Language
Deutsch (Deutschland) English (United States)
View Profile Employee Login
HOME
OPEN POSITIONS
ABOUT US
GET TO KNOW US
Our StoryOur ValuesOur PeopleOur OfficesDiversity & InclusionSustainability
GROW WITH US
BE PART OF US!
Our Job AreasHow We HireStudents & GraduatesYour Benefits

PRIVACY POLICY

MYTHERESA (mytheresa.com GmbH) attaches great importance to the protection of your personal data and processes them on the MYTHERESA Career Site (hereinafter referred to as the “Careers Site”) at https://career.mytheresa.com exclusively in accordance with the principles described below and in compliance with the respectively applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR). MYTHERESA is pleased about your visit to our career page and you interest in our company. 

Your privacy and safety of personal data is very important for us and we want you to feel comfortable visiting our website. We process all personal data collected from visitors to our Website in accordance with data-protection regulations of the Federal Republic of Germany.

 

INFORMATION ABOUT THE DATA CONTROLLER

Name and contact details of the data controller

mytheresa.com GmbH

Einsteinring 9

85609 Aschheim/Munich

Germany

phone: +49 89 127695-0

fax: +49 89 127695-200

email: info@mytheresa.com

 

If you are applying for positions at other legal entities of MYTHERESA, you will find details of the person responsible for the recruitment process here.

Contact details of the data controller’s Data Protection Officer

Wolfgang Steger

privacy@mytheresa.com

Am neuen Weg 21

82041 Oberhaching

 

INFORMATION ABOUT THE RIGHTS OF DATA SUBJECTS

As a data subject you can exercise the following rights with respect to the processing of your personal data, provided that the relevant conditions are met:

  1. Right of access (Art. 15 GDPR)
  2. Right to rectification (Art. 16 GDPR)
  3. Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
  4. Right to restriction of processing (Art. 18 GDPR)
  5. Right to data portability (Art. 20 GDPR)
  6. Right to object (Art. 21 GDPR)
  7. Right to withdraw consent (Art. 7(3) GDPR) 
  8. Right to lodge a complaint with a supervisory authority (Art. 77(1) GDPR)

Under the conditions provided in Art. 21 No. 1 GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions. Under the conditions provided in Art. 21 No. 2 GDPR you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find detailed information regarding the legal basis of processing in Section C of this Privacy Policy.

You may contact our Data Protection Officer (Section A.II.) for the purpose of exercising your rights.

 

INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA

You can use our Careers Site for information purposes only, but you can also register on our recruiting platform to apply for vacancies in the Mytheresa Group and take advantage of additional services.

Informational use of the Recruiting Site

When the use of the website is purely informational, certain information, for example your IP address, is sent to our server for technical reasons by the browser used on your end device. We process this information in order to provide the website content requested by you. To ensure the security of the IT infrastructure used to provide the website, this information is also stored temporarily in what is referred to as a “web server log file”.

You receive more detailed information on this below:

Which data do we process and for which purposes?

We process protocol data that is generated when the website is accessed via the Hypertext Transfer Protocol (Secure) – HTTP(S) for technical reasons (“HTTP Data”). This includes, for example, IP address, type and version of your Internet browser, operating system used, the page called up, the page previously visited (referrer URL), date and time of the call.

These data originate from you as a user of the website. The provision of this data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not made available, we will not be able to provide the contents of the website that have been called up.

What is the legal basis for the processing of your data?

To provide the contents of the website called by the user, HTTP data is temporarily processed on our web server. The processing is based on a balancing of interests (Art. 6 para. 1 f) GDPR). Our legitimate interest is the provision of the website content accessed by the user. In order to ensure the security of the IT infrastructure used for the provision of the website, in particular to identify, eliminate and document malfunctions (e.g. DDoS attacks) in a way that can be proven, HTTP data are temporarily processed in web server log files. The processing is based on a balancing of interests (Art. 6 para. 1 f) GDPR). Our legitimate interest is to guarantee the security of the IT infrastructure used for the provision of the website, in particular for the identification, elimination and documentation of malfunctions.

To whom is your data passed on?

The data will be passed on to our (hosting) provider(s) as our contract processor(s) based in the EU.

How long do we store your data?

The log data is stored in server log files in a form that allows the identification of the persons concerned for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the case of a security-relevant event, server log files are stored until the security-relevant event has been removed and fully resolved.

