We use cookies on this website. The cookies used are so-called "technically necessary cookies", which do not require the active consent of the user. Further information can be found in our data protection declaration.

Privacy statement

HILLROM APPLICANT PRIVACY NOTICE

1. PURPOSE AND SCOPE

This Privacy Notice explains how Hillrom handles personal data of job applicants and what rights applicants have under applicable data protection laws and regulations. In this Applicant Privacy Notice, this type of information is referred to as "Application Data".

This Applicant Privacy Notice applies to job applications through one of our career websites and through third parties such as personnel agencies and Internet job sites. It also applies to applications received through other channels, e.g. by mail or email.

The term "Hillrom" as used in this Privacy Notice refers to the Hillrom group company who advertises the vacancy and is therefore the controller of your Application Data. Hillrom may, as the case may be, have joint controllership of your Application Data along with one or more of the Hillrom DACH Companies specified in clause 8 of this Privacy Notice. More information about the main substance of the joint controllership agreement between the Hillrom DACH Companies is provided in the Annex of this Privacy Notice.

2. THE 10 DATA PROTECTION PRINCIPLES AND WHAT APPLICATION DATA WE COLLECT

In handling Application Data we observe Hillrom’s "10 Data Protection Principles".

These principles relate to:

  1. Accountability: Hillrom has to take measures to comply with the 10 Data Protection Principles and the Hillrom data protection programme and must be able to demonstrate compliance with them.
  2. Fairness and transparency: Hillrom must process personal data fairly and inform Applicants about how and why their personal data are processed.
  3. Lawfulness: Hillrom may process personal data, including sensitive personal data, only in a lawful manner, i.e. only if there is a valid legal basis for doing so.
  4. Purpose limitation: Hillrom may collect personal data only for a specific, explicit and legitimate purpose. Any further processing should be consistent with this purpose, unless Hillrom has obtained the consent of the data subject or such processing is otherwise authorised by law.
  5. Data minimisation: Hillrom may only process personal data that are relevant and limited to what is necessary in relation to the purpose for which they were collected.
  6. Accuracy: Hillrom must take reasonable steps to ensure that personal data are accurate, complete and, if necessary, up to date at all times.
  7. Storage limitation: Hillrom may retain personal data only for as long as is necessary for the purpose for which they were collected or for any other legitimate purpose.
  8. Security: Hillrom is required to take appropriate security measures to protect personal data, including in cases where personal data are processed on our behalf by data processors.
  9. Data subject rights: Hillrom must enable data subjects to exercise their rights over their personal data, including the right to have their data updated.
  10. International transfers of personal data: Hillrom must implement appropriate security measures before transferring personal data out of the country in which they were collected.

During a recruitment process, Hillrom generally only collects the Application Data it needs to assess whether you are a suitable candidate for the position you applied for. These include the following categories:

  • Information you provide to allow us to contact you with future job openings at Hillrom, such as your name, email address, specialisation and the type of position or role you are interested in,
  • Information you provide in applying for an open position at Hillrom, to introduce yourself to us and give us an impression of your abilities and your suitability for a specific position, such as your name and contact details, your present employer, information about your CV (e.g. professional qualifications, career history, place of residence, salary expectation and personal interests and experience), information relevant to your job application, information about the type of work and projects you have been involved in and any other information you provide to us, and
  • Information that Hillrom collects during the recruitment process, e.g. interview findings about you and information relevant to the application process we obtain from your references, and
  • Information from third-party sources, e.g. information extracted from your profile on professional networks or websites, and
  • Information associated with your use of our career website, e.g. your IP address. Such data may be collected through cookie technology. Further information about how Hillrom uses information associated with your use of our career website and cookies can be found in our Global Privacy Notice.

Personal data about previous convictions or health data (if collected) will generally be processed only in compliance with local laws and applicable data protection law.

The provision of your Application Data is a requirement necessary for us to process and assess your application and potentially enter into an employment contract with you. If you do not provide your Application Data, we are unable to process your application and cannot consider you for the position.

3. WHAT WE DO WITH YOUR APPLICATION DATA

The main purposes for which we use your Application Data include:

  • Supporting and processing of your job application, e.g. to allow us to assess your suitability for the position advertised, to create a shortlist of applicants and to review the references provided by applicants and verify their professional qualifications; and

  • Improving our application process, e.g. to ensure that our career website is user-friendly and contains appropriate and useful information.

We may verify whether the Application Data you provided during the recruitment process are correct and/or collect personal data about you from third-party sources to support our "Recruitment Tests". In this case, the following rules shall apply:

  • We will inform you in advance about what aspects of your Application Data will be verified and explain how the Recruitment Tests are carried out; and
  • Data about previous convictions (if collected) or health data will be processed only through authorised official sources and generally only in compliance with local laws and applicable data protection law.

Hillrom will only process Application Data if we have a legal basis for doing so. We generally process them to be able to make a better decision on whether to enter into an employment contract with you.

