Processing of (personal) data by the entity in charge of the online application process
Privacy policy
Privacy Policy METRO Markets Career Page
With this data protection declaration, we inform you which personal data (hereinafter also simply "data") we collect in the course of your use of our Career page on www.metro-markets.de and for what purpose the data is used. You can access this information at any time at www.metro-markets.de/privacy-policy.If you have any further questions about the processing of your personal data or individual processes, we and our data protection officer will be happy to help you using the contact details below.
Person responsible and data protection officer - Contact
The responsible party within the meaning of the General Data Protection Regulation (GDPR) is:METRO Markets GmbH
Ria-Thiele-Str. 2a
40549 Düsseldorf
Germany
(hereinafter "METRO Markets")
If you have any questions or suggestions regarding data protection, you are also welcome to contact us by e-mail at datenschutz@metro-markets.de.
You can also contact our data protection officer at the above postal address or by e-mail at: datenschutz@metro-markets.de.
Purposes, means, duration and legal basis of data processing
Data processing when calling up the website (log data)
When you access our website, your terminal device automatically transmits data for technical reasons. This data, which is listed below, is stored separately from other data that you may transmit to us in so-called log files:Retrieved URL
Information about your browser and terminal device (e.g. the operating system and browser type and version used)
Date and time of your access to the website
Referrer (i.e. information on how you came to our website)
IP address
The collection and further processing of this data is necessary for the technical provision of the Career website and its functionalities. It is used to guarantee the security of the website, to ensure the proper operation of the website and, in the event of concrete indications, to enable the prosecution of criminal offences as well as security measures or to prevent or avert other misuse of our services.The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO. Our interest lies in the secure provision of our website content.
The data is stored for these purposes for a period of 7 days.
Use of cookies and similar technologies and website tools
Cookies and similar technologies
We use so-called "cookies" and similar technologies in order to be able to offer you a comprehensive range of functions and to design the use of our websites according to your needs. "Cookies" are small files that are stored on your end device with the help of your internet browser. Similar technologies can be, for example, pixels, plug-ins, scripts, web storage or other comparable technologies for storing and reading information from the end device (hereinafter collectively referred to as "cookies").We distinguish between cookies that are absolutely necessary for the use of our websites ("Essential"), statistics cookies, with which we generate and evaluate aggregated data on website use and statistics in order to design the website in line with requirements and to optimise our business operations ("Statistics"), and marketing cookies, which enable personalised advertisements to be displayed ("Marketing"), as well as autonomous external media such as social media channels or video platforms ("External Media").
We use cookies that are absolutely necessary without your consent in accordance with Section 25 (2) No. 2 of the German Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia ("TTDSG"). Insofar as personal data is processed in connection with these cookies, the processing is carried out in order to ensure that
your cookie selection, in particular your given or non-given consent for the use of cookies, is stored correctly, Art. 6 para. 1 lit. c DSGVO in conjunction with. Art. 5 (2), Art. 7 (1) DSGVO, and
our website can be operated correctly, Art. 6 para. 1 lit. f DSGVO. This is also our legitimate interest based on this legal basis.
On the other hand, cookies that are not absolutely necessary are only used on the basis of your consent in accordance with Section 25 (1) TTDSG. If personal data is processed in connection with these cookies, this processing is also based on your consent (Art. 6 para. 1 lit. a DSGVO).If you do not wish cookies or similar technologies to be used, you can prevent cookies and similar technologies from being stored on your computer by setting your internet browser accordingly. Please note that the functionality and range of functions of our website may be limited as a result.
In addition, you can activate or deactivate cookies that are not absolutely necessary at any time in our COOKIE SETTINGS and call up detailed information on the individual cookies. We offer you the possibility there to revoke or modify your consent in this regard at any time with effect for the future.
Website tools used
Borlabs Cookie Management
In order to carry out the so-called cookie content management for consent management, we use the service of the instruction-bound service provider Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg ("Borlabs").When you access our website, a strictly necessary Borlabs cookie is stored in your browser, in which the status of the consents you have given or the revocation of these consents are each stored for a period of one year (cookie lifetime), unless you manually delete the cookie in your browser settings beforehand.
Borlabs cookie consent management is used to operate and document appropriate consent management. The legal basis for this is Art. 6 para. 1 lit. c in conjunction with 5 para. 2, Art. 7 para. 1 DSGVO, § 25 para. 2 No. 2 TTDSG.
Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to analyse the use of our website and improve our web presence. For this purpose, we use cookies of the category "Statistics", which are stored on your terminal device or which read information on your terminal device, in order to collect aggregated information about your use of our website, such as the frequency of your visit to our website, the time spent on the website, the type and manner of website interaction (e.g. the sub-pages accessed from the website accessed). This also includes data about your approximate geographic location (such as the city) and device data (such as the device model or screen resolution). The information collected by the cookies about your use of this website will be transmitted to and usually stored by Google on servers in the European Union. Your IP address will not be stored by Google.On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity (such as load times, etc.) and providing us with similar services relating to website activity and internet usage. We use this information and analysis to improve our website.
The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. However, your IP address will be shortened beforehand by Google within Member States of the European Union or in other contracting states of the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We ensure an adequate level of data protection for this data transfer by, among other things, concluding standard data protection clauses within the meaning of Art. 46 (2) lit. c DSGVO. You can request further information or a copy of these standard data protection clauses by sending an informal request to our data protection officer using the contact details above.
The IP address transmitted by your browser in connection with Google Analytics will not be merged with other Google data.
The data linked to cookies or user IDs (e.g. user ID) are automatically deleted after 14 months and only aggregated statistics are kept. The Google Analytics cookies used have a maximum lifespan of two years, unless you delete the cookies manually in your browser settings beforehand.
The legal basis for the use of Google Analytics is your consent, Art. 6 para. 1 lit. a DSGVO, § 25 para. 1 TTDSG. In addition to the processing of your personal data, this also refers to the setting and reading of cookies. Since Google provides this service for us as a so-called order processor, a separate legal basis for data processing by Google is not required.
You can withdraw your consent at any time by adjusting your COOKIE SETTINGS .
Google Tag Manager
We use the service called Google Tag Manager of the instruction-bound processor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").The Google Tag Manager is a tool that enables us to integrate marketing cookies and other technologies on our website. The Google Tag Manager itself does not store any cookies, does not create any user profiles and does not perform any independent analyses. It is only used to manage and play out the technologies integrated via it (through so-called tags). However, the Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the USA. We ensure an adequate level of data protection for this case of data transfer by concluding standard data protection clauses within the meaning of Art. 46 (2) lit. c DSGVO, among other things. You can request further information or a copy of these standard data protection clauses by sending an informal request to our data protection officer using the contact details above.
Your personal data will be stored for this purpose for a period of up to 14 months. After this period, the data is deleted and only aggregated statistics are kept.
The legal basis for the use of the Google Tag Manager is your consent, Art. 6 para. 1 lit. a DSGVO, § 25 para. 1 TTDSG. In addition to the processing of your personal data, this also refers to the setting and reading of cookies. Since Google provides this service for us as a so-called order processor, a separate legal basis for data processing by Google is not required.
You can withdraw your consent at any time by adjusting your COOKIE SETTINGS .
Application process
You can conveniently apply to us via our Career website by using the existing input masks.For this purpose we collect the following data:
First name
Last name
Telephone number
E-mail address
Curriculum vitae
Other data you provide us with, such as a covering letter or salary requirements
The purpose of collecting the data is to consider your application on a pre-contractual basis as part of the application process. The legal basis for this is Article 88 DSGVO in conjunction with Section 26 (1), (3) of the German Federal Data Protection Act (BDSG), as the data processing is necessary for the decision on the establishment of an employment relationship with you.You do not have to provide the relevant data, but your application may then not be considered or only to the extent of the data you have provided.
If an employment relationship is not established as a result of your application, your data will be stored for a period of six months after completion of the application process. Further storage may take place if this is necessary for the provision of evidence, in particular for the defence, assertion or enforcement of claims in our interest (Art. 6 para. 1 lit. f DSGVO). If an employment contract is concluded with you, we store the data for the purpose of implementing the employment relationship within the scope of the applicable storage periods.