Does automated decision making take place?

There is no automated decision making according to Art. 22 GDPR.

 

Registration on Recruiting Site

Which data do we process and for which purposes?

We process the data you provide for your application, which is usually master data (such as your first and last name), address and contact details as well as education, qualification and professional career data, and in special cases information on special data categories such as about an existing disability.

We process your data as part of the recruiting platform in order to find suitable applicants for open positions. To use our recruiting platform, you must create a candidate profile. You can use this to apply for specific positions and also activate the receipt of notifications of suitable open positions that match your search criteria (“Job Alert”). Once you have set up your candidate profile, you can also be assigned to corresponding talent pools according to the information and profile releases you have provided.

The provision of your data is not required by law or contract. However, if you wish to apply for a specific position via our Recruiting Site, the provision of your data is necessary so that MYTHERESA can decide on your application – and finally on your employment. The use of the functionalities aforementioned and hereinafter referred to (Job Alert, HR Marketing Information) is voluntary, but the provision of your data is required.

What is the legal basis for the processing of your data?

In the context of a specific application, we process your data in order to reach a decision on the establishment of an employment relationship. The legal basis for this is Art. 6 para. 1 b) GDPR or specific national law (e.g. Art. 88 GDPR in conjunction with § 26 para. 1 of the Federal Data Protection Act (BDSG)).

If you create a candidate profile on the recruiting website in order to set up a job alert or to activate HR marketing information or if you voluntarily provide us with further personal data, we will process your data in this context on the basis of the consent you have previously given. The legal basis for this consent is Art. 6 para. 1 a) GDPR or specific national law (e.g. Art. 88 GDPR in conjunction with § 26 para. 2 BDSG). You can revoke your consent at any time – with effect for the future. You can send the revocation to privacy@mytheresa.com or make the desired settings yourself in the candidate profile.

To whom is your data passed on?

Within MYTHERESA, access to your personal data is only granted to those departments which require it in order to make a decision on the establishment of an employment relationship or to process your e-recruiting candidate profile (e.g. HR, works council, departmental managers).

When you create your candidate profile, you can also activate the visibility of your profile for recruiters and department heads of all MYTHERESA Group companies in your country or for recruiters and department managers of all MYTHERESA Group companies. The visibility of your candidate profile can also be activated or restricted later in your account. If you agree to the release of your profile for recruiters of other MYTHERESA Group companies, this may also allow Group companies outside the EU (so-called third countries) to view your profile data. In such cases, MYTHERESA will ensure that these Group companies comply with an appropriate level of data protection. You can request further information on this at privacy@mytheresa.com. MYTHERESA also uses various IT service providers based within the EU/EEA to provide the cloud-based recruiting website and to perform other IT support and administrative tasks.

Your personal data is always protected from unauthorized access by the necessary security measures (encryption, physical security measures of the servers, etc.).

How long do we store your data?

In principle, you can change and delete your data yourself within your candidate profile on the recruiting website at any time or request the deletion of your profile by e-mail to privacy@mytheresa.com. However, we reserve the right to provide data for a specific application after a corresponding rejection for up to max. 6 months after receipt of the rejection from own evidence preservation interests. If you do not log in for a period of 6 months after completing your last application process, your data / candidate profile will be automatically deleted. Insofar as we process your data based on your consent, your data will be deleted irrespective of this within the statutory period after your consent has been withdrawn.

Does automated decision making take place?

There is no automated decision making according to Art. 22 GDPR.

 

Sign up for email on career topics

Within your candidate profile, you can also activate updates on career topics, which we will then send to you by e-mail (HR marketing information on the company, events, fairs, etc.)

Which data do we process and for which purposes?

In this case, we process contact data (email address, name, title), technical communication and usage data (such as date and time of registration or confirmation, IP address of the device used, date and time of deregistration, date and time of the newsletter call, IP address, type and version of your internet browser, operating system used) as well as analysis data (e.g. data on the use of the newsletter, in particular calls, frequency of calls and click behavior in the newsletters called up).

Your data is required to send the emails to you as a subscriber. We use the title and name to address you personally. Other data is used to analyze the usage behavior in our newsletter and for the purposes of personalization and needs-based design of the newsletter as well as to create anonymous reports for analysis and determination of the newsletter strategy.

What is the legal basis for the processing of your data?

