Data protection information for applicants

1. Who is in charge of handling your personal data? To whom does this data protection policy apply? From whom do we receive your data?

1.1. Österreichische Post AG ("Österreichische Post", "we", "us") is responsible for adequately protecting your personal data.
Österreichische Post complies with all legal provisions about the protection, lawful handling and confidentiality of personal data as well as data safety.
If you use your career profile to apply for a position with a subsidiary of Österreichische Post, the subsidiary in question will be an independent data controller in addition to Österreichische Post.

1.2. We process your personal data in accordance with data protection regulations, above all the General Data Protection Regulation (GDPR), the Austrian Data Protection Act, relevant regulations defined in the Postal Market Act and other relevant laws.

1.3. If your application leads to employment with Österreichische Post, our relevant data protection policy for employees of Österreichische Post will additionally apply. This policy might already be available to your for your information. If you are a client, supplier, or business partner of Österreichische Post or if you have subscribed to the Österreichische Post newsletter or visit the Österreichische Post website, the data protection policy available under post.at/datenschutz will apply to you.

1.4. We receive personal information directly from you. You decide if you make your personal data available for the purpose of processing your application. You also have the option of making your personal data available to us through a previously responsible recruiter.

2. What interest does Österreichische Post have regarding my data and based on which grounds may Österreichische Post process my data?

2.1. Contract performance and execution of pre and postcontractual steps:

- for processing your application

- for talent management purposes

- for HR development

- for managing access to Österreichische Post buildings

- for managing master and contractual data, e.g., for the karriere.post.at user account.

For this purpose, special categories of personal data may be processed.

We follow all special legal requirements for processing such data.

Your application, the processing of your application, a possible hiring and the performance of the contract itself is considered a processing of your personal data and, under certain circumstances, also a processing of your personal data of a special category.

Above all, we generally or in a given case must process personal data made available by you in writing or verbally during the application process that fall under the following data categories, including without limitation: personal master data, address data, contact information, photo, data for identification purposes, user data, employment contract information, payment data, information data for provided references, education, training, and professional data.

If you apply for a position at Österreichische Post, the candidate management system karriere.post.at will be available to you. All job applicants can create their own user profile.
Österreichische Post can create user profiles for applications received in writing. All user accounts include the following minimum information: first name, last name, e-mail address, password and home address.
User profiles will be stored for six months after they become inactive.

If you do not provide the required data, we will not be able to process your application and we will therefore not be able to consider your application. Also, should we subsequently decide to hire you, we would not be able to sign a contract with you if you do not provide the required data.

2.2. Data may also be processed in the interest of Österreichische Post or of a third party.

Above all, we may process the following categories of personal data that you provide to us in writing of verbally during the application process:
personal master data, address data, contact information, photo, data for identification purposes, employment contract information, payment data, information data for provided references, education, training, and professional data. This data processing is performed pursuant to Article 6 (1)  (f) of the GDPR for the following purposes:

Compliance: This means meeting statutory and other requirements, e.g. income tax and social security deductions, recording and reporting duties, audits, compliance with inspections by public authorities, "good governance", reaction to legal disputes, administration of in-house inquiries/complaints/claims, investigation and behaviour in line with strategies/procedures, fulfillment of a trust-building communication policy as well as disclosure and information needs.

To that effect, special categories of personal data (such as data from criminal proceedings) may be processed pursuant to Article 9 or 10 of the GDPR. For their processing, we comply with all statutory special provisions, including but not limited to Article 9 (2) of the GDPR.

To obtain subsidies for requesting cost compensation if the legal basis exists.

To plan, execute and document internal audit activities and forensic analysis as well as activities for ongoing improvement, e.g., for ensuring profitability, quality and security, to ensure the continuous improvement of our business process in order to meet statutory obligations as well as for information and prevention purposes in the case of suspected criminal behaviour against Österreichische Post. 
To that effect, special categories of personal data such as health-related and data from criminal proceedings may be processed pursuant to Article 9 or 10 of the GDPR.
For their processing, we comply with all statutory special provisions, including but not limited to Article 9 (2) of the GDPR.

To settle damages and insurance claims. To that effect, special categories of personal data (such as data from criminal proceedings) may be processed pursuant to Article 9 or 10 of the GDPR.
For their processing, we comply with all statutory special provisions, including but not limited to Article 9 (2) of the GDPR.

