We appreciate your interest in us and we know that data protection is important to you. Your personal data will certainly be treated and processed confidentially and in compliance with the principles of data protection law.
Below we inform you about the processing of your personal data in the context of your application and participation in the application procedure.
1. Controller and data protection officer
The RWE Group uses a central applicant management system. In this respect, the Company,
RWE Platz 1
T +49 (0) 201 5179 0
along with the other Group companies affiliated pursuant to §§ 15 et seq. (German) Stock Corporation Act are jointly responsible for the processing of your personal data.
We determine the purposes and means of processing personal data in relation to the joint processes for the electronic applicant management system together with the respective Group companies.
In an agreement on joint controllership pursuant to Article 26 of the European Data Protection Regulation (GDPR), we have defined with the relevant Group companies how the respective tasks and responsibilities for the processing of personal data are structured and thus which company fulfils which obligations under data protection law. In particular, it has been determined how an appropriate level of security and your data subject rights can be ensured, how we jointly fulfil the information obligations under data protection law and how we monitor potential data protection incidents. This also includes ensuring that we can fulfil our notification and communication obligations.
As the central point of contact in relation to the electronic applicant management system (e. g. for questions regarding the administration of your applicant account, exercising your rights as a data subject in connection with the use of the applicant management system), you can contact
RWE Power Aktiengesellschaft
RWE Platz 2
T +49 (0) 201 5179 0
You can also assert your rights in relation to the processing activities under joint controllership against another jointly responsible group company. If you contact us, we will coordinate with the relevant Group companies in accordance with the agreement referred to in Article 26 GDPR in order to respond to your request and ensure your data protection rights.
If you submit your application using the electronic applicant management system, the content of your application will only be available to the company you have specifically applied to (- unless you have expressly consented to the disclosure of the application documents to other Group companies -). In this respect, this company is available to you as a point of contact and is therefore the sole controller.
You can reach our data protection officer at:
Data Protection Officer
RWE Platz 6
2. Application procedure with candidates account
In the applicant account, you have the option of setting up an candidates profile and submitting personal data and application documents electronically. Corresponding mandatory fields are marked in the online questionnaire.
The following categories of data are processed in connection with the application:
- Applicant master data (first name, last name, address, contact details, job position)
- Qualification data (cover letter, CV, previous activities, professional qualification)
- (Work) references and certificates (performance data, assessment data, etc.)
- Login data (e-mail address, password)
- Audio and video recordings (e. g. in the case of hybrid or virtual application procedures)
- Bank details for reimbursement of travel expenses
- Voluntary information, such as details of health restrictions or other information that you voluntarily provide to us in your application.
We do not ask you to provide special categories of personal data (i. e. information on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual orientation) as part of your application data, unless this is required by law in individual cases (see also point 2.2.5.).
2.1 What are the sources of the data?
We process personal data that we receive from you as part of the contact or application process or that you provide to us via a headhunter or platform provider.
Finally, we receive personal data about you that is published on business or employment-related social networks or websites, such as LinkedIn and XING. For the avoidance of doubt, we do not process data contained in social networks or websites that do not have a business or employment context, such as Facebook.
2.2 What do we process your data for (purpose of processing) and on what legal basis?
2.2.1 Data processing for the purpose of the application procedure
Personal data of applicants are processed for the purpose of the application procedure if this is necessary for the decision on the establishment of an employment relationship with us.
The necessity and the scope of the data collection are assessed according to the position to be filled. If your desired position involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, or is linked to certain physical and health requirements, then more extensive data collection may be necessary. In order to ensure data protection, such data processing will only take place after the selection of applicants has been completed and immediately prior to your recruitment.
The legal basis in these cases and for the applicant account is the fulfilment of the contract or the implementation of pre-contractual measures that take place upon your request.