Social media channels
General information
Below you will find information on which personal data we collect when you use our social media channels and the services and functions contained therein, and how we process this data and for what purposes.Responsible
We are partly responsible for the data processing described below and the platform operators of the respective social media channels are partly responsible. For individual processing (e.g. Instagram Insights or LinkedIn Page Insights), the respective platform operator and we are jointly responsible within the meaning of Art. 26 DSGVO. We inform you about the processing of your data under joint responsibility in a separate section (see below).Comprehensive social media channels
LinkedIn: https://www.linkedin.com/company/metro-markets-gmbh/?originalSubdomain=de
LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"). You can find LinkedIn's privacy policy here: https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. In it you will also find information on the settings options for your LinkedIn profile.
Instagram: https://www.instagram.com/metromarketsgmbh/?hl=de
Instagram is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). The Instagram privacy policy can be found at: https://www.facebook.com/help/instagram/155833707900388. It also contains information on the settings options for your Instagram account.
Xing: https://www.xing.com/pages/metromarketsgmbh
Xing is operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany ("Xing"). You can find Xing's privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung. In it, you will also find information on the settings options for your Xing profile.
Information regarding the processing of personal data by METRO Markets
Contact / Enquiries
When you contact us, we use your name and other data you provide in the enquiry or on your social media profile to process and respond to your enquiry. In individual cases, we share your content on our social media channel if this is a function of the social media channel and communicate via it. Where you submit an enquiry to us via the social media channel, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You can, of course, send your enquiries to our contact options above at any time.We collect and further process this data in order to process your request either for the fulfilment or initiation of a contract, Art. 6 para. 1 lit. b DSGVO, or on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO, in order to offer visitors to our social media channels a comprehensive service and in particular to process their requests.
We store the data in connection with your enquiries for 6 years or 10 years, respectively, beginning with the end of the year in which we received your enquiries, provided that this is required pursuant to Art. 6 (1) lit. c DSGVO, § 257 (1), (4) HGB or § 147 (1), (3) and (4) AO. Otherwise, we store the aforementioned data for a period of three years, beginning with the end of the year in which the request was made. Your requests will then be deleted if we no longer need you for legal reasons, in particular to enforce, secure or defend against claims. All public posts by you remain in the timeline indefinitely unless we delete them, for example, due to an update of the underlying topic or a legal violation, or you delete the post again yourself.
Community functions
On our social media channels, we offer you various community functions (e.g. posting wall contributions, leaving comments or liking or sharing contributions). Please note that our social media channels are publicly accessible and any personal information you post may be viewed by other users of our social media channels. We are unable to control how other users of our social media channels use this information. The data entered within the scope of the community functions are collected by us for the intended provision of the community functions. The relevant data processing is regularly carried out on the basis of our legitimate interest in making the corresponding functions available on our social media pages (Art. 6 para. 1 lit. f DSGVO) and, if applicable, on the basis of your consent vis-à-vis the operator of the respective social media channel (Art. 6 para. 1 lit. a DSGVO) or your contractual relationship with the operator (Art. 6 para. 1 lit. b DSGVO). Content posted in community areas can be stored for an unlimited period of time. If at any time you wish to have posted content removed, please send us a corresponding message - e.g. by e-mail - to the e-mail address given above.Event invitations
Events are occasionally announced on our social media channels which may require registration. When registering online for such events, the following data may be collected: Name, address, email address and/or telephone number(s). This data is required to process event registrations, to manage events and to collect customer information. The legal basis for this processing is based on Art. 6 para. 1 lit. b DSGVO. In the event that a declaration of consent is submitted as part of the registration process, the processing is based on Art. 6 para. 1 lit. a DSGVO. The collected data will be deleted after the conclusion of the event, provided that there are no legal retention obligations to the contrary.Recipients and transmitters of data to third countries
If you use our respective social media channel, the recipient of the data is initially the respective social media operator, who may pass the data on to third parties for their own purposes and under their own responsibility. In particular, the respective operator may also transfer personal data to other companies of the social media operators (e.g. Facebook or LinkedIn companies). We would like to point out that in this data processing by the platform operators, personal data of the users may be processed outside the European Union (EU) or the European Economic Area (EEA). If there is no EU Commission adequacy decision for the respective countries, the social media operators use the EU standard contractual clauses approved by the EU Commission. For details, please refer to the privacy policy of the respective platform operator.Information regarding the processing of personal data by the platform operator