To ensure IT security and maintaining IT operations, the execution of stress tests, the development of new products and systems and the adaptation of existing ones, data migration to ensure system viability and integrity and ultimately, the viability and integrity of processed data.In this case, provided personal data are predominantly used for tests provided that such tests cannot be done with anonymous data without excessive costs. 

2.3. Compliance with statutory obligations: Österreichische Post has legal obligations, such as documentation duties, provisions from employer law, labour law, and social law as well as provisions from company law, tax law and entrepreneurial law. In addition, we have inspection and reporting duties. In order to be able to comply with these provisions, we process your personal data pursuant to Article 6 (1) (c) of the GDPR in the scope required by the law in question. This usually includes the following data categories: personal master data, address data, contact information, employment contract data, payment data, presence and absence times.

2.4. Consent: Unless there are no legitimate grounds as described in 2.1 to 2.3 above, we separately will ask for your consent pursuant to Article 6 (1) (a) of the GDPR. When doing so, we will naturally fully comply with all applicable statutory provisions (including the Austrian Telecommunications Act). In your candidate profile, you can revoke this voluntary consent at any time with future effect.


3. With whom are we allowed to share your data?

3.1. During your application process, selected employees in HR, specialised areas of Österreichische Post as well as executives responsible for the position you applied for will have access to your data.
If you have used your career profile to apply for a position with an Österreichische Post subsidiary, we will forward your personal data to sel

3.2. If you have used your career profile to apply for a position with an Österreichische Post subsidiary, the subsidiary in question will act as an independent data controller in addition to Österreichische Post (for a list of all subsidiaries, please see item 3.3).

3.3. For every application that you submit you have the option of consenting to the processing of your application data for all open job positions at Austrian companies that belong to the Österreichische Post corporation. If you provide this separate consent, other Austrian companies in addition to Österreichische Post and, if applicable, Österreichische Post subsidiaries  to which you apply can get access to your application data. This serves the purpose of considering your application for other appropriate positions within the Österreichische Post corporation. For an updated list of companies associated with Österreichische Post pursuant to Section 15 of the Austrian Stock Corporation Act, please see: Holdings - PostAG. If you do not provide your consent, we will consider your application data only for those group companies to which you have applied. This means that you will not be considered for possible job openings available at other group companies.

3.4. You can revoke this consent at any time with future effect by going to your candidate profile and selecting "Job applications/position-specific information" for the application in question. This shall not affect the lawfulness of  any data processing performed before the revocation.

3.5. External service providers: In a world of labour division, the required data processing work is oftentimes provided by specialised businesses, so-called service providers (data processors).  
These businesses can provide such services at attractive rates while, most importantly, delivering high quality. Therefore, we transfer your personal data to such businesses in the scope necessary for them to provide the contractually agreed services. Such services include, among others, data storage in our secure data centres. Our data processors include, without limitation, IT service providers (e.g., helpdesk services), service providers for HR, personal coaches, and recruiters.

3.6. Courts and public authorities: There are some statutory provisions that Österreichische can only comply with by sharing your personal data with public authorities (such as social security organisations, tax offices or prosecuting bodies, supervisory bodies, etc.) or courts in the required scope.

3.7. Other recipients: In individual cases, as part of the precontractual, contractual, or postcontractual relationship and especially in relation to our legal obligations, your personal data might be shared with additional parties (such as insurance companies or brokers, HR developers, etc.).

4. May your data also be shared with third parties in another country (including outside the EU)?

4.1. Yes, provided that the European Commission has confirmed that this third country has an adequate data protection level and that adequate data protection guarantees exist (e.g. binding in-house data protection provisions or standard EU data protection clauses).

4.2. In exceptional cases, the data may also be shared with a third country with your explicit consent, provided that we have informed you about possible risks associated with the planned disclosure and the lack of adequate data protection guarantees (item 4.1).

4.3. Österreichische Post currently does not plan to transfer application data that would involve applicants' data to a third country.

5. How long will your data be stored?

5.1. You can delete your entire career profile on karriere.post.at at any time by going to your profile and selecting Options/Settings/Delete Profile. If you delete your profile, you will also be withdrawing your application because we cannot process applications without knowing your personal data.

5.2. As a general rule, applications that do not lead to a position with Österreichische Post are automatically deleted within 6 months, unless you have previously deleted it yourself in your career profile or other statutory storage periods apply (they usually range between three and thirty years). Your career profile itself is automatically deleted within six months after the point in time when you last logged in.