2.2.2 Data processing based on your consent
If you have granted us your voluntary consent to the collection, processing or transmission of certain personal data, then this consent forms the legal basis for the processing of this data. We process your personal data on the basis of your consent in the following cases, among others:
- Admission to the applicant pool, i. e. we store the application documents beyond the current application procedure for consideration in subsequent application procedures,
- Transfer of your data from business or employment-related platforms, e. g. LinkedIn or XING
- Disclosure of the candidates account or forwarding of the application documents to other Group companies (in the region or worldwide, according to your request),
- Sending information and news about jobs and vacancies.
2.2.3 Data processing based on the legitimate interest
In certain cases we process your data for the purposes of the legitimate interests pursued by the controller or by a third party:
- for the assertion, exercise or defense of legal claims. Our legitimate interest is to pursue or defend our legal interests.
- For data reconciliation with (financial) sanctions lists for compliance with the provision ban:
The European Union (EU) has taken specific measures to enforce personal and country-specific embargoes against certain individuals, organizations, groups and entities through various regulations and decisions. In particular, Regulations (EC) 2580/2001, (EC) 881/2002 and (EU) 753/2011 standardize the so-called provision ban. According to these regulations, individuals, organizations, groups and entities listed on the EU's consolidated sanctions list must not be provided, directly or indirectly, with financial and/or economic resources and/or technical assistance. Therefore, an initial and regular comparison with the EU's consolidated sanctions list must be carried out ("sanctions screening"). The legal basis in these cases is the explicitly stated legitimate interest of the controller or third parties.
2.2.4 Data processing for compliance with legal obligations
As a company, we are subject to various legal obligations. In order to fulfil these obligations, it may be necessary to process personal data. Such obligations may arise, for example, from commercial, tax, money laundering and financial law, but also from labor law and social security and social protection law. The corresponding purposes of the processing follow the respective legal obligation.
2.2.5 Processing of special categories of personal data
In certain cases, we are obliged to collect special categories of personal data about you, such as the degree of any disability you may have, as part of the application process for reasons of employment or social law.
The legal basis in these cases is the fulfilment of a legal obligation.
2.3 Who will your data be passed on to?
Your data will be processed primarily by our recruiters and departments that fill your position. In some cases, other internal bodies (e. g. the works council, representatives of the severely disabled, etc.) are also responsible for a recruitment process and are involved in the processing of your data.
Subject to your consent, your data may be passed on to other Group companies in the region or worldwide who are looking to fill vacancies that may be of interest to you.
In addition, we use external service providers who also receive personal data as part of the performance of their duties. In these cases, we ensure that the processing of your personal data is carried out in accordance with the provisions of the relevant data protection laws.
These include, among others:
- Providers of applicant management systems
- Personnel consultancy firms
- IT service providers (e. g. for maintenance and/or hosting)
- Service providers for file and data destruction
- Service providers for travel expense accounting
- Financial institutions
- Public bodies: authorities and state institutions, such as tax authorities, public prosecutors or courts, to which we (have to) transfer personal data, e. g. to fulfil legal obligations or to protect legitimate interests.
If you have any further questions about the individual recipients, please use the contact details listed under point 1.
2.4 Is your data transferred to countries outside the European Union (so-called “third countries”)?
Some RWE Group companies are located outside the European Union and the European Economic Area ("third countries"). We also use carefully selected service providers based in third countries to process your data. In these cases, a third-country transfer of your personal data takes place. Such transfers will always be in accordance with Chapter V of the GDPR or the respective national data protection laws. In the absence of an adequacy decision by the European Commission pursuant to Art. 45 GDPR, adequate safeguards are provided to ensure an adequate level of data protection. As a standard practice, we enter into contracts with data recipients that contain standard data protection clauses, also referred to as "standard contractual clauses", to the extent that personal data is transferred outside the EEA.
You have the possibility to request further information as well as to receive copies of corresponding agreements at any time. You can reach us at the contact details mentioned under point 1.
2.5 How long will your data be stored?
We store your personal data, if a legal permitted to do so, only for as long as this is necessary to achieve the purposes pursued. If an employment relationship arises between you and us, we may further process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representation resulting from a law, a collective agreement or a works agreement.
