DB Schenker GBS Bucharest SRL is the party responsible for collecting and processing your data. If you have any questions, suggestions and/or criticism in relation to data protection, please contact:

DB Schenker GBS Bucharest SRL
Head Office
5-7,  Dimitrie Pompeiu Boulevard, Hermes Business Campus no.1, Floor 7th District 2, Bucharest, Romania
Or on the e-mail address: 
ro.sm.cnd.HR-Operations@dbschenker.com

All data collection and processing is performed for specific purposes. These may result from technical necessities, contractual requirements, or explicit customer requests.
For technical reasons, certain data might be collected and stored during a visit to dbschenker.com. As for example the date and duration of the visit, the web pages used, the identification data of the browser and operating system type used, and the website from which you visit us.

If you register for one of our newsletters, the following required information is collected:
Salutation, first name, last name, E-Mail address, industry you are working in.
In this case, we may use your e-mail address for promotional purposes.
If you object to the promotional use of your data, your data will only be used anonymized, for statistical analysis purposes.

To continuously improve our offerings, we save and analyze usage data from the online area on a pseudonymized basis. The legal basis for this is Article 6(1)(f) GDPR.

Taking into consideration the legal provisions on physical security, DB Schenker GBS Bucharest SRL will require visitors to present their identification data and health information (temperature) before accessing its facilities and will process it in accordance with applicable legal provisions. Furthermore, because CCTV systems are installed in each facility of the company, DB Schenker GBS Bucharest SRL will process the received data consisting of the visitor`s image and the registration number of the vehicle, the basis for the processing being the legitimate interest of the company.

To the extent that we request consent to process your personal data, it serves as the legal basis according to Article 6(1)(a) GDPR.

For processing of personal data required to fulfill a contract with you, the contract is the legal basis according to Article 6(1)(b) GDPR. Article 6(1)(b) GDPR also applies to processing operations that are required to execute preliminary measures, for example, if you ask about our products or services. In case of access in Company’s precincts, Schenker is processing the personal data based on article 6 para (1) letter (c) or/and letter (f) from GDPR.

If our company is subject to legal demands that require us to process personal data, for example, to fulfill tax responsibilities, then processing is based on Article 6(1)(c) GDPR.
If you click on a link to an external page, you will move outside the pages of dbschenker.com. DB Schenker GBS Bucharest SRL is therefore not responsible for the content, services or products offered on the linked website and also for the privacy and technical safety on the linked website.

If you are a Partner of DB Schenker GBS Bucharest SRL, we will process your personal data such as your name, surname, telephone number, email address, billing address, delivery address, function, location, data regarding the use of dbschenker.com/ro, as well as any other categories of data you provide directly; Also, in order to conduct our business relations, there is the possibility to ask your delegates (drivers, handlers) to provide us their name, surname, series and number of the IC, numeric personal code.

If you are a contact person for Partners or potential Partners, DB Schenker GBS Bucharest SRL processes your contact details such as the name, surname, e-mail address, telephone number and location you provide in the context of initiating or conducting the contractual relationship with partners or potential partners.
If you choose to create a user account for sims.dbschenker.com and access the eSchenker portal, please refer to the relevant privacy policies available on those platforms.

If you apply for a job within DB Schenker GBS Bucharest SRL, by accessing the Careers section available at dbschenker.com/ro or in any other way, DB Schenker GBS Bucharest SRL will process the personal data you provide in this context, such as name, surname, e-mail address, telephone, professional experience, and any other data included in the documents you choose to provide us with. Your personal data will only be processed for the purpose of your employment, the legal basis being the legitimate interest of the company. In case that you are applying using Avature please consult the privacy policy included in this application which provide you details regarding the processing of personal data or point 11 (PRIVACY POLICY regarding the processing of personal data of candidates).

