APPLICANTS PRIVACY NOTICE
October 2021
Sephora Germany GmbH, with registered seat in 40212 Düsseldorf, Königsallee 1, (hereinafter "Sephora", "we" or "our"), as Controller in the sense of Art. 4 para. 7 GDPR for the processing of the personal data, attaches great importance to the protection of personal data relating to its applicants (hereinafter "you").
Sephora respects your concerns relating to the protection of your privacy and your personal data. This Applicants Fact Sheet (hereinafter referred to as the “Fact Sheet”) describes how we use information about you collected when you apply to join Sephora.
This Applicants Fact Sheet contains information regarding the nature and the use we make of your personal data, as well as your rights relating to this use.
This Fact Sheet is therefore an important resource for you, helping to ensure that you have a positive and confident experience of Sephora’s handling of your personal data and enabling us to provide accurate and complete answers to any questions you may have and to take account of your wishes in this area.
In order to ensure protection of your personal data - and that of our clients -, Sephora has designated a Data Protection Officer (hereinafter "DPO") who may be contacted at the following addresses: Sephora Germany GmbH, z.Hd. Datenschutzbeauftragter, Königsallee 1, 40212 Düsseldorf and dpo@sephora.de.
Modification of the Fact Sheet
We may occasionally modify the terms of this Fact Sheet. In such an event, we shall notify you of this by changing the date indicated at the beginning of this document, which is permanently available for consultation through your applicant space (We are Sephora website). We would encourage you to consult the Fact Sheet on a regular basis, in order to keep abreast of the procedures implemented by Sephora for processing your personal data, as well as the methods by which you can send us inquiries regarding our use of the data.
Why and on what legal basis do we process your personal data?
Sephora collects and processes your personal data for the following purposes and on the following legal bases:
(i) management of your application for employment; We process your personal data for this particular purpose because that processing is necessary in order to take steps at your request prior to entering into a contract: legal basis is Art. 6 para. 1 lit. b GDPR in conjunction with § 26 BDSG.
(ii) management of the job offers for which you may be suited, and specifically the inclusion in our talent pool; The processing of your personal data for this purpose is based on your consent as resulting from the sharing options you have notified us with or from your declaration of acceptance regarding the talent pool; legal basis is Art. 6 para. 1 lit. a GDPR in conjunction with § 26 BDSG. Please note also number 8 below.
(iii) compilation of statistics regarding Sephora employment opportunities ; The processing of your personal data for this purpose is necessary for the protection of our legitimate interest to continuously improve our recruitment practices; legal basis is Art. 6 para. 1 lit. f GDPR.
(iv) Sephora may also process your personal information to the extent necessary for the protection of our legitimate interest of being able to defend ourselves in case of a dispute (Art. 6 para. 1 lit. f GDPR) and to comply with our legal obligations (Art. 6 para. 1 lit. c GDPR).
What type of personal data do we process?
We only process data that is strictly necessary for the purposes described in number 2 (principle of data minimization).
We collect your personal data when you send us your curriculum vitae and documents belonging to your application (e.g. cover letter, certificates, references etc.) online and more generally throughout the Sephora recruitment process (e.g., orally or in correspondence).
For your information there follows a list of the categories of your personal data that we may process, depending on the purposes to be achieved by this processing:
data relating to your civil status and identity, such as surname and first name;
data relating to your educational and professional background, such as : training, professional experience, references, distinctions, certifications ;
Contact details, such as address, e-mail-address, telephone number;
Data relating to your application (such as referral source and candidature status) and your career expectations;
Results of any assessments and/or occupational testing;
Information about your entitlement to work in the EU or in the country where you applied;
Publicly available information of your profile on professional social media channels (such as LinkedIn and XING); and
data enabling connection to recruitment platform (such as user ID and connexion data).
The information that we require in order to process your application are marked with an asterisk on the forms presented to you. If you do not complete the fields marked as mandatory, we are unable to process your application. If Sephora has been unable to identify the information required in order to process your application, Sephora reserves the right to re-contact you in order to collect the missing necessary information.
As a rule, we do not require special categories of personal data within the meaning of Art. 9 GDPR. We ask you not to send us such information a priori. If by exception such information is relevant to the application process, we will process it together with your other personal data. For example, this may relate to information about a severe disability which you may provide us voluntarily with and which we must then process in order to fulfil our special obligations with regard to severely disabled persons. The legal basis for the processing is then Art. 9 para. 2 lit. b GDPR in conjunction with §§ 26 BDSG, 164 SGB IX.
Who can access your personal data?
Your personal data is only accessible to authorised personnel to the extent needed in order to carry out their respective duties.