3. Provision of the website and log files
In the following, you will learn how we process your personal data in connection with the provision of the website and the creation of log files if you use our website.
3.1 Which of your personal data do we use?
Each time you access our website, our system automatically collects data and information from the operating system of the accessing device. In addition to non-personal data (e. g. the domain name of the website which you came from; the websites from our offering you have visited; the names of the files accessed; the date and time of an access; the name of your internet service provider; as well as, if applicable, the operating system and browser version of your device; host name of the accessing device; language settings), your IP address is processed in the process.
3.2 What are the sources of the data?
The data is collected from you by being automatically transmitted from your device to our system.
3.3 What do we process your data for (purpose of processing) and on what legal basis?
The data is initially collected to be able to provide the website in technical terms. In this case the legal basis is our legitimate interest. In addition, we store the data - in pseudonymized form in log files - for security purposes, in particular to detect and counteract attacks on our website, for statistical purposes and to optimize our internet presence. In these cases, the processing is based on our legitimate interest to ensure the purposes stated above.
3.4 Who will your data be passed on to?
In certain cases, the data may be passed on to other Group companies. In addition, we use external service providers who also receive personal data in certain cases as part of the performance of their duties. In these cases, we ensure that your personal data is processed in accordance with the provisions of the GDPR and the German Federal Data Protection Act or the respective national data protection laws. As a matter of principle, your data will not be passed on to other third parties unless we are obliged to do so due to legal or official orders.
3.5 How long will your data be stored?
We typically store the data for a period of 30 days, or in some cases it may be necessary to store for a longer period to achieve the purposes pursued, if legally permitted to do so.
4. Web analysis and web optimization through cookies
The information stored via cookies fulfils various functions.
We categorize them as follows:
- Required cookies
4.1 Which of your personal data do we use?
Depending on the cookie used, we collect different personal data.
We use the following session cookies, all of which are necessary for the website to function:
- "route" is used for session stickiness,
- "careerSiteCompanyId" is used to send the request to the correct data centre,
- "JSESSIONID" is placed on the visitor's device during the session so that the server can identify the visitor,
- "Load balancer cookie" (actual cookie name may differ) prevents a visitor from jumping from one instance to another.
4.2 What are the sources of the data?
All data that we collect in form of cookies comes from you.
4.3 What do we process your data for (purpose of processing) and on what legal basis?
The data collected from you in this way is pseudonymized by technical precautions and not stored together with other personal data from you. In this way, we can no longer assign the data to you personally.
4.4 Who will your data be passed on to?
In certain cases, the data may be passed on to other Group companies. In addition, in certain cases, third-party companies that offer the respective cookie also receive your data as part of the processing on our behalf.
4.5 How long will your data be stored?
5. Automated decision-making, including profiling
In the context of the application procedure and use of the website, neither automated individual decision-making nor profiling measures within the meaning of Art. 22 GDPR take place.
6. What data protection rights do you have?
Regardless of your legal rights, you have the possibility to amend, delete or add to your data in the applicant management system at any time.
In addition, you have the following rights:
a) Right of access
You may request confirmation from the controller as to whether personal data concerning you is being processed by the controller.
b) Right to rectification
You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
c) Right to erasur
You may request the controller to delete the personal data concerning you without undue delay and the controller is obliged to delete such data without undue delay, unless an exception provided by law applies.
d) Right to restriction of processing
Under the conditions regulated by law, you may request the restriction of the processing of personal data concerning you.
e) Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller and the processing of which is based on consent or on a contract with you, in a structured, commonly used and machine-readable format. You also have the right, under the conditions stipulated by law, to have your personal data transmitted to another controller without hindrance from the controller to whom the personal data was provided.
f) Right to withdraw the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. All personal data stored on the basis of the consent given in each case will be deleted in this case, unless there is another legal basis for further storage according to the law.