We may also process your Application Data to comply with legal obligations to which we are subject, where necessary for the purposes of the legitimate business interests we pursue (e.g. where necessary to gain a better understanding of our applicants to be able to offer an efficient recruitment service) or on the basis of consent given by you (e.g. if you wish to be included in our pool of applicants to be able to contact you with future job openings).

4. WHO WE SHARE YOUR APPLICATION DATA WITH

(a) Internally within Hillrom

Hillrom limits access to Application Data to those employees or individuals at Hillrom who have a business need to know those data. For example, certain individuals within Hillrom will have access to your Application Data to process your job application and administer the recruitment process.

(b) Beyond Hillrom

Hillrom shares Application Data only with authorised third-party service providers to conduct and manage the recruitment process with whom adequate contractual safeguards are in place to protect your Application Data. For example, we may share your Application Data with such service providers to review your application and verify the information you have provided. This also

includes the possibility of sharing such data for verification of your academic and professional qualifications.

In exceptional cases, Hillrom may share your Employee Data with third parties outside Hillrom, for example:

  • to comply with a legal obligation we are subject to,
  • in response to a valid request from the police or any other law enforcement agency, or
  • where necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

5. DURATION OF RETENTION OR STORAGE OF APPLICATION DATA

We will store your Application Data in accordance with our internal retention policies and procedures only for as long as necessary to process your application and to complete the application process. If your job application is not successful (or if you do not accept the job offered), we will erase your Application Data after 6 months. With your consent, we may retain your Application Data for up to 2 years to be able to contact you with regard to other suitable positions. If you are employed with Hillrom, your Application Data will become part of your personnel file and will thus be retained until your employment ends. If your employment ends, your data will, as a rule, be erased after 3 years, unless a longer retention period is required by law. For further information about applicable retention periods, please contact us directly.

6. WHERE WE STORE YOUR APPLICATION DATA

Applicants from countries in the European Economic Area (the "EEA"), Switzerland and the UK should know that their Application Data may, where necessary for the purposes of t he application process, be transferred to and stored in countries other than those of the EEA, Switzerland and the UK (hereinafter referred to as "Third Countries") with less strict data protection laws than the country in which they live. Where necessary for the purposes of the application process, they may also be processed by Employees or service providers of Hillrom in Third Countries which also have less strict or no data protection laws.

Whenever we transfer Application Data to such Third Countries, we take the precautions required of us by law to ensure appropriate safeguards to protect your Application Data and to ensure, for example by entering into contractual agreements based on EU Standard Contractual Clauses, that they are treated securely and in accordance with this Applicant Privacy Notice.

To obtain a copy of the safeguards we have in place for transfers to Third Countries, please contact us using the contact details below.

7. EXERCISE OF YOUR RIGHTS

You have the right under applicable data protection law

  • to obtain confirmation of whether Hillrom processes Application Data about you, and information about the kind of Application Data Hillrom processes, and other information;
  • to have Application Data Hillrom stores about you rectified or erased;
  • to obtain the restriction of certain forms of processing of your Application Data;
  • to receive a copy of the Application Data concerning you, and a copy of the Application Data you provided, in a structured, commonly used and machine-readable format; or
  • to withdraw consent previously granted at any time with effect for any further processing.

Moreover, you have the right under applicable data protection law to object, on grounds relating to your particular circumstances, at any time to processing of Application Data about you by Hillrom.

If you find that any of your Application Data are inaccurate and should be rectified, or if you have any other question in relation to your Application Data, please contact us using the contact details below.

All requests to exercise any of these rights will be considered by Hillrom on a case-by-case basis. In certain circumstances, we may not be required under the laws of your country, or because of an exemption in data protection law, to comply with your request.

8. HOW TO CONTACT US

For further information about this Applicant Privacy Notice, please contact us by email at Hill-RomPrivacyOfficer@hillrom.com.

Our Data Protection Officer can be contacted at Datenschutz.DACH@hillrom.com.

If you have any concerns about how your Applicant Data are processed by Hillrom, or if you wish to exercise any of your data subject rights, please email the Hillrom Global Compliance Office at globalcomplianceoffice@hillrom.com. If you are not happy with our reply, you can also contact the responsible data protection authority at any time to make inquiries or submit complaints.