If you visit one of DB Schenker GBS Bucharest SRL's facilities, the company will process the following personal data: image, vehicle registration number - if applicable, name, surname, series and number of the IC, issuing date and issuer, and personal numeric code. Additional in the context of COVID 19 pandemic situation, we are collecting data regarding your health (temperature) and also the data you are provided in the form (statement) handed to you with the occasion of your visit.

In case of your participation in an event organized by DB Schenker GBS Bucharest SRL, the company will ask for your consent to be photographed and to publish the photos taken during the event on the website www.dbschenker.com/ro and on social networks, according to the terms set in chapter 7.

Your data will be deleted as soon as they are no longer required for the purpose for which they were collected (e.g. within the framework of a contractual relationship). Your data must also be deleted if it is not permissible to store them (particularly if the data are inaccurate and correction is not possible). Where legal or practical obstacles prevent deletion, the data are blocked (e.g. special archiving obligations).

If you are a partner of DB Schenker GBS Bucharest SRL, we will process your data for the duration of the contractual relationship and thereafter for the length of time required to meet our legal obligations (for example, in the case of financial accounting documents, the retention period prescribed by law is 10 years from the date of the financial year in which they were drawn up).

If you are a contact person for Partners or potential Partners, your personal data will be processed for the time necessary for the completion / execution of the contract and thereafter, according to internal policies and legal obligations, including the ones regarding archiving.

The storage duration for the video recordings of visitors at DB Schenker GBS Bucharest SRL facilities is 30 days, unless the video footage is necessary for conducting internal investigations or unless it is requested by state authorities; the retention period of the personal data recorded in the visitor log book is two years from the date of registration.

The transmission of data and emails via the internet is generally unencrypted, and is therefore unprotected against third-party access. When you contact us by email, the confidentiality of the information provided cannot be guaranteed during the transmission; we therefore recommend that confidential information should be sent exclusively by letter.

You can request information about what data is stored about you.

You may request rectification, deletion and limitation of the processing (blocking) of your personal data as long as this is legally permissible and possible within the framework of an existing contractual relationship

You have the right to appeal to a supervisory authority. The supervisory authority responsible for DB Schenker GBS Bucharest SRL SA is:  The National Supervisory Authority For Personal Data Processing, 28-30 G-ral Gheorghe Magheru Bld., District 1, post code 010336, Bucharest, Romania.

You have the right to transfer the data that you have provided us on the basis of a consent or a contract (data portability).

If you have given us consent for data processing, you can revoke it at any time in the same way that you have granted it. The revocation of the consent does not affect the legality of the processing due to the consent until the revocation.

With regard to the processing of personal data via the service "Insights" offered by Facebook, Facebook has assumed the primary responsibility. This concerns the processing of Insights data and the implementation of the data subject rights. Therefore, please contact Facebook directly regarding all obligations under the GDPR with regard to the processing of Insights data.

To exercise your rights, send an E-Mail to: ro.sm.cnd.HR-Operations@dbschenker.com   

For the execution of the contract, the activation of instructions-dependent processors is usually a must, such as data center operators, printing or shipping service providers or other parties involved in the performance of the contract.

External service providers, who process data for us, are carefully selected by us and are strictly contractually obligated. The service providers work according to our instructions, which is ensured by strict contractual regulations, by technical and organisational measures and by supplementary controls.

Furthermore, your data will only be transmitted if you have given us your express consent or because of a legal regulation.

Transmission to third countries outside the EU/EEA or to an international organisation shall not take place unless there are adequate guarantees. These include the EU standard contractual clauses and an adequacy decision of the European Commission.

We point out that when processing through Facebook and Instagram data of users may be processed outside the territory of the European Union. This may result in risks for the users because e.g. enforcement of user rights could be made more difficult. For details, please refer to the privacy policy of Facebook and Instagram, mentioned in chapter 10. With respect to US providers certified under the Privacy Shield, we point out that they are committed to upholding the EU's privacy standards.

We want to give you the opportunity to make an informed decision for or against the use of cookies, unless these are not strictly necessary for the technical functioning of the website. 

