Data privacy information for the Rheinmetall Group recruiting process (Austria)
Privacy information for applicants
I. Controller
The electronic applicant management system is operated by Rheinmetall AG as a central recruiting service for handling the recruiting and application process also for other Rheinmetall Group companies.
The Rheinmetall Group company specified in the respective job advertisement is the Controller for that job advertisement and the processing of personal data in the respective application process.
Contact details of Rheinmetall AG:
Rheinmetall AG
Rheinmetall Platz 1
40476 Düsseldorf, Germany
Datenschutz-im-bewerbungsprozess@rheinmetall.com
Contact details of the responsible Rheinmetall Group company:
see job advertisement
For jobs of
Rheinmetall MAN Military Vehicles Austria GesmbH
Brunner Street 44-50
1230 Vienna, Austria
II. Contact details of the Data Protection Officer
You can reach the Rheinmetall Group Data Protection Officer by email at
DSB-RhAG@rheinmetall.com or by postal mail
Rheinmetall AG
Group Data Protection Officer
Rheinmetall Platz 1
40476 Düsseldorf, Germany
The contact details of any Data Protection Officers of other Rheinmetall Group companies can be found here: https://www.rheinmetall.com/en/meta/navigations/footer/data-protection-officers
III. Personal data
As part of your job application, it is required that you provide at least the following information:
- First name
- Last name
- E-mail address
- Phone number
- Address
- Cover letter
- Resume
In the further course of the application process, you may provide additional information relevant to your application in order to supplement your application documents (e.g. by providing transcripts of records, certificates or additional information).
Special categories of personal data (information on racial and ethnic origin, political opinions, religious and ideological beliefs, trade union membership, health or sexual orientation, genetic and biometric data) are not requested or collected by Rheinmetall (with the exception of voluntary information on any severe disability). Accordingly, we ask you not to provide any information regarding the abovementioned topics as part of your application.
If special information is required due to the nature of the position/job, such as:
- Criminal record certificate
- Aptitude tests (e.g. for top management)
- Medical suitability examination (suitable, not suitable, conditionally/restrictedly suitable)
- Security screening in accordance with the Austrian Military Authorization Act (MBG),
we will inform you separately in the application or hiring process and collect this data.
In the case of applications for apprenticeships and dual study positions, an online aptitude test might be required. You will also be informed separately about this during the application process.
The provision of personal data is not required by law or contract, nor are you otherwise obligated to provide the personal data. However, the provision of personal data is necessary for the implementation of the application process. This means that if you do not provide us with the required personal data when applying, we will not be able to carry out the application process.
IV. Data sources
In principle, we receive the data directly from you as part of the application process.
Should you be further considered in the application process, we will need to run a check against official sanctions and terror lists (see Section V. for more information).
In addition, for selected positions, we will check and validate your details and the information you provided. You will be separately informed of this during the application process. For this purpose, we may, if necessary, check your information by making inquiries with the employers you have mentioned, by querying databases/credit agencies (e.g. Dun & Bradstreet, Thomson Reuters WorldCheck), and by conducting searches on Google, XING, LinkedIn and other social media platforms. For more information, please refer to Section X. Pre Employment Screening (PES).
V. Purposes and legal basis of the data processing
All personal data provided by you on the application platform or in the application process (including the data resulting from all attachments you have enclosed) will be processed by Rheinmetall AG and the Rheinmetall Group company responsible for the respective job advertisement exclusively for the purpose of carrying out the application procedure and for the purposes specified in this data privacy information.
Rheinmetall processes your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Law (DSG) as well as with all other applicable laws.
Personal data of applicants may be processed for purposes of the application process if this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Art. 6 (1) lit. b GDPR.
The necessity and scope of the data collection is determined, among other things, based on the position to be filled. If the position you are applying to is associated in particular with the performance of particularly confidential tasks or increased personnel and/or financial responsibility, or is linked to certain physical and health requirements, more extensive data collection may be necessary. These special data collections or procedures (e.g., aptitude test, criminal record certificate, pre-employment screening) usually take place only at the end of the application process or immediately before you are hired, and are accompanied by separate information.
In certain cases, we also process your data to protect legitimate interests of us or third parties, in particular:
- For the defense against legal claims under the Austrian Equal Treatment Act (GIBG). In this context, we have a legitimate interest in processing your data for evidence purposes.
- In the case of selected positions, we are required to check the applicants and their details for reasons of due diligence. In these cases, a so-called pre-employment screening is carried out (for more details, see Section X). If this is required for your position, we will inform you separately in advance.
- Passing on your data to other Rheinmetall Group companies insofar as this is necessary for carrying out the application process.
The legal basis here results from Art. 6 (1) lit. f GDPR.
In addition, we are required by law to perform certain data processing activities, in particular:
- Data comparison (screenings) with official sanctions and anti-terror lists (e.g. in accordance with EU Regulations No. 2580/2001 and 881/2002): As a company, we are required by European and national regulations to perform certain screenings. Persons and organizations listed on those lists may not be provided with funds (prohibition of provision). For this reason, we are obliged to compare the names of our applicants with the official sanction and terror lists.