The following data protection authorities are responsible for the various Hillrom DACH Companies:

Hill-Rom Holding GmbH & Co. KG, Limbecker Platz 1, 45127 Essen, Germany

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westfalia)

Postfach 20 04 44
D-40102 Düsseldorf

TRUMPF Medizin Systeme GmbH & Co. KG Carl-Zeiss-Strasse 7-9, 07318 Saalfeld/Saale, Germany

Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit (State Commissioner for Data Protection and Freedom of Information of Thuringia)

Postfach 900455
D-99107 Erfurt

Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision)

Promenade 18
D-91522 Ansbach

Hill-Rom GmbH, Limbecker Platz 1, 45127 Essen, Germany

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westfalia)

Postfach 20 04 44
D-40102 Düsseldorf

Welch Allyn GmbH, Hofgartenstrasse 16, 72379 Hechingen, Germany

Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg (State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg)

Königstrasse 10a
D-70173 Stuttgart

Hill-Rom Austria GmbH, Klosterneuburg, Büropark Donau, Haus 8, Inkustrasse 1-7, 3400 Klosterneuburg, Austria

Österreichische Datenschutzbehörde (Austrian Data Protection Authority)

Barichgasse 40-42
A-1030 Vienna

Hill-Rom SA, Chemin du Vallon 26, 1030 Bussigny, Switzerland

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (Federal Swiss Data Protection and Information Commissioner)

Feldeggweg 1
CH-3003 Bern

ANNEX: INFORMATION ON JOINT CONTROLLERS PURSUANT TO ART. 26(2) SENTENCE 2 OF THE EU GENERAL DATA PROTECTION REGULATION (GDPR)


Why do we act as joint controllers?

The personnel management function (hereinafter referred to as “Human Resources” or “HR”) for employees of Hillrom Holding itself and for employees of all other companies affiliated with the Hillrom Group within the meaning of Sec. 15 of the German Stock Corporation Act (Aktiengesetz – AktG) that are domiciled in Germany, Austria and Switzerland (together with Hillrom Holding hereinafter referred to as the “Hillrom DACH Companies”) is based at Hill-Rom Holding GmbH & Co. KG (hereinafter referred to as “Hillrom Holding”). For the purposes hereof, the term “employees” includes job applicants. A list of the Hillrom DACH Companies is provided in section 9 of the Employee Privacy Notice. Moreover, HR representatives who are not themselves employees of Hillrom Holding but employees of other Hillrom DACH Companies perform various HR tasks which relate not only to applicants of their own employer but may also relate to applicants of other Hillrom DACH Companies.

This organisational structure of the HR function makes it necessary to transfer personal data about the applicants concerned between the Hillrom DACH Companies, each acting as a controller, in order to perform the respective HR task. Where two or more Hillrom DACH Companies act together as controllers to fulfil the respective HR task, the Hillrom DACH Companies concerned act as joint controllers.

What areas does joint controllership apply to?

  • Joint controllership may apply to all HR tasks relating to the processing of job applications, including, without limitation,
    o Personnel administration
    Recruitment and personnel marketing
    o Job applicant management, including cooperation with the Works Council

Where HR representatives of a Hillrom DACH Company perform HR tasks only for applicants of their own employer, there is no joint controllership with other Hillrom DACH Companies. Rather, in this case, the Hillrom DACH Company in its capacity as employer is the sole controller as defined in Art. 4(7) GDPR.


What did the Hillrom DACH Companies agree upon?

As part of their joint controllership under data protection law, the Hillrom DACH Companies have agreed which of them fulfils the various obligations under the GDPR. This relates in particular to the fulfilment of the rights of data subjects and the information obligations under Articles 13 and 14 GDPR.


What does this mean for data subjects?

The Hillrom DACH Companies have agreed to provide any information required under Art. 13 and 14 GDPR to the data subject free of charge in a concise, transparent, intelligible and easily accessible form, using clear and plain language. For this purpose, the Hillrom DACH Company who advertises the vacancy shall generally, in its capacity as employer, provide applicants with all necessary information about the processing of personal data. In the event that the information about the processing of personal data is provided to applicants by another Hillrom DACH Company, applicants will be specifically informed about this.

Applicants concerned may generally assert the rights they are entitled to under Art. 15 to 22 GDPR against the Hillrom DACH Company who advertises the vacancy and against the other Hillrom DACH Companies who act together as joint controllers in the fulfilment of the respective HR task.

The Hillrom DACH Companies have agreed to provide the applicants concerned, upon request, with all information they have a right of access to under Art. 15 GDPR. However, such information shall generally be provided to the applicants concerned by the Hillrom DACH Company that advertises the vacancy. In the event that this information is provided to applicants by another Hillrom DACH Company, applicants will be specifically informed about this. For this purpose, the Hillrom DACH Companies shall, if needed, provide one another with all necessary information from their respective areas of activity.

In the event that a data subject contacts one of the Hillrom DACH Companies wishing to exercise any of its data subject rights, including, without limitation, the right to request access, rectification or erasure of its personal data, the Hillrom DACH Companies have agreed to forward such a request, without undue delay and regardless of the obligation to guarantee the right of the data subject, to the other Hillrom DACH Companies who also act as joint controllers in relation to the HR task concerned.

The Hillrom DACH Companies shall inform one another in advance of any request for erasure of personal data. The respective other Hillrom DACH Company may object to the erasure for valid reasons, e.g. if it is subject to a statutory retention obligation.