Cookies are small text files in which personal data can be saved. Our data protection notice is intended to ensure that you are fully aware of data collection and processing, even where our web pages use cookies, and that you can make a correspondingly informed decision.

We therefore inform you here about the type and scope of the intended use of cookies on our web pages. The use of dbschenker.com/ro is generally possible without cookies, unless these do not serve for technical purposes.

You can prevent tracking by cookies by changing your browser settings or prevent third-party cookies from being saved. You can change your browser settings as follows:

We also recommend regularly checking and deleting the cookies that are saved, where they are not specifically desired. 

We use cookies that are active from the start of your visit to our website until the end of the respective browser session. These cookies are automatically invalid and deleted as soon as you close your internet browser. These cookies are also known as "session cookies". Session cookies are used in the following areas:

• The cookie identifies the user when visiting the website for the duration of the active session.
• The cookie ensures that once the language has been selected, it is retained and applied for the duration of the active session, and continues to be provided to the user when they change between pages.
• The cookie serves for data security, and prevents data and content from being manipulated, accessed, and transmitted to other systems by third parties.

This website uses Adobe Analytics, a web analysis service from Adobe Systems Software Ireland Limited (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland). By using this analysis service, we aim to ensure that our website is designed to meet the requirements and is continually being optimized. We also use the analysis service to statistically record the use of our website which we evaluate in order to optimize our content.

Adobe Analytics uses cookies with a lifetime of 24 months which are stored on your end-user device and enable your use of the website to be analysed.

The information generated by the cookie is transferred to and stored on an Adobe server in the European Union. Prior to this, since a procedure for anonymizing your IP address is activated on this website, your IP address will be shortened. Adobe will use this information in order to evaluate for us your use of the website, to compile reports on website activities and to carry out additional services, on our behalf, relating to use of the website and the internet. This enables us to assess how often different sections and texts on our web pages are read, and whether or not our website design influences the extent of website usage. The statistics obtained enable us to improve our content and make it more interesting for you as a user.

Adobe shares this information with us exclusively as aggregate data showing general site usage. This data has no personal content and cannot be traced back to an individual.

Our service providers are contractually obliged to handle your data in accordance with privacy requirements.
The legal basis for the use of Adobe Analytics is Art. 6(1)(f) GDPR.

You can opt out of the creation of pseudonymized user profiles at any time. There are several ways of doing this:

1.) You can opt out Adobe Analytics by clicking the following link to place the deactivation cookie in your browser:

Click here to opt-out from Adobe Analytics

2.) You can also prevent storage of the cookies used for creating profiles by setting your browser software accordingly.

Please note: if you delete the cookies on your device, the opt-out cookie will also be deleted so you will need to reactivate your opt-out.

dbschenker.com has integrated Oracle Eloqua / Oracle Marketing Cloud components (hereafter "Eloqua") on this website. Eloqua matches relevant website content to data from interested parties, customers and their profiles, in order to allow website operators to address interested parties and customers more effectively and in a more targeted manner. The purpose of Eloqua is to increase the conversion rate of interested parties into customers and thus to increase the turnover of a website operator.

The operating company of Eloqua is the Oracle Corporation, 10 Van de Graaff Drive, Burlington, MA 01803, USA.
Eloqua sets a cookie on the information technology system of the data subject. Eloqua, on behalf of the dbschenker.com, will use the data and information obtained through our website to evaluate the user behavior of the data subject who has used our website. In addition, Eloqua will use the data to create user activity reports on behalf, as well as other services for our company related to the use of our website.

The affected person can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Oracle from setting a cookie on the information technology system of the person concerned. In addition, cookies already set by Oracle can be deleted at any time via the Internet browser or other software programs.

To prevent the setting of cookies please visit:
https://www.oracle.com/de/marketingcloud/opt-status.html

dbschenker.com embeds Google Maps. If you give your consent, in addition to log data, your IP address is transmitted to the Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.  
The relevant privacy policy can be found at https://www.google.com/intl/en_policies/privacy/.

