating your suitability for the open position you and you fail to provide that data when requested, we may not be able to proceed the recruitment process with you.

We also store personal data under this Recruitment Privacy Notice for a certain period based on our legitimate interest for the purpose of possible litigation, claims or regulatory investigations.

6.   STORAGE PERIOD

Personal data processed under this Recruitment Privacy Notice is primarily stored for 24 months or as required in accordance with local legislation as in force from time to time.

However, with your consent we may store personal data for future recruitment purposes for a longer period. You may at any time withdraw your consent for such processing.

7.   INTERNATIONAL DATA TRANSFERS 

Personal data is primarily stored within the European Economic Area. However, in certain cases we may transfer personal data outside the European Economic Area (so-called third countries), such as the United States.

We also access data stored in third countries in certain cases.

In principle, data is only transferred to recipients in third countries if:

•    it is legally required (e.g. fiscal reporting obligations),

•    you have given your consent or

•    it is authorized through the legitimate interest in data protection and no higher interests of the data subject worthy of protection prevent the transfer. 

Beyond these points, we do not transfer personal data to entities in third countries or international organizations. It may, however, occur that we use service providers who in some circumstances may also use service providers whose headquarters, parent company or data centre may be located in a third country. A transfer of data is permissible if the European Commission has decided that an adequate level of protection exists in the third country (Art. 45 GDPR). If the European Commission has not taken such a decision, companies or service providers may only transfer personal data if appropriate safeguards are provided (standard data protection clauses approved by the European Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available. Moreover, we have contractually agreed with our service providers that guarantees regarding data protection must always exist in compliance with the European data protection level.

8.   THE RECIPIENTS OF PERSONAL DATA

We do not share personal data with third parties outside of our group companies unless one of the following circumstances apply:

For legal reasons

We may share personal data with third parties outside our organization if access to the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent or otherwise address crime and/or security issues.

To authorized service providers

We may share personal data to authorized service providers who perform services for us. Such service providers are for example our IT service providers. Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Recruitment Privacy Notice.

With your explicit consent

We may share personal data with third parties outside of our organization for other reasons than the ones mentioned before, when we have your explicit consent to do so. You have a right to withdraw such consent at any time.

9.  YOUR RIGHTS 

Right to access

You have a right to access the personal data processed by us. This means that you may contact us and we will inform what personal data we have collected and processed regarding you and the purposes such data are used for.

Please note however that Wolt may limit your access to certain information received via the whistleblowing hotline (called internally the People Team Helpline) during a critical stage of internal investigation or to the extent such request may jeopardize the anonymity of the whistleblower or other individuals involved.

The restrictions pursuant to Sec. 34 BDSG shall apply.

Right to withdraw consent

In case the processing is based on a consent granted by you, you can revoke a given consent at any time. This also applies to the revocation of declarations of consent which were provided to us before the GDPR came into force, i.e. before May 25, 2018. Please note, that the revocation of consent takes effect for the future. Data processing that has been carried out before the revocation shall not be affected.

Right to correct

You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored corrected or completed. You have the right to update for example your contact information or your other personal data.

Right to deletion

You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. Please note that during the term of employment data is processed primarily due to legal obligations and therefore we may not be able to delete it.

The restrictions pursuant to Sec. 35 BDSG shall apply.

Right to restriction of processing

You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data.

Right to object

You may have the right to object on grounds relating to your particular situation to the processing of your personal data based on our legitimate interest. We will comply with such objection unless we have a legitimate ground not to.

Right to data portability

You have the right to receive the personal data you have provided us with in a structured and commonly used format.

How to use your rights

If you want to use your rights, please contact your supervisor.

To what extend does automated decision-making exist? Does profiling take place?

We do not use automated decision-making pursuant to Art. 22 GDPR in order to establish, perform or terminate employment relationships. If we make use of such procedures in individual cases, we will inform you thereof and about your respective rights separately, provided that it is legally prescribed. We do not process your data in order to automatically evaluate personal aspects (profiling).

10.    INFORMATION SECURITY

We do our best to keep your data safe and secure. We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality and integrity.

The personal data stored under this Recruitment Privacy Notice shall only be processed on a need-to-know basis. The use of personal data is protected by appropriate user rights, passwords and rights of use.

11.    LODGING A COMPLAINT

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, you have a right to lodge a complaint with the local supervisory authority for data protection.

Competent authorities for European Union Countries are:

The Federal Commissioner for Data Protection and Freedom of Information (BfDI)

Postal address:  DerBundesbeauftragten für den Datenschutz und die Informationsfreiheit - Graurheindorfer Str. 153 - 53117 Bonn

Telephone:       +49(0)228 99 77 99-0

Fax:      +49 (0)228 99 77 99-5550

E-mail:  poststelle@bfdi.bund.de

Berliner Beauftrage für Datenschutz und die Informationsfreiheit

Friedrichstr. 219

10969 Berlin

Besuchereingang:

Puttkamerstr. 16-18

Tel.: +49 30 13889-0

Fax: +49 30 2155050

E-Mail: mailbox@datenschutz-berlin.de

 

This section is to be updated from time to time and information on relevant authority may be requested from support@wolt.com or for the EU countries checked from the European Data Protection Board.