Career at MTU

MTU Data Privacy Policy for Applicants

MTU takes the protection of its applicants’ personal data very seriously.

Our processing of personal data complies with all legal requirements.

We ask you to review this Privacy Policy regularly, as it may be changed to reflect changes in the law or in our internal company processes.

§ 1 Controller and Scope


The controller in the sense of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other applicable data protection regulations is:

MTU Aero Engines AG
Dachauer Straße 665
80995 Munich
Germany

§ 2 Data Protection Officer


The controller’s data protection officer is:

Helga Schorr
MTU Aero Engines AG
Dachauer Straße 665
80995 Munich
Germany
E-mail: MTU.DSB@mtu.de

§ 3 What Are Personal Data?


Personal data are individual details about personal or factual situations of a specific or identifiable natural person (the data subject), including the person’s name, address, telephone number, date of birth and e-mail address. Information with which we cannot (or can only with a disproportionate effort) establish a reference to your person, e.g. by making the information anonymous, is not personal data.

§ 4 General Information about Data Processing


a) Scope

When you apply for a position at MTU, we collect and use your personal data only to the extent necessary to decide whether to make you an offer of employment.

Your personal data shall not be used for any other purpose, especially for advertising purposes. We shall not transmit your personal data to third parties without your consent, except in the cases out-lined below, unless we are obliged to disclose them by law.

We may transmit your personal data for the purposes described in § 5 below – insofar as necessary for your application – to enterprises affiliated with MTU Aero Engines AG in the sense of §§ 15ff of the German Stock Corporation Act.

We furthermore transmit personal data – to the extent permissible by law – to courts of law, legal advisors or government authorities (in particular, fiscal authorities, aviation control authorities etc.) if necessary in order to comply with applicable law or to assert, enforce or defend against legal claims.
Furthermore, in connection with your application, it may be necessary for us to transmit your personal data to other recipients, such as tax consultants, insurers or business partners.

Where we transmit personal data to service providers (e.g.  IT service providers) acting on behalf of our company, we will contractually oblige them in advance to comply with the applicable requirements of data protection law and they shall be subject to our instructions.

b) Legal basis

When processing personal data that are required for the decision to create an employment agreement or that are needed after the creation of an employment agreement for administration or termination purposes, the legal basis is §26 Section 1 “Federal Data Protection Act (BDSG). The legal basis for our processing of personal data to meet legal obligations to which we are subject is Art. 6 Section 1 lit.c of the GDPR.

Moreover, §26 Section 2 “Federal Data Protection Act (BDSG)“ may serve as a legal basis, provided that you have expressly consented to the processing of your personal data in individual cases.

c) Data Deletion and Storage Period

Your personal data shall be erased or blocked as soon as the purpose of storage ceases to apply. We may continue to store your data after this, however, if required to do so by European or national laws or other statutory provisions to which we are subject. We also delete or block your personal data upon expiration of a valid legal storage limit unless we must continue to store the data for purposes of concluding or fulfilling a contract.

d) Applicants under the Age of 16

Since applicants must grant consent to the processing of their personal data and no person under the age of sixteen may legally grant such consent, applications from persons under the age of sixteen require the consent of a legal guardian. The legal guardian must consent to the processing of the applicant’s personal data or grant permission for the applicant to consent. Applicants under the age of sixteen must therefore assure that they are submitting their application with the express permission of a legal guardian.

§ 5 Purpose of Data Processing


When you apply for a position at MTU, we process your personal data especially for the following purposes:

  • Preparing the decision whether to make you an offer of employment, to communicate our decision and, if an employment contract is concluded, to make salary payments etc.;
  • Risk management, especially in connection with the use of MTU IT systems, to prevent and identify illegal or contractually non-compliant conducts;
  • Compliance with legal (in particular social-security, aviation, tax, commercial or export control law) obligations;
  • Assertion of legal claims and their (judicial or extra-judicial) enforcement

§ 6 Categories of Personal Data


The above named purposes require us to process personal data of the following categories:

  • personal identification data such as last name, first name and date of birth
  • address and other contact information
  • billing and bank details, i.e. account information necessary for making payments
  • personal profile information such as qualifications, credentials, certificates and references
  • other data including your headshot and curriculum vitae and the answers and self-assessments you provide on the online test for trainees

All other responses to the application form are voluntary. Once your application is complete, your application data are forwarded to the company in the MTU Group which is responsible for filling the respective vacancy. The application data will be accessible to only two departments within that company: human resources and the relevant specialty department.