On the site https://policies.google.com/technologies/product-privacy?hl=en&gl=en you can make settings for your privacy.

You can find us in various social media with their own appearance. In this way, we would like to provide you with a broad, multimedia offer and exchange ideas with you on important topics for you. In addition to the respective provider of a social network, we also collect and process personal user data on fan pages. This notice also informs you of what information we collect from you on our social media appearances, how we use them, and how you may object to our use of the data. The respective data processing purposes and data categories can be found in the respective offer, which is detailed below. The activities carried out by us and described in more detail below in social media are based on a balance of interests pursuant to Art. 6 para. 1 lit. f) GDPR.


A) Facebook

On the DB SCHENKER Group channel, we present our company on Facebook. If you visit our fan page, Facebook Ltd., 4 Grand Canal Square, Grand Canal Harbor, D2 Dublin, Ireland collects, stores and processes your personal information in accordance with its privacy policy. The privacy policy can be found here. 

In addition, processing of personal data by us takes place only to a very limited extent. 

For the purpose of the needs-oriented design and continuous optimization of our pages, we use the statistics service Facebook Insights. This service records your activity on our site and makes it available to us in anonymised statistics. This gives us insights amongst others on the activity of our fan page visitors, the clicks of our page, the range of posts, clicks and average duration of video playback, information from which countries and cities our visitors come from, as well as statistics on the gender relations of our visitors.

Conclusions on individual users and access to individual user profiles by the administrator are not possible.

More information about Facebook Insights can be found here.

Regarding the processing of Insights data, there is a shared responsibility between Facebook and us. Details are provided in the Joint Controller Addendum, which you can find here.

Facebook Ireland provides the essence of the page insights supplement to affected persons.
In addition, we store usernames and comments that are deleted for violating the netiquette. These will only be tracked if necessary for proof of legal disputes within the limitation period.
In addition, we do not store and process personal data about you, with the exception of an online competition. In an online competition, the winners will be publicly marked with their username and asked to contact each other within 14 days via email. The winners must send their name and address so that the prize can be sent. These data are processed by us exclusively for the purpose of processing the online competition. For the online competition the respective terms of conditions of participation apply. The e-mails with the addresses are always deleted after 30 days, as long as they are not needed beyond that for the winning notification.

B) Instagram

The most beautiful pictures from the media library are posted on the DB SCHENKER channel, showing users the work of the various business units. The focus is on ecology and sustainability, innovation and technology as well as strengthening the employer brand, with a focus on all business areas. Likewise cross-media contents are published.

If you visit our fan page, personal data will be stored and processed by Instagram, 4 Grand Canal Square, Grand Canal Harbor, D2 Dublin, Ireland as an Instagram provider in accordance with Instagram's Privacy Policy. The privacy policy can be found here.
In addition, processing of personal data by us takes place only to a very limited extent. 

For the purpose of the needs-oriented design and continuous optimization of our pages, we use the statistics service Instagram Insights. This service records your activity on our site and makes it available to us in anonymised statistics. This gives us insights about the interactions of our fan page visitors, the clicks of our page, the reach of posts, information about our followers' activity, as well as information from which countries and cities our visitors come from, as well as statistics on the gender relations of our visitors. Conclusions on individual users and access to individual user profiles by the administrator are not possible.

In addition, we store usernames and comments that are deleted for violating the netiquette. These will only be tracked if necessary for proof of legal disputes within the limitation period.
In addition, we do not store and process personal data about you, with the exception of an online competition and Fan posts. In an online competition, the winners will be publicly marked with their username and asked to contact each other within 14 days via E-Mail. The winners must send their name and address so that the prize can be sent. These data are processed by us exclusively for the purpose of processing the online competitions. For online competitions the respective terms of conditions of participation apply. The e-mails with the addresses are always deleted after 30 days, as long as they are not needed beyond that for the winning notification.