The emails will be sent on the basis of your consent according to Art. 6 Para. 1 a) GDPR. Otherwise, the processing is based on a balance of interests according to Art. 6 para. 1 f) GDPR in favor of our legitimate interest, which consists in providing, evaluating and improving our career appearance and communication measures.

To whom is your data passed on?

The data will be passed on to our (hosting and email) providers as our processors based in the EU.

How long do we store your data?

We store this data as long as you have not unsubscribed from our newsletter. In exceptional cases, we also store this data insofar as and for as long as we are subject to legal retention or documentation requirements for this data or insofar as this is necessary for evidence purposes.

Does automated decision making take place?

There is no automated decision making according to Art-. 22 GDPR.

 

Cookies

General Information 

Your browser uses cookies. Cookies are small data packages that are stored by your browser on your end device. These technologies help to optimize the offers of the website, e.g. to recognize you when you visit the website again. Information on the processing of your personal data in connection with cookies can be found in our Cookie Policy. Personal data is any information that can lead to the identification of particular person. The execution of programs or the transmission of viruses to your computer is not possible. We and our service providers are using browser- and flash cookies and other common online tracking technologies, including small graphics called counting-pixels, pixel-tags, Web- Beacons or Clear GIFs in connection with the provision of our services to track the use of the online offer by our users. We generally refer to such other tracking technologies and cookies as “cookies”. Using the cookie banner, you can decide which types of cookies may be allowed to be used. We would also like to point out, that you can generally prohibit the use of cookies or delete cookies in your browser settings any time. For more detailed explanations of the specific procedure, please refer to the corresponding instructions of the providers. Insofar as you prohibit the use of cookies, functional impairments are possible. 

Types of cookies

MYTHERESA uses different types of cookies – specifically – strictly necessary Cookies, functional Cookies, Cookies for analytics purposes and Cookies for marketing purposes. More Information about these different types of cookies is provided below.

Inside our company, your personal data will only be provided to those departments and persons who need this data to comply with their contractual and legal obligations or to protect our legitimate interests. There is no automated individual decision- making according to Art. 22 GDPR.

MYTHERESA uses service providers in the EU, the USA, China and Singapore to provide certain services and transmits personal Data to them for this purpose.

Strictly necessary Cookies

Some functions of our website cannot be offered without the use of technically necessary cookies. For this purpose, we collect technical communication and usage Data in these cookies, such as the IP Address, technical Log-Information, Log-In Information and a specific cookie ID that allows us to identify you when you visit our Website again. 

Functional Cookies

Functional Cookies have the purpose of providing you with a better browsing experience. These cookies are not required, but they allow us to remember the choices you have made in the past, like what language you prefer, the country- and currency settings, as well as a specific Cookie – ID, that allows us to identify you when you visit our Website again. 

The provision of our personal data is not required to use the website. Please note that if you do not provide you data to the extent mentioned above, this may have a negative impact on the presentation and user comfort (Usability). 

Analytics Cookies

MYTHERESA uses several cookies for analytics/ statistical purposes. These cookies collect information about how you use a website and allow us to improve the offer. For this purpose, we collect technical communication and usage Data in these cookies, such as the IP Address, technical Log-Information, Log-In Information and a specific cookie ID that allows us to identify you when you visit our Website again. We also collect certain data in connection with your order.  The provision of our personal data is not required to use the website.

Marketing Cookies

MYTHERESA uses several cookies for marketing/tracking purposes, i.e. to deliver personalized advertising. This also includes the use of cookies from various social media providers, such as Facebook. For this purpose, we collect technical communication and usage Data in these cookies, such as the IP Address, technical Log-Information, Log-In Information and a specific cookie ID that allows us to identify you when you visit our Website again. We also collect certain data in connection with your order.  The provision of our personal data is not required to use the website.#

  1. Facebook Custom Audiences

(1) This website uses Facebook Custom Audiences with the pixel function (“Facebook Pixel”) and the server-side conversion API (“API”) of Facebook Ireland Ltd. (“Facebook”). This allows users of the website to see interest-based advertisements (“Facebook Ads”) when they visit the social network Facebook or other Facebook-related apps and websites. This allows us to show you advertisements that are of interest to you in order to make our website more interesting for you.