§ 7 Security measures to protect the data stored with us


We undertake to protect the personal data we store and to treat it as confidential. To prevent the loss or misuse of data stored by us, we take extensive technical and organizational safety precautions which are regularly checked and adapted to technological progress.

However, we would like to point out that due to the structure of the Internet, the data protection rules and the above-mentioned safety measures may not be observed by other persons or institutions outside our field of responsibility. In particular, unencrypted data transmitted by e-mail, for instance, can be read by third parties. We have no technical influence on this.

§ 8 Technical Procedures in Data Processing


When you use our online job application tool, some technical data are processed in addition to the personal data named above. These technical data are largely impersonal, i.e. without any clear link to you, and include the name of your Internet service provider, the page from which you were referred to our site, the names of the files you request and the time at which you request them. These data are exclusively evaluated for the purpose of improving our online offerings and do not allow any conclusions regarding your person. These data are:

  • Browser type and version
  • The operating system used
  • Referrer URL
  • Host name of the computer used for access
  • Names of the requested files
  • Date and time of server request
  • IP address

§ 9 Use of Matomo


MTU is constantly striving to optimize its website. This is based on statistics on the use of the website. MTU uses the web analysis tool "Matomo" to generate the statistics. When one of our online services is accessed, Matomo anonymously protocols and evaluates its use.

Matomo uses so-called "cookies". These are text files which are stored on your computer and are used to analyse the use of our website. For this purpose, the usage information generated by the cookie (including your anonymized IP address) is sent to our server and stored for usage analysis, which helps optimize our website. Your IP address is immediately made anonymous during this process, so that you as a user remain anonymous to us. The information generated by the cookie about your use of our website is not passed on to third parties (see Section 4). 

If you do not agree to the storage and evaluation of the aforementioned data from your visit to our website, you can object to the storage and use at any time with effect for the future. In this case, an "opt-out-cookie" is stored in your browser, which means that Matomo shall not collect data about your visit to our website.
  
IMPORTANT: To set the opt-out cookie, your browser must be set to accept cookies. If you delete your cookies between two visits to our website, this means that the opt-out cookie is also deleted and you may have to reactivate it the next time you visit our website.

To object to the collection of usage data during your visit to our website, please click the following link:

Note: If you have activated your browser’s tracking protection feature, Matomo will defer to the setting you have chosen.

§ 10 Use of Cookies


Besides the cookies described in Section 9 above, we use other cookies which are sent by our web server to your browser during your visit to our website and are stored on your computer for later retrieval. These cookies contain a characteristic character string that enables clear identification of the browser when the website is called up again.

When accessing our website, the user is informed about the use of cookies for analytical purposes and his or her consent to the processing of personal data used in this connection is obtained. In this context, reference is also made to this privacy statement.

The legal basis for processing personal data using technically necessary cookies is Art. 6, Section 1f of the GDPR. If the user has given his or her consent in this regard, the legal basis for processing personal data using cookies for analysis purposes is Art. 6, Section 1a of the GDPR.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary for the browser to be recognized even after a change of page.

The user data collected by technically necessary cookies are not used to create user profiles.

Cookies are stored on the user's computer and sent from there to our site. Therefore, as a user you also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser.

Most browsers are pre-set to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it informs you before cookies are stored. Users who do not accept cookies may not be able to access certain areas of our websites.

Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

§ 11 Your Rights as a Data Subject


If your personal data are processed, you are concerned in the sense of the General Data Protection Regulation (GDPR) and you have the following rights vis-à-vis the controller:

1. Right to information

You can ask the controller to confirm whether your personal data are processed by us.

If this is the case, you can ask the controller for the following information:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom your personal data have been or are still being disclosed;
  4. the planned duration of the storage of your personal data or, if specific information on this is not possible, the criteria for determining the storage period;
  5. the existence of a right to rectify or erase your personal data, a right to have the processed data restricted by the controller, or a right to object to such processing; 
  6. the existence of a right to appeal to a supervisory authority;
  7. all available information about the origin of the data if the personal data are not collected from the data subject.