We ask users, after we have publicly and without obligation, asked for permission to repost their pictures on the Instagram channel DB SCHENKER. The declaration of consent will be saved by us as a screenshot and the image as a file with details of the user. The photos and consent form will be stored as long as the photo is posted on the channel or until the consent is revoked. The reposted photo is being stored on the Instagram server for technical reasons [Facebook Ltd., 4 Grand Canal Square, Grand Canal Harbor, D2 Dublin, Ireland]. A revocation is possible at any time (see below for details). In the case of cancellation, the image and the user's details are deleted immediately.

C) Twitter

The Twitter channel @DBSCHENKER is used for events, press and public relations on all topics of our company.
If you visit our Channel, which stores and processes Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, as the operator of Twitter personal information, to the extent described in the Privacy Policy. 

The privacy policy can be found here.

In addition, we do not store and process personally identifiable information about you. Just in case you send us a direct message, the user name will be saved.

In addition, we store usernames and comments that are deleted for violating the netiquette. These will only be tracked if necessary for proof of legal disputes within the limitation period.

3) Are data disclosed to third parties?

For the provision of our offer usually the involvement of instruction-dependent processors is required, such as data center operators, printing or shipping service providers or other parties. 
External service providers who process data for us on behalf of us are carefully selected by us and contractually strictly committed. The service providers work according to our instructions, which is ensured by strict contractual arrangements, by technical and organizational measures and by additional controls.
Moreover, your data will only be transmitted if you have given us an express consent or as a result of statutory provisions.
We point out that when processing through Facebook, Instagram and Twitter data of users may be processed outside the territory of the European Union. This may result in risks for the users because e.g. enforcement of user rights could be made more difficult. For details, please refer to the privacy policy of Facebook, Instagram and Twitter. With respect to US providers certified under the Privacy Shield, we point out that they are committed to upholding the EU's privacy standards.
We do not transfer data to third countries outside the EU / EEA or to an international organization unless there are adequate safeguards. These include the EU standard contractual clauses and an adequacy decision by the European Commission.

4) When will your data be deleted?

If we have collected personal data from you, we only store it for as long as it is necessary for the fulfillment of the purpose for which it was collected (eg in the context of a contractual relationship) or if this is provided for by law. Thus, we save your data in the framework of a contractual relationship at least until the complete termination of the contract. Subsequently, the data will be kept for the duration of the statutory retention period.

5) What rights do users have?

• You can request information about what data is stored about you.
• You may request rectification, deletion and limitation of the processing (blocking) of your personal data as long as this is legally permissible and possible within the framework of an existing contractual relationship
• You have the right to appeal to a supervisory authority. The supervisory authority responsible for the Schenker AG is: Landesbeauftragte für den Datenschutz Nordrhein-Westfalen Kavalleriestrasse 2-4, 402013 Duesseldorf 
• poststelle@ldi.nrw.de
• You have the right to transfer the data that you have provided us on the basis of a consent or a contract (data portability).
• If you have given us consent for data processing, you can revoke it at any time in the same way that you have granted it. The revocation of the consent does not affect the legality of the processing due to the consent until the revocation.
• You may object to the processing of data for reasons that arise from your particular situation, if the processing of data is based on our legitimate interests.
• You can contradict the advertising approach at any time with effect for the future (advertising contradiction).

To exercise your rights, send an email to: dataprotection@dbschenker.com

With regard to data processing on social networks, we recommend that you respond to requests such as : for information or other questions about user rights, to apply directly to the respective social network for a cancellation request, since only Facebook, Instagram, Twitter have full access to your user data. If you no longer wish to use the data processing described here in the future, by using the functions "I do not like this page anymore" and / or "Unsubscribe from this page" you can unblock your user profile from our site.

With regard to the processing of personal data via the service "Insights" offered by Facebook, Facebook has assumed the primary responsibility. This concerns the processing of Insights data and the implementation of the data subject rights. Therefore, please contact Facebook directly regarding all obligations under the GDPR with regard to the processing of Insights data. We will forward your inquiries to us on Facebook.