The legal basis here results from Art. 6 (1) lit. c GDPR.
In certain cases, we also process your data on the basis of your voluntary consent. In this case, your consent pursuant to Art. 6 (1) lit. a GDPR forms the legal basis for the respective data processing.
We carry out data processing based on your consent in particular for:
- Voluntary inclusion in the applicant pool ("Talent Pool"), i.e. we store your application documents beyond the current application process in order to consider you for further or subsequent positions (for more details, see Section IX.)
- Satisfaction survey in connection with the application process (for more details, see Section XI.).
If - contrary to our request - you have disclosed special categories of personal data to us, the collection and storage is based on Art. 9 (2) lit. e GDPR. Further processing by us will not take place.
VI. Recipients of the personal data
Your application documents and personal data are accessible to the respectively responsible recruiters and HR managers within the Rheinmetall Group and - where necessary - are made available to selected managers or other responsible persons. These may also include executives of other Group companies within the scope of technical supervision. Technical supervision means that specific topics are bundled together across the Group under a single management. It is therefore possible that, depending on the position advertised, you will be employed by one company but your manager/superior will work for another Group company.
The electronic applicant management system is operated as "software as a service" by an IT service provider, which means that the latter could also gain access to the system and thus potentially to your data in the course of maintenance and service activities. Appropriate data protection and confidentiality agreements have been concluded with the service provider.
VII. Data transfer outside the European Union
In general, your personal data is processed within the EU in companies of the Rheinmetall Group.
The applicant management system is operated for Rheinmetall as part of a commissioned data processing in accordance with Art. 28 GDPR. Since this system is used worldwide for Rheinmetall as an internationally active group, it is hosted by our IT service provider (processor) at Amazon Web Services EMEA SARL, Luxembourg (AWS Europe) with server locations within the EU. The applicant management system stores and transmits data in encrypted form throughout. To ensure an appropriate level of data protection, the service provider has additionally concluded EU standard data protection clauses with AWS in accordance with Article 46 (2) lit. c GDPR.
Insofar as the advertised position relates to employment in a Group company outside the European Union or the European Economic Area ("EEA") or your technical supervisor works outside of the EEA, your personal data will also be transferred to this Group company. To protect your data, we take special measures to ensure that your personal data is processed by us in the third countries as securely as within the European Union.
VIII. Retention period
We store your personal data for as long as is necessary for the decision on your application. If an employment relationship between you and Rheinmetall does not materialize, we will store your data for another eight months in order to consider you again for the advertised position, and additionally because it is necessary, among other things, to defend ourselves against possible legal claims.
The deadline begins with the completion of the individual application process (rejection, application withdrawal or hiring). This period applies to each of your applications. If an employment relationship is established, your application documents will be transferred in full or in part to your personnel records (you will be informed separately about this data processing when you are hired).
In the event of voluntary inclusion in the Talent Pool (see Section IX.) and the associated storage of your personal data, the data will be deleted in accordance with the aforementioned principles, but with the provision that we will generally request an update of your consent to remain in the Talent Pool from you 30 days before the eight-month period expires. If you do not respond to this request or do not update your consent, we will remove you from the Talent Pool and delete your personal data and your applicant profile.
IX. Inclusion in the Talent Pool
As part of the application process, we will check whether we can offer you an inclusion in our Talent Pool. This is a database in which your applicant data is stored in order to be able to consider you directly in the future for suitable vacancies. At the beginning of your application, you may voluntarily consent to inclusion in the Talent Pool (legal basis: Art. 6 (1) lit. a GDPR). For more information on the storage of your data, please refer to Section VIII.
X. Pre Employment Screening (PES)
Due to our corporate due diligence obligations, we conduct a so-called Pre Employment Screening (PES) for selected positions that we consider to be associated with a higher risk. Currently, a PES is performed in particular for the following positions:
- Board members
- Supervisory Board members
- Managing Director
- Management Board members
- Management personnel from main department manager level upwards as well as department manager level in the areas of sales, purchasing, research & development and finance
- Positions in security-relevant areas such as corporate security, compliance, information security and IT security
- Statutory officers (e.g. from the areas of anti-discrimination/diversity, data protection officers, and security officers in accordance with the MBG)
The PES aims to prevent the hiring of personnel linked with compliance, security or other reputational risks and the fulfillment of management obligations regarding the diligent personnel selection (cf. Section 9 of the Austrian Administrative Offenses Act - VStG).
The PES aims to preventively address, in particular, the following risks for the Rheinmetall Group:
- Damage to reputation due to employment of "fraudsters”
- Terrorism and extremism
- Danger of industrial espionage
- Unintended information leakage
If a PES is required for the position you are applying to, we will notify you again separately before conducting the PES.
The PES includes in general:
- Screenings against state and sanctions/anti-terror lists (e.g. EU Financial Sanctions List or OFAC list);
- Verification by means of external research sources/databases (e.g. Dun & Bradstreet or Thomson Reuters World Check) and online research (e.g. Google or foreign search engines);
- Analysis of social media platforms (e.g., professional networks or Twitter);
- Queries with your former employers (current employer only after consultation and your approval).