More specifically:
Within our company :
Employees in Sephora’s HR department ;
Employees in Sephora’s recruitment department;
Employees of the department that recruits and other staff authorized to take decisions on recruitment.
Sephora’s IT department;
Outside our company :
The relevant HR departments of the entities of the Groupe Sephora subsidiaries and / or of Groupe LVMH responsible for international careers and talent management ;
IT-departments of Sephora-group;
Service providers working for Sephora and involved in achieving all or some of the purposes set out in number 2.
In particular, we rely on third party processors to provide you our recruitment platform and job application. These are only allowed to process your personal data on our behalf and upon our explicit written instruction.
In addition, for purposes connected to maintenance of the IT systems, your personal data may be accessible to IT services employees (of Sephora or Sephora group) or to the employees of external providers of certain IT services. These employees shall only be able to access your data in order to carry out security and maintenance activities on the IT systems. They shall carry out their duties in accordance with Sephora’s instructions and in total compliance with the legislation on personal data.
Where are your personal data stored and processed?
We process your personal data first and foremost within the European Economic Area (EEA).
As Sephora is part of an international group, in order to process your personal data for the purposes outlined in number 2 above, your personal data may be transferred to organizations within the Sephora-group (parent company in France and subsidiaries worldwide) or the LVMH-group (parent company in France and subsidiaries worldwide) and to external service providers helping Sephora entities in dealing with recruitment which may be located worldwide. This applies specifically regarding entities of the Sephora- or LVMH-group in the following countries: Monaco, Turkey, Serbia, Switzerland, Russia, Kuwait, Saudi Arabia, United Arab Emirates, Qatar, Bahrain, China, Singapore, Hong Kong, Thailand, Malaysia, Indonesia, New Zealand, Australia, India, Philippines, Brazil, Canada and the United States of America. Given the fact that some of these countries do not ensure an adequate level of protection of personal data as in the European Union, Sephora shall in accordance with applicable regulations, ensure the protection of your personal data. Such safeguards will be the consequence of:
The country of the recipient having legislation in place which is considered equivalent to the protection offered within the European Union;
Binding Corporate Rules (or "BCR") applicable in each of LVMH Group subsidiaries (including the Sephora-group) ; and
Contractual arrangements with our external service providers, through the implementation of standard contractual clauses published by the European Commission.
Copies of these documents may be obtained by sending an email to the following address: DPO@sephora.de.
How long do we store your personal data?
If your application is successful, your personal data is transferred to your personal file and our privacy statement for employees applies. Otherwise, Sephora keeps your data for a maximum period of six months after the last activity in your profile (e.g., update of your profile, job suggestion from us) or six months after a rejection in case of an unsuccessful application. Further, we keep your personal data for two years following your possible acceptance to our talent pool.
At the end of these periods, your personal data is deleted. However, please note that longer retention periods can apply in particular due to number 2 para. (iv) of this Fact Sheet.
Your rights
You have the right of access to your personal data (Art. 15 GDPR), and, if necessary, to rectify it (Art. 16 GDPR). You have the right to erasure (Art. 17 DSGVO).
You can exercise your right to object to the processing of your personal data (Art. 21 GDPR) or to request a restriction on the processing of your personal data (Art. 18 GDPR).
You are also entitled to request a copy of your personal data in a format that is structured, commonly used and machine-readable (Art. 20 GDPR).
We would invite you to exercise these rights by writing to karriere@sephora.de or by contacting the local DPO at this address: Sephora Germany GmbH, z.Hd. Datenschutzbeauftragter, Königsallee 1, 40212 Düsseldorf or dpo@sephora.de.
Finally, you have the right to lodge a complaint with the competent data protection authority (Art. 77 GDPR) and the right of an effective judicial remedy (Art. 79 GDPR). You can reach the data protection authority competent for us under the following contact data:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen,
Postfach 20 04 44, 40102 Düsseldorf
Kavalleriestr. 2-4, 40213 Düsseldorf
Telefon: 0211/38424-0; Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de.
We would however suggest that you first send us any claims via the local DPR/DPO, so that we can deal with your questions and work together to find solutions that will resolve any issues you may have.
Regarding a given consent
If you have given us your consent to process your personal data in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, we hereby inform you that you can withdraw this consent at any time. Please contact karriere@sephora.de for this purpose. Please note that the withdrawal will only have effect for the future and has no influence on the legality of processing in the past. In some cases, despite your withdrawal, we are also entitled to process your personal data on another legal basis, for example Art. 6 para. 1 lit. f DSGVO to defend us against claims.