6) New functions, updating of the Privacy Policy

We adapt the privacy policy to changed functionalities or changed legal situations. Therefore, we recommend that you read the privacy policy at regular intervals. If your consent is required or parts of the privacy policy contain provisions of the contractual relationship with you, the changes will only be made with your consent.

Updated: 20.12.2018

This Privacy Policy regarding the processing of personal data of candidates (the "Privacy Policy") is addressed to candidates, covering aspects related to the processing of their personal data.
Your personal data is collected and processed by (the "Company") as a personal data controller, namely DB Schenker GBS Bucharest SRL, a Romanian company based in Bucharest , 2nd District, 5-7 Blvd. Dimitrie Pompeiu, as part of the Hermes Business Campus no. 1, floor 7, registered with the Trade Registry under no. J40/8270/2010, having Unique Identification Code RO27335130.
The security and confidentiality of your personal data are very important to us, the Company. As such, we will take all necessary measures to ensure the security and confidentiality of processed personal data and to process personal data in accordance with the applicable legal provisions and solely for the purposes specified below.

A) Personal data we process

For the purpose of concluding an individual employment agreement or any other contract that produces similar effects, and after their conclusion, during the course of employment relationships, we will collect the following personal data from you: 
a)    identification data included in the resume;
b)    contact details (e.g., name, phone number, email);
c)    data included in your resume (including education, professional experience, hobbies);
d)    data collected from professional networks (i.e. LinkedIn), where applicable; 
e)    data collected through our job application form available on our website (e.g., CV, first name, last name, email, phone number);
f)    behavioral profile following behavioral assessment during the selection phase; 
g)    full name, date of birth and place of birth for the purpose of verifying and identifying you on the Denied Parties List.
h)    other information you provide during interviews (if applicable).
Video recordings with you will also be collected through the video surveillance system of the company that owns the office building, installed in common access areas and parking areas. The images from these areas are collected and processed by the company that owns the office building, which is a controller in connection with this processing activity. For any queries regarding this processing activity, please contact them. Please be advised that there is no negative consequence on you, if you decide not to provide these personal data. However, your personal data are required for the recruitment process, in which case if you do not provide us with such data, we cannot continue the recruitment process.

B) How we collect personal data

We collect the personal data you provide to us voluntarily, when you submit your application, as well as subsequently, at the time of the interview and/or the assessment. Please be advised that you are free to decide whether or not to provide us with such personal data. However, it is not possible to carry out the recruitment process, in the absence of some data necessary for this process, data processed for the purpose of evaluating and concluding an employment agreement with the Company. We also collect the personal data necessary for recruitment and through the recruitment websites if you have applied to a job advert posted on such a website or we have found your resume on such a website. We also collect personal data through your applications at the job fairs we participate in and you sign up for.

Your personal data is collected from you either verbally, by written forms, phone conversations, email messages or through our job application form available on our website, or through the recruitment platforms used by the Company.
Also, your personal data can also be collected through the applications transmitted through the referral procedure that the Company's employees have at their disposal and can send your CV to the recruitment department. In this situation, following the opening of a certain position / job opportunity within the Company, you can send your CV to an employee of the Company, and the latter will send your CV to the responsible department with recruitment within the Company.

Also, if you are still a student, your data can be sent to us by the Students' Association of the Faculty of Foreign Languages and Literatures of the University of Bucharest (ASLS), and we will introduce them into our database. When you are included in our database, you will receive an email to that effect and your consent will be asked for the transmission of the Company's employment opportunities.

C) The purposes and legal bases of the processing

The collection of personal data is strictly limited to what is necessary for the purpose of carrying out activities related to the recruitment process (i.e. verifying the training and general compatibility within the Company and the desired job) and will be strictly limited to these purposes. Your personal data may also be used to perform adjacent activities if they are compatible with the above.