(2) Your browser automatically establishes a direct connection to the Facebook server through the Facebook Pixel included. Using the API, web events from your browser are transmitted directly to Facebook via a server connection. These events are used for the extended comparison of the integrated Facebook Pixel. The data transmitted through the Facebook Pixel and the API are used for results measurement, reporting and the optimization of ads. If you are registered with a Facebook service, Facebook can allocate the website visit to your account.

We have no influence on the scope and further use of the data collected by Facebook and therefore inform you according to our level of knowledge.

Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will discover and save your IP address and other identification features.

(3) The legal basis for the processing of personal data using marketing cookies is Article 6(1)(1)(a) GDPR.

(4) Using the Facebook pixel and the API, Facebook is able to identify the visitors of our online offer as a target group (called “Custom Audiences”) for the presentation of advertisements (called “Facebook Ads”). Accordingly, we use the Facebook Pixel and the API to display only the Facebook ads placed by us to Facebook users who have also shown an interest in our online offer or who have certain characteristics (such as interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (the “Custom Audiences”). Using the Facebook Pixel and the API, we would also like to ensure that our Facebook Ads correspond to the potential interest of the users and are not annoying. Using the Facebook Pixel and the API, we can also understand the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook advertisement and have interacted with our products (called “Conversion”). These purposes also fall within our justified interest in the sense of Art. 6(1)(1)(f) GDPR.

(5) In the event that Facebook passes on data to the USA, there are guarantees according to Art. 44ff DS-GVO through the conclusion of EU standard contractual clauses and, if necessary, supplementary measures.

(6) Third party information: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Board of directors: Gareth Lambe, Shane Crehan; Registered with the Companies Registration Office of the Republic of Ireland; Company number 462932.

Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy. You can find more information about Facebook Ads here: https://www.facebook.com/about/ads/

(7) You can object to the collection using the Facebook Pixel and the API and the use of your data to display Facebook Ads by using the opt-out mentioned below. To set which types of advertisements are shown to you within Facebook, you can call up the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu. The settings are platform-independent, that is, they are adopted for all devices such as desktop computers or mobile devices.

Note: If you use the opt-out, an “Opt-Out” cookie will be saved on your device. If you delete the cookies in this browser, you will have to make the selection again. Furthermore, the opt-out only applies within the browser you are using and only within our web domain on which the checkbox was cleared.

You can find a corresponding opt-out for the Facebook Pixel and the API here:

  1. Google Tracker

We use the following technology of Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, which is a part of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google“.

 

2.1 Google AdWords and Conversion Tracking

In order to attract attention to our services, we place Google Adwords adverts and use as part of this the Google conversion tracking for the purpose of providing personalised online advertising that takes into consideration interest and location. The option to anonymise the IP addresses is regulated at Google Tag Manager via an internal setting that is not visible in the source of this page. This internal setting is set so that the anonymisation of the IP address required by the Federal Data Protection Act is achieved

The adverts are displayed after search queries on websites of the Google Advertising Network. We have the ability to combine our adverts with certain search terms. We can use cookies to place adverts based on the previous visits of the user to our website.

A cookie is set by Google when an advert is clicked on the computer of the user. For more information on the cookie technology used, please consult the information provided by Google on Website Statistics and in the Data Protection Provisions.

With the aid of this technology Google and we as a customer receive information on when a user has clicked on an advert and which websites he or she was forwarded to. The information obtained by this is solely used for a statistical evaluation for advertising optimisation purposes. We receive no information with which visitors can be personally identified. The statistics made available to us by Google contain the total number of users that have clicked on our adverts, and, if applicable, whether they were forwarded to a webpage of our web content furnished with a conversion tag. We can use these statistics to track which search terms occur particularly frequently when our advert is clicked and which adverts lead the user to establishing contact via the contact form.

If you would not like this, you can prevent the storage of the cookies required for this technology, for example, via your browser settings. In this case your visit does not flow into the user statistics.

You can prevent your participation in this tracking process in a variety of ways:

  1. a) by a corresponding setting in your browser software, in particular the suppression of third-party cookies means that you receive no adverts from third-party providers;
  2. b) by disabling the cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked, https://www.google.de/settings/ads, this setting being deleted when you delete your cookies;
  3. c) by disabling the interest-related adverts of providers that are part of the self regulating campaign “About Ads” via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies;
  4. d) by permanent disabling in your browsers Firefox, Internetexplorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. We point out that in this case you may not be able to use all the functions of this content to its full extent.