In addition to the data processing described above, the respective social media operators collect and process personal data from you in their own responsibility under data protection law when you visit our social media channels and/or interact with them or our posts. This applies in particular if you are registered or logged in to the relevant network. Even if you are not logged in to a network, the operators collect certain personal data when you access the page, such as unique identifiers that are linked to your browser or your device. Please note that this data may be aggregated across different platforms and services if they are operated by the same operator. METRO Markets has no control over the nature and extent of the data processed by the relevant platform operator, the way in which it is processed and used, or the disclosure of this data to third parties. We also have no effective means of control in this respect. For questions regarding the processing of your data in the context of the use of your user profile, please contact the platform operator. You can find more detailed information on data processing by platform operators in the privacy policy of the respective platform operator (see above).Shared responsibility, Art. 26 GDPR
For the web tracking methods used by the respective platform operator on our social media channels, the platform operators and we act as joint responsible parties. This applies to Instagram Insights and LinkedIn Page Insights. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. We can hardly influence the web tracking methods of the social media platform and in particular cannot switch them off. We ourselves only receive anonymised statistics. We have no access to personal data processed by the platform operator. The legal basis for the web tracking methods is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest here results from the goal of optimising our social media channel. The options for exercising your rights to prevent these web tracking methods can be found in the privacy statements of the platform operators listed above. With Facebook (for Instagram: HTTPS://M.FACEBOOK.COM/LEGAL/TERMS/PAGE_CONTROLLER_ADDENDUM) and LinkedIn (HTTPS://LEGAL.LINKEDIN.COM/PAGES-JOINT-CONTROLLER-ADDENDUM), we have concluded an agreement on joint data protection responsibility for this purpose. In this agreement, Facebook and LinkedIn undertake, among other things, to assume primary responsibility under the GDPR for the processing of Insights and to fulfil all obligations under the GDPR with regard to the processing of Insights.Disclosure of your personal data
In principle, your personal data will only be passed on without your prior consent in the following cases:If it is necessary for the implementation of the (prospective) employment relationship with you or as part of the application process (Art. 88 DSGVO in conjunction with. § Section 26 (1), (3) BDSG; e.g. by passing on the data to forwarding/logistics companies, to service providers, (see below) or to group companies).
Insofar as it is necessary for the clarification of an illegal use of our services or for criminal prosecution, personal data will be passed on to the authorities, auditors/lawyers and, if necessary, to injured third parties. However, this only happens if there are concrete indications of unlawful or otherwise abusive behaviour. We may also disclose information if this serves to enforce terms of use or other agreements. In addition, we are required by law to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offences with fines and the tax authorities.
This data is passed on due to our legitimate interest in combating abuse, criminal prosecution and securing and enforcing claims, Art. 6 para. 1 lit. f DSGVO or due to a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO in conjunction with. §§ Sections 160, 161, 161a, 163 Code of Criminal Procedure (StPO).
In order to provide our services, we sometimes rely on external service providers ("processors") bound by instructions. In such cases, we share personal data with these processors so that they can process it on our behalf. These processors are carefully selected and regularly reviewed by us to ensure that your rights and freedoms are protected. The processors may only use the data for the purposes we specify and are also contractually bound by us to treat your data only in accordance with our privacy statements and applicable data protection laws.
Without prejudice to any other disclosures in this Privacy Policy, we use processors from the following categories:
Server hosters and cloud providers;
EDI provider;
Customer service provider;
Email provider;
Software service provider;
Fulfilment Provider.
Service provider for personnel management
In the course of the further development of our business, the structure of METRO Markets GmbH may change by changing its legal form or by founding, buying or selling subsidiaries, parts of companies or components. In such transactions, your personal data may be transferred together with the part of the company to be transferred. Whenever personal data is transferred to third parties to the extent described above, we will ensure that this is done in accordance with our privacy policy and the relevant data protection laws.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as required, Art. 6 para. 1 lit. f DSGVO.