Activities related to the recruitment process may consist of:

• assessing the training and general compatibility with the Company and the desired job;
• your contacting with regard to your application, including for positions that become available later, and for whom we believe you have the appropriate professional profile;
• keeping a record of potential prior recruitment processes of our company in which you took part and of the reasons why you were not sent an offer or why our offer was denied;
• any other activities related to the good management of the recruitment process, if they are compatible with the things mentioned above.

Processing your data to verify your general training and compatibility with the Company is based on a prefiguration of the conclusion of a contract, and if your application is declined following the recruitment process, we retain your data based on our legitimate interest in being able to respond to any complaints or requests made in connection with the conduct of the recruitment process.

At the same time, based on your freely expressed consent, prior to conducting an interview with you, the Company processes personal data (e.g., full name, date of birth, place of birth) in order to verify and identify you on the Denied Parties List drawn up by the European competent authorities as a result of sanctions imposed by a government for engaging in acts of terrorism and illegal actions of certain persons, for the purpose of identifying candidates and potential employees who may represent a threat for the Company as well as to comply with the applicable European regulators and with internally rules imposed at group level, according to the internal policy “Sanction List Screening”, implemented within the Company through the special monitoring tool for this purpose - Sanction List Screening Tool. If your consent is not expressly given for such processing, the verification will no longer take place, but you must take into consideration that absence of your consent leads to the Company's objective impossibility to establish and conduct interviews with you.

If you are a student and your data has been passed on to us by ASLS, we will send you employment opportunities within the Company, based on your consent.
Also, your subsequent contact as a rejected candidate for information on other career opportunities within the Company and your invitation to another interview or assessment is based on our legitimate interest in appropriately managing the recruitment activities at the Company level. 

D) Retention period
Personal data will be stored for a limited period of 3 years, this period being determined by taking into account the moment of completion of the recruitment process and the Company's legitimate interest in retaining the data of unsuccessful candidates for the possible settlement of complaints or requests formulated. 

If you are a student and your data has been passed on to us by ASLS, your consent to the Company to be contacted in the future will be taken into account in order to inform you of new career opportunities within the Company, in which case we can contact you for a period of 3 years from the time of registration in our database and granting your consent. After this period, you will no longer be contacted for possible career opportunities, unless you have specifically requested otherwise.

Also, if you are not recruited for the job in question, there will be taken into account the legitimate interest of the Company in properly managing the recruitment activities, in contacting you in the future in order to bring to your attention other career opportunities within the Company, in which case we can contact you for a period of 1 year after completing the recruitment process. After this period, you will no longer be contacted for possible career opportunities, unless you have specifically requested otherwise.

The personal data collected and processed by the Company in order to carry out the verifications provided by the Company's "Sanction List Screening" procedure, will be stored for a determined period of time, more precisely between the moment of submitting the application for one of the available positions within the Company and until the moment of organizing the interview for employment. 
In any case, we will continue to process your personal data in cases where it is required by law or if we are otherwise entitled to continue processing. We shall also collect your personal data for an additional period in case that their immediate deletion would require the overwriting of our back-up and disaster recovery systems.

E) Third parties

Currently, the Company does not transfer your personal data to any individual or legal entity outside the Company, except as specified in this Privacy Policy. 
In any case, you will be informed of any future transfer of your personal data, unless such transfer or disclosure is expressly provided for by European Union law or national law, on the grounds of our obligations of compliance with the relevant legal provisions.

For personal data processing, we can use processors necessary to manage the business, such as our databases management provider (Deutsche Bahn AG) or our IT service maintenance provider (PC Alert S.R.L. and  SCHENKER Logistics Romania S.A.). Also, the data processors may use sub-processors to manage the databases in connection with the candidates applying for an open position within the Company (Avature Limited, Avature Spain SL, Avature S.R.L). Thus, the Company has concluded with these processors data processing agreements with appropriate clauses to ensure that such processors assume personal data processing obligations (including their erasure) in full compliance with the applicable laws, and provide an adequate level of protection for your personal data. Moreover, through the data processing agreements concluded, the data processors have the obligation to conclude with the sub-processors the same type of data processing agreements, by which there will be established for the sub-processors at least the same obligations that were imposed by the agreement signed between the Company and the processor.
Also, in case the coordinator (manager) / general manager of the department where the position for which you submitted your CV is opened is employed at the level of any group to which the Company belongs (i.e. DB Schenker and DB Group), he/ she will have access to your personal data, in order to continue the recruitment process.