This typically involves processing the following personal data about you as part of the PES:
- Name
- Address (private and business, if applicable)
- Telephone and fax number (private and business, if applicable)
- E-mail address (private and business, if applicable)
- Curriculum vitae details
- Job references
- Training and qualification certificates
- Information about you from the research sources/databases and social media platforms used
- Criminal record certificate (obtained only for selected positions, e.g., positions with budgetary responsibility or in security-sensitive areas).
In addition to the recipients listed under Section VI., your personal data will also be transferred to the Compliance Department of Rheinmetall AG as part of the PES. Other recipients may also include service providers (e.g. credit agencies, online databases) through which we carry out screenings, cross-checks and/or searches.
The PES and the associated data processing are carried out on the basis of our legitimate interests in safeguarding corporate due diligence obligations and for risk prevention in connection with personnel selection/hiring. The legal basis for this is Art. 6 (1) lit. f GDPR. If we exceptionally collect special categories of personal data (cf. Art. 9 GDPR) from you in this context, this is generally limited to data that you have obviously made public yourself (e.g. on social media profiles). The legal basis for this is Art. 9 (2) lit. e GDPR.
You can refuse the PES or object at a later date with effect for the future. However, we will then probably not be able to consider you for the position concerned.
XI. Satisfaction survey
In order to improve our recruiting process, we will ask you during the application process whether you would like to take part in an online survey. If you agree, we will invite you by e-mail to an online questionnaire and ask for your opinion.
The legal basis for this data processing is Art. 6 (1) lit. a GDPR (consent).
Participation in the survey is voluntary and anonymous. For this reason, please do not provide any personal data (e.g. names, individual persons) in the free text fields.
You can also refuse or revoke your consent at any time at a later date with effect for the future. For this purpose you can also contact
Datenschutz-im-bewerbungsprozess@rheinmetall.com
or by mail to Recruiting Center, Rheinmetall Platz 1, 40476 Düsseldorf, Germany, with the subject "Revocation of participation in satisfaction survey".
XII. Job Alert
On our Career pages, you have the option to sign up for a "Job Alert". This is a search agent that automatically informs you by e-mail about new job offers (based on your previously defined search criteria).
In this context, your e-mail address and job search criteria will be processed. You can specify the duration of the job alert while signing up. You can also unsubscribe at any time via a link in the "Job Alert e-mails". Alternatively, you may also unsubscribe by e-mail to datenschutz-im-bewerbungsprozess@rheinmetall.com.
Our IT service provider, who is also responsible for operating our electronic applicant management system, sends out the "Job Alert" and processes the data involved.
XIII. Your rights
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
Right to be informed and of access (Art. 15 GDPR): In accordance with the statutory provisions, you have the right to request information as to whether and to what extent we process your personal data.
Right to rectification (Art. 16 GDPR): In accordance with the statutory provisions, you have the right to request the rectification or completion of incorrect or incomplete data concerning yourself.
Right to erasure (Art. 17 GDPR): In accordance with the statutory provisions, you have the right to demand that your personal data be erased immediately. Note: An immediate deletion of your data may be opposed by statutory retention obligations or other justified reasons for further processing.
Right to restrict processing (Art. 18 GDPR): In accordance with the statutory provisions, you have the right to demand that the processing of your personal data be restricted.
Right to data portability (Art. 20 GDPR): In accordance with the statutory provisions, you have the right to receive your personal data in a structured, commonly used and machine-readable format and - as far as technically feasible - to demand that it be transferred to another controller.
Right to object (Art. 21 GDPR): In accordance with the statutory provisions, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that the data processing is carried out on the basis of legitimate interests (cf. Art. 6 (1) lit. e or lit. f GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to such processing, including profiling, insofar as it is connected with such direct marketing.
Right to withdraw consent (Art. 7 (3) GDPR): You have the right to withdraw any consent you have given at any time with effect for the future without having to state reasons. Such withdrawal of consent does not affect the lawfulness of processing that has taken place on the basis of consent until the time of withdrawal.
You can contact the Data Protection Officer at any time with complaints using the contact details provided above. You also have the right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR in conjunction with Section 24 DSG).
In order to exercise your rights, you may contact the person in charge at the contact details provided in the job posting or contact the Recruiting Center at
Datenschutz-im-bewerbungsprozess@rheinmetall.com
or by mail to Recruiting Center, Rheinmetall Platz 1, 40476 Düsseldorf, Germany, with the subject "Data protection complaint". We will process your inquiries promptly, taking into account the legal requirements, and subsequently inform you of the measures we have taken.
XIV. Miscellaneous
We reserve the right to adapt this Data Privacy Information if changes of the legal situation or of our data processing make it necessary.
When visiting our website, only the latest privacy policy applies.
Where necessary and possible, we will inform you if any changes require your involvement (e.g. renewed consent) or individual notification.
Please note that addresses and contact information of other companies that we have provided in this privacy policy may change over time.
Status of this Data Privacy Information: 02. July 2024