If you would like to receive information about the specific recipients (e.g. public bodies or service providers bound by instructions) to whom we have forwarded your specific personal data, we are available to you at any time at the above postal address or at datenschutz@metro-markets.de.Third country transfer
Your personal data will generally be processed within the EU and the European Economic Area ("EEA").A transfer to so-called third countries, i.e. countries outside the EU/EEA, or to recipients in these third countries only takes place in principle if either
the third country has an adequacy decision from the EU Commission pursuant to Art. 45 GDPR.
we can rely on other appropriate safeguards pursuant to Art. 46 GDPR. As a rule, we make use of the standard contractual clauses approved by the EU Commission pursuant to Art. 46 (2) (c) of the GDPR. You can request a corresponding copy of these standard contractual clauses as well as information on the supplementary measures we have taken - where necessary - to ensure an adequate level of data protection using the contact details provided in section 1.
an exceptional circumstance of Art. 49 (1) DSGVO exists; in particular, if the transfer is necessary for the implementation of pre-contractual measures, for the conclusion or performance of a contract (Art. 49 (1) lit. b and c DSGVO) or for the assertion, exercise or defence of legal claims (Art. 49 (1) lit. e DSGVO), or if you have consented to the transfer (Art. 49 (1) lit. a DSGVO).
Automated individual decision-making including profiling
We do not use any automated processing processes to bring about a decision, including profiling within the meaning of Art. 22 DSGVO.Your rights as a data subject (data subject rights)
As a data subject of the processing of personal data, you have a right of access to the data processed concerning you (Art. 15 GDPR), a right to rectification of your personal data (Art. 16 GDPR), a right to erasure of your personal data (Art. 17 GDPR), a right to restrict the processing of your personal data (Art. 18 GDPR), as well as a right to the portability of your personal data (Art. 20 GDPR).In addition, you have the right to object to the processing in cases where the data processing is based on Art. 6 para. 1 lit. e or lit. f DSGVO or is carried out for the purpose of direct advertising.
In the case of consent, you have the right to revoke your consent at any time, Art. 7 para. 3 p. 1 DSGVO.
One of the ways you can exercise your rights is by sending a message to datenschutz@metro-markets.de or by contacting the other contact details mentioned in section 1.
You also have the right to contact a supervisory authority of your choice in the event of complaints. The supervisory authority responsible for us in North Rhine-Westphalia is:
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
Kavalleriestrasse 2
440213 Düsseldorf
Germany
E-mail: poststelle@ldi.nrw.de
A list of the supervisory authorities of other German federal states can be found here: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html;jsessionid=094F80B52BD50210279565549BA0DAB0.intranet222A list of all other European data protection authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_de
Data processing when exercising your data subject rights
We would like to point out that we will not use the data collected when exercising your data protection rights (see para. 6) as well as your personal data stored by us, if any, for the purpose of fulfilling your asserted rights and to be able to provide evidence thereof, as well as, if necessary, for the defence of our legal positions. Further processing of this data for other purposes does not take place.In this context, we store your data for three years from the complete fulfilment of your data subject rights.
The processing for the purpose of implementing your data subject rights and the proof of legally compliant implementation is based on the legal basis of Art. 6 para. 1 lit. c DSGVO in conjunction with Art. 5 para. 2 p. 1. Art. 5 para. 2, Art. 7 para. 3 p. 1, Art. 15 to 22 DSGVO and § 34 para. 2 BDSG. Insofar as we process the personal data for the purpose of legal defence, this is also our legitimate interest, Art. 6 para. 1 lit. f DSGVO.
You are neither contractually nor legally obliged to provide your personal data, however, we may refuse to fulfil your request to exercise your data subject rights pursuant to Art. 12 (2) sentence 2 DSGVO if you do not provide us with the data required for your clear identification, if necessary after a request.
Deletion of your data
Unless otherwise stated in this Privacy Policy, we will delete or anonymise your personal data as soon as it is no longer necessary for the purposes for which we collected it in accordance with this Privacy Policy.We also store or use your data if we are legally obliged to do so, e.g. because we are subject to statutory retention periods.
The legal basis for this is Art. 6 para. 1 lit. c DSGVO in conjunction with the respective legal obligation. This applies in particular to business and commercial letters as well as documents relevant under tax law, which we retain in accordance with Section 257 (1), (4) HGB or Section 147 (1), (3) and (4) AO for 6 or 10 years (depending on the type of document), starting at the end of the year in which the business letter was sent or received or the documents were created.
If data must be retained for legal reasons, processing is restricted. The data is then no longer available for further use.
It should be noted that the final deletion of personal data only takes place when our backup copies are deleted after 30 days.
Updating this privacy policy
The current version of this privacy policy is available at any time at https://www.metro-markets.de/privacy-policy/.Status: 20 April 2023