Also, if applicable, we also transfer your data to the service provider that assesses the qualities of the right candidates for leadership positions. To that end, the provider, as a personal data controller, will perform an assessment of your qualities that will be passed on to us, and then we will decide on the continuation of the recruitment process.

There is also possible to transfer your personal data to the European competent authorities that issued the Sanction List and the Denied Parties List, as provided by the “Sanction List Screening” procedure, in the event that following the verifications performed by the Company, the search result related to you is partially or indefinite, so it cannot be determined exactly whether you are among the persons sanctioned for committing acts of terrorism or illegal actions, for the purpose of complying with the legal requirements and respecting the Company’s procedure, by requesting additional information from the competent authority that issued the Denied Parties List.

F) Security of personal data

The security, integrity and confidentiality of your personal data are very important to us. The company will take all organizational and technical measures deemed necessary in this respect. 
If we discover an incident about the security of personal data that poses a risk to your rights and freedoms, we will notify the National Supervisory Authority for Personal Data Processing ("ANSPDCP") within 72 hours. You will also be personally informed about the security incident if it is likely to pose a high risk to your rights and freedoms.

G) Your rights

If you have expressed your consent to the processing activities, you may withdraw this consent at any time with future effects. Such withdrawal will not affect the lawfulness of the processing performed prior to the withdrawal of the consent. As a general rule, in cases where you withdraw your consent, the Company will no longer allow the processing of your personal data and will take appropriate action to delete any records with your personal data. However, if the processing could be based on other legitimate grounds under the applicable legal provisions, the Company will proceed with that processing and inform you accordingly.

You have the following rights in connection with the processing of your personal data:
i.    Right of access to personal data. You have the right to request access to your personal data processed by the Company.
ii.    Right to rectification. You have the right to obtain the rectification of your incorrect, incomplete or outdated personal data. Depending on the purpose of the processing, you may complete incomplete personal data, including by means of an additional statement.
iii.    Right to erasure ("right to be forgotten"). You have the right to ask us to erase your personal data. Personal data whose retention is in accordance with the legal provisions cannot be erased.
iv.    Right to restriction of processing of personal data. In the circumstances provided by law, you may request the restriction of the processing of your personal data.
v.    Right to personal data portability. You may request the transmission to you, or to another data controller, of a copy of your personal data processed by the Company. 
vi.    Right to object. You may at any time, for reasons related to your particular situation, object the processing of your personal data by us and we may be requested not to process your personal data any further. If you have the right to object and you exercise it, we will no longer process your personal data for that purpose. Exercising this right does not entail any cost.

H) Exercise your rights

Should you have any questions related to the processing of your personal data or if you would like to submit a request, as well as to exercise any of your rights on the processing of personal data, you can contact us at ro.sm.cnd.HR-Operations@dbschenker.com   
Each request will be reviewed as soon as possible but no later than one month.

If you believe that we have not resolved all of your requests or you are dissatisfied with our responses, you may file a complaint against us with the ANSPDCP. The Supervisory Authority will inform you about the status of and solution to your complaint within a reasonable period of time. You may also refer to the competent courts of law.

You will be informed on any changes to the information contained in this Privacy Policy. No change to the Privacy Policy will affect your rights conferred by the law.

We adapt the privacy policy to changed functionalities. Therefore, we recommend that you read the privacy policy at regular intervals. If your consent is required or parts of the privacy policy contain provisions of the contractual relationship with you, the changes will only be made with your consent.