PRIVACY POLICY

MYTHERESA (mytheresa.com GmbH) attaches great importance to the protection of your personal data and processes them on the MYTHERESA Career Site (hereinafter referred to as the “Careers Site”) at https://career.mytheresa.com exclusively in accordance with the principles described below and in compliance with the respectively applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR). MYTHERESA is pleased about your visit to our career page and you interest in our company. 

Your privacy and safety of personal data is very important for us and we want you to feel comfortable visiting our website. We process all personal data collected from visitors to our Website in accordance with data-protection regulations of the Federal Republic of Germany.

 

INFORMATION ABOUT THE DATA CONTROLLER

Name and contact details of the data controller

mytheresa.com GmbH

Einsteinring 9

85609 Aschheim/Munich

Germany

phone: +49 89 127695-0

fax: +49 89 127695-200

email: info@mytheresa.com

 

If you are applying for positions at other legal entities of MYTHERESA, you will find details of the person responsible for the recruitment process here.

Contact details of the data controller’s Data Protection Officer

Wolfgang Steger

privacy@mytheresa.com

Am neuen Weg 21

82041 Oberhaching

 

INFORMATION ABOUT THE RIGHTS OF DATA SUBJECTS

As a data subject you can exercise the following rights with respect to the processing of your personal data, provided that the relevant conditions are met:

  1. Right of access (Art. 15 GDPR)
  2. Right to rectification (Art. 16 GDPR)
  3. Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
  4. Right to restriction of processing (Art. 18 GDPR)
  5. Right to data portability (Art. 20 GDPR)
  6. Right to object (Art. 21 GDPR)
  7. Right to withdraw consent (Art. 7(3) GDPR) 
  8. Right to lodge a complaint with a supervisory authority (Art. 77(1) GDPR)

Under the conditions provided in Art. 21 No. 1 GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions. Under the conditions provided in Art. 21 No. 2 GDPR you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find detailed information regarding the legal basis of processing in Section C of this Privacy Policy.

You may contact our Data Protection Officer (Section A.II.) for the purpose of exercising your rights.

 

INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA

You can use our Careers Site for information purposes only, but you can also register on our recruiting platform to apply for vacancies in the Mytheresa Group and take advantage of additional services.

Informational use of the Recruiting Site

When the use of the website is purely informational, certain information, for example your IP address, is sent to our server for technical reasons by the browser used on your end device. We process this information in order to provide the website content requested by you. To ensure the security of the IT infrastructure used to provide the website, this information is also stored temporarily in what is referred to as a “web server log file”.

You receive more detailed information on this below:

Which data do we process and for which purposes?

We process protocol data that is generated when the website is accessed via the Hypertext Transfer Protocol (Secure) – HTTP(S) for technical reasons (“HTTP Data”). This includes, for example, IP address, type and version of your Internet browser, operating system used, the page called up, the page previously visited (referrer URL), date and time of the call.

These data originate from you as a user of the website. The provision of this data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not made available, we will not be able to provide the contents of the website that have been called up.

What is the legal basis for the processing of your data?

To provide the contents of the website called by the user, HTTP data is temporarily processed on our web server. The processing is based on a balancing of interests (Art. 6 para. 1 f) GDPR). Our legitimate interest is the provision of the website content accessed by the user. In order to ensure the security of the IT infrastructure used for the provision of the website, in particular to identify, eliminate and document malfunctions (e.g. DDoS attacks) in a way that can be proven, HTTP data are temporarily processed in web server log files. The processing is based on a balancing of interests (Art. 6 para. 1 f) GDPR). Our legitimate interest is to guarantee the security of the IT infrastructure used for the provision of the website, in particular for the identification, elimination and documentation of malfunctions.

To whom is your data passed on?

The data will be passed on to our (hosting) provider(s) as our contract processor(s) based in the EU.

How long do we store your data?

The log data is stored in server log files in a form that allows the identification of the persons concerned for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the case of a security-relevant event, server log files are stored until the security-relevant event has been removed and fully resolved.

Does automated decision making take place?

There is no automated decision making according to Art. 22 GDPR.

 

Registration on Recruiting Site

Which data do we process and for which purposes?

We process the