 

Legal basis for the processing of personal data by the means of marketing cookies is Art. 6 paragraph 1 sentence 1 lit. a GDPR.

 

You can find more information concerning Google data protection here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

 

Alternatively, you can visit the website of the Network Advertising Initiative (NAI) on http://www.networkadvertising.org.

 

Nevertheless, we and Google continue to receive the statistical information regarding how many users visited the site and when they did this. If you would not like to be included in these statistics, you can prevent this with the aid of additional programs for your browser (for example with the Add-on Ghostery).

 

2.2 Google AdWords and Google Analytics Remarketing Lists for Search Ads (RLSA)

mytheresa.com uses Google AdWords and Google Analytics Remarketing Lists for Search Ads (RLSA). Users that visit mytheresa.com are collected via a Google tag and the behaviour is recorded. You appear on the list for a standard period of 30 days and for a maximum period of 540 days.

The information generated by the cookie about your use of the website like:

Browser type / version,

Operating system used,

Referrer-URL (the site visited previously),

Hostname of the calling computer (IP address),

Time of the server query

is as a rule transmitted to a Google server in the USA and stored there.

 

The recorded behaviour pattern such as, for example, the dwell time on the site, concluded or aborted shopping cart operations, direct abort of the visit (bounce) can be used to adapt the advertising to the Google search results page.

For those exceptional cases in which personal data is transferred to the USA, guarantees pursuant to Art. 44 et seq. of the GDPR exist through the conclusion of EU standard contractual clauses and, if necessary, supplementary measures.

Legal basis for the processing of personal data by the means of marketing cookies is Art. 6 paragraph 1 sentence 1 lit. a GDPR.

If you want to object to the use of the data, please click here.

 

  1. LinkedIn Insights Tag

For the analysis and optimization of our online offer and for the demand-oriented use of our LinkedIn campaigns, the so-called LinkedIn Insights Tag (Custom Code Snippet) of LinkedIn Inc. (LinkedIn Ireland Unlimited Company, Wilton Plaza

Wilton Place, Dublin 2, Ireland), is integrated into our website. The legal basis for the processing is Article 6(1)(a) DSGVO. The LinkedIn Insight Tag creates a unique LinkedIn browser cookie in a visitor’s browser and enables the collection of the following data for this cookie: metadata such as IP address, timestamp and page events (such as page views). The use of this cookie is subject to your prior consent to its use. Through LinkedIn’s conversion tracking and website demographic features, Mytheresa can track what happens after a LinkedIn user clicks on our ad. This is done using analytics methods and systems provided by LinkedIn that allow us to send data about people’s actions on our websites or mobile applications to LinkedIn and its affiliates.

We may transfer your data to the United States. The European Court of Justice has determined that the U.S. does not provide an adequate level of data protection (comparable to that of the EU). Therefore, there is a risk that U.S. authorities may access your personal data and that your legal protection may be limited or excluded.

 

Mytheresa does not receive any personal data from LinkedIn, but only aggregated, fully anonymized information about our customers and users. Mytheresa does not provide LinkedIn with any personal data from our central operational IT systems

For more information on the purpose, scope and further processing and use of the data by LinkedIn, as well as your rights in this regard and options for protecting your privacy, please refer to LinkedIn’s data protection information: https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences?lang=en

You can object to the collection of data via the LinkedIn Insight Tag and the use of your information to display LinkedIn ads via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

If you are a registered LinkedIn member, you can change your advertising preferences via the following link: https://www.linkedin.com/mypreferences/d/categories/ads

The settings are platform agnostic, meaning they will be applied to all devices, such as desktop, computer, or mobile devices. Note: If you use the opt-out function, an opt-out cookie will be stored on your device. If you delete the cookies in this browser, you will have to make the selection again. In addition, the objection will only apply in the browser you are using and only in our web domain where the checkbox has been deactivated.

First-party cookies, i.e. li_fat_id, are stored for up to 30 days.

Third-party cookies, i.e. lang, li_gc, lidc, bcookie, AnalyticsSyncHistory, UserMatchHistory, are stored by a session for up to 365 days.

EFFECTIVE DATE AND AMENDMENT OF THIS DATA POLICY

This privacy policy is effective immediately.

Due to technical developments and/or changes in legal or regulatory requirements, it may be necessary to amend this Privacy Policy. The current data protection information can be retrieved.at any time at https://career.mytheresa.com.