You have the right to request for information as to whether your personal data is transferred to a third country or to an international organisation. In this connection, you may request that the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with the transmission of data shall be made available to you.

2. Right to correction

You may ask the controller to rectify and/or complete your personal data if your personal data are incorrect or incomplete. The controller shall make the correction without delay.

3. Right to restrict the processing

You may request that the processing of your personal data be restricted on the following terms and conditions:

  1. if you contest the accuracy of your personal data;
  2. if the processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of the use thereof;
  3. if the controller no longer needs the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims, or
  4. if you have filed an objection to the processing pursuant to Art. 21, Section 1 of the GDPR and it has not yet been determined whether the controller's legitimate reasons outweigh your reasons.

If the processing of your personal data has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the processing restriction has been limited on the above conditions, we shall inform you before the restriction is lifted.

4. Right to deletion

a) Deletion obligation

You may ask to delete your personal data without delay and we are obliged to delete this data without delay if:

  1. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent, on which the processing was based pursuant to Art. 6, Section 1a or Art. 9, Section 2a of the GDPR, and there is no other legal basis for the processing. 
  3. You file an objection against the processing pursuant to Art. 21, Section 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21, Section 2 of the GDPR.
  4. Your personal data have been processed unlawfully.  
  5. Deleting your personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which we are subject. 
  6. Your personal data have been collected regarding the services offered by the information company pursuant to Art. 8, Section 1 of the GDPR.

b) Information to third parties 

If we have made your personal data public and are obliged to delete it pursuant to Art. 17, Section 1 of the GDPR, we shall take appropriate measures, including technical measures, considering the available technology and the implementation costs, to inform the processors of the personal data for which you as the data subject have asked for the deletion of all links thereto or of copies or replications thereof. 

c) Exceptions

The right to deletion does is excluded if and to the extent as the processing is required

  1. to exercise the freedom of expression and information;
  2. to fulfil a legal obligation required for processing under EU law or the law of Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
  3. for reasons of public interest in the field of public health pursuant to Art. 9, Sections 2h and 2i, and Art. 9, Section 3 of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89, Section 1 of the GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
  5. to assert, exercise or defend legal claims.

5. Right to information

If you have asked us to correct, delete or restrict the processing of your personal data, we must inform all recipients of your personal data about this correction or deletion of the data or restriction on processing, unless this proves impossible or entails a disproportionate effort.

You have the right to be informed of such recipients.

6.   Right to data portability

You have the right to receive the personal data you have made available to the controller in a structured, accessible and machine-readable format. Moreover, you have the right transmit  this data on to another controller, provided that 

  1. processing is based on consent pursuant to Art. 6, Section 1a of the GDPR or Art. 9, Section 2a of the GDPR or on a contract pursuant to Art. 6, Section 1b of the GDPR and 
  2. processing is carried out automatically.
  3. While exercising this right, you also have the right to request that your personal data be transferred directly from us to another controller, so far as this is technically feasible. Other persons' freedoms and rights must not be affected by this.
  4. The right to portability shall not apply to the processing of personal data needed to perform a task in the public interest or to exercise official authority conferred on the controller.

7. Right to object

You have the right to object at any time, on the grounds of your particular situation, to the processing of your personal data in accordance with Art. 6  Section 1e or 1f of the GDPR; this also applies to profiling based on these provisions.
  
We shall no longer process your personal data, unless we can prove protection-worthy compelling reasons for the processing, which outweigh your interests, rights and freedoms, or unless the processing is used to assert, exercise or defend legal claims.
  
You have the possibility to exercise your right of objection in connection with the use of the services of an information company by means of automated procedures based on technical specifications, notwithstanding Directive 2002/58/EC. 

8. Right to revoke the data protection consent

You have the right to revoke your data protection consent at any time.

The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

9. Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the alleged infringement has been made, if you believe that the processing of your personal data is contrary to the stipulations of the GDPR. The competent supervisory authority for Bavaria is: 

Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27, 91522 Ansbach,
  https://www.lda.bayern.de/de/kontakt.html