5.3. For applications that lead to a position with Österreichische Post your data will be stored as long as required by law or as long as any existing legal claims have not yet come under the statute of limitations.

5.4. If you have set up a search agent with notifications about interesting positions for you, you can delete this search agent yourself. If you do not logged in for more than six months, any existing search engines will be deleted automatically.

6. What rights do you have?

6.1. Upon request, we will give you information about all personal data processed by Österreichische Post. In addition, in some cases, you also have the right to data portability, meaning that we would give you all personal data you have disclosed to us in a structured, standard and machine processable format.

6.2. Under certain conditions, you can also demand that the processing of your data is limited or that your personal data are rectified or deleted. In addition, you can object to the processing, provided that this is justified by special circumstances. In addition, you have the option of filing a complaint with the Austrian Data Protection Authority: Österreichische Datenschutzbehörde,  Barichgasse 40-42, 1030 Vienna.

6.3. To exercise your rights or if you have any questions, please e-mail us at pm.datenschutz@post.at or write to Österreichische Post AG, Personalmanagement/Human Resources, Rochusplatz 1, 1030 Vienna. 
7. Contact information and data protection officer

If you have any questions or feedback regarding data protection, please contact our data protection managers at our HR department or our data protection officer by writing to Österreichische Post AG, Datenschutzbeauftragte/data protection officer, Rochusplatz 1, 1030 Vienna.

8. Legal information and cookie information for websites

8.1.General information

The information provided on the websites of Österreichische Post is for informational purposes only. We take great care to ensure that all information is correct and complete. However, we cannot exclude that unintentional or incidental mistakes will occur.

Österreichische Post accepts no liability or guarantee for the information provided on its websites. Above anything, Österreichische Post does not guarantee that all information can be displayed using any software or hardware configuration, that the information is up-to-date, secure and free from mistakes, that it meets your expectations and/or that it is permanently available. Also, Österreichische Post does not guarantee that its websites and auxiliary systems (e.g., servers) are free from viruses. In addition, Österreichische Post reserves the right to complement or change the information on its websites without prior notification.

Österreichische Post is not liable for inaccurate or missing information on its websites. This especially applies, without limitation, to (hyper)links and other content used on our websites directly or indirectly or that can be accessed from them. All decisions based on information provided by Österreichische Post on its websites are the sole and only responsibility of the user.

In addition, Österreichische Post accepts no liability for immediate/specific damage or consequential damage or other damage of any kind that may result in any way from the direct or indirect use of the information (including hyperlinks) provided on its websites.

All above-mentioned provisions also apply to software that can directly or indirectly be accessed or used from the websites of Österreichische Post. If third-party software is accessed via (hyper)links, the rules of the provider in question shall apply.

8.2 Copyright

The design and content of these websites are subject to copyright. Any change or reproduction of images or text from these websites is subject to prior written consent by Österreichische Post. It is explicitly prohibited to use marks (e.g. trademarks, logos).

8.3 Use of cookies 

Several parts of our websites rely on cookies and similar technologies (hereinafter referred to as "cookies"). They make our offer more user-friendly and more efficient.

Cookies are small text files that are saved on your computer or smartphone and that your browser will store. They usually provide information about what pages/parts of our website were visited by users and can, among others, save user settings so that returning users will be recognised and do not have to log in again. Also, they allow for the targeted displaying of information to users as well as the analysis of website views.

Our business partners, so-called cookie providers, may also place cookies on our websites. These are used to improve our own products and services as if we had placed these cookies ourselves.
For instance, to understand how our websites are used, we work with analysis partners including Google and Facebook (for additional information, please see item 8.3.2).
However, cookie providers may also rely on cookies used on our websites for their own purposes, e.g. to place (their own or third-party) advertising on our websites and to measure their effectiveness. In such case, Österreichische Post has no influence on the purpose and means of the cookie-based data processing while also not benefiting from this data processing.
Cookies from such third-party providers may fall into the cookie categories listed under item 8.3.1.

Information about the use, scope and type of cookie is available in our cookie banner displayed under "Edit cookie settings".

8.3.1 Cookie settings and management, legal basis

Other than technically required cookies (functionally necessary cookies) that may be placed on our websites even without your consent  pursuant among others to Section 96 of the Telecommunications Act and because of our legitimate interest (providing a functional online service offer) pursuant to Article 6 (1) (f) of the GDPR, you can actively accept or reject the use of performance cookies and cookies for marketing purposes before they are placed.

To that effect, we have created a cookie consent management tool that displays a cookie banner with additional information about the cookies we use when you access the website in question for the first time (especially name, purpose, lifespan, provider). Via this cookie banner, you have the option of generally agreeing to the use of cookies or to make a more detailed selection depending on the cookie category. You can even select specific cookies or cookie providers within a specific cookie category. You can change your consent or selection at any time by going to "Edit cookie settings" in the cookie consent management platform. If, after you have provided your consent, more cookies or cookie providers are added, the cookie banner will be displayed once again and you will be able to make your selection.

In the cookie consent management tool, all cookie providers are listed individually and links to their privacy policies are provided. These policies include additional information, including without limitation, information about additional options for deactivating these cookies.

In addition, you have the option of going to your browser settings to determine whether you want to allow cookies or not. Your device might also allow you to manage your cookies. To learn how this works, please see the user manual provided by the manufacturer of your device.

If users opt out of storing cookies, certain functions of the website might not be available.

8.3.2 Additional information about the advertising functions of Google Inc.

Once we have understood what is important to you and what you are interested in, we can show you relevant and helpful information. To place and manage our ads, we rely on Google Display & Video as well as Google Adwords (Google Ads).

We use the services of Google Ads to place advertising (so-called Google ads) on external websites and highlight our attractive offerings. By linking the data to the advertising campaign, we can determine how successful specific advertising efforts have been.

In doing so, we strive to show you advertising that is relevant to you, to make our website more interesting for you and to reach a fair calculation of advertising costs.

These advertising materials are delivered by Google via so-called "Ad Servers". We use Ad Server cookies which measure certain success parameters, including how many times the ads were shown and how many clicks they obtained from users.

Provided that you have accessed our website via a Google ad, Google Ads will place a cookie on your device. Such cookies are usually valid for 30 days only and are not used to identify you personally. However, specific users can be grouped via browser recognition.

If you have registered for one of the services provided by Google, Google can link your visit to your account.

Even if you have not registered or logged on, the service provider might obtain information about our IP address and save it.

After you have given your consent and made your selection, you can revoke or change these "cookie settings" at any time by going to the cookie management platform.

8.3.3 Additional information about Google Remarketing

In addition to Google Adwords, we use an application called Google Remarketing. This is a procedure that we use to target you once again. This application allows us to display our ads on your device after you have visited our website and continue using the Internet. This is done via cookies saved on your browser. These cookies allow Google to identify and analyse your user behaviour when you access different websites. This is how Google can determine that you have previously visited our website. According to information provided by Google, data collected as part of remarketing activities will not be associated with any of your personal data that Google may have saved. Google also highlights that it uses pseudo-anonymization for its marketing activities. For more information about Google's data protection policy, please visit: https://www.google.com/intl/de/policies/privacy.

After you have given your consent and made your selection, you can revoke or change these "cookie settings" at any time by going to the cookie management platform.

8.3.4 Additional information about Facebook Instagram & LinkedIn

For the same purpose, i.e. displaying customised ads, Instagram Ads, Facebook Ads and LinkedIn ads may be activated provided that you give your consent. This is not personal information. Personal information will be saved on servers located both in the European Union (Ireland) and in third countries. The information will be stored for a period of 90 days.

Facebook, Instagram and LinkedIn Pixel allow us to check if users were redirected to our website after having clicked on an Instagram, Facebook or LinkedIn ad. Among other processes, Instagram, Facebook and LinkedIn  Pixel use cookies, which are small text files that are stored locally in your web browser's cache memory on your device. If you have logged on to Instagram, Facebook or LinkedIn with your user account, your visit to our online offerings will be registered in your user account. All data collected about you is anonymous for us and therefore will not allow us to identify users. However, Instagram,  Facebook and LinkedIn can associate this data with your user account on these platforms.

Personal information will be saved on servers located both in the European Union (Ireland) and in third countries.
These saved cookies can remain in place for up to 2 years. For additional information about Facebook's privacy policy, please visit: https://www.facebook.com/privacy/explanation. Information about Instagram's privacy policy is available here: https://www.facebook.com/help/instagram/155833707900388. Information about LinkedIn's privacy policy is available here: https://de.linkedin.com/legal/privacy-policy?

After you have given your consent and made your selection, you can revoke or change these "cookie settings" at any time by going to the cookie management platform.


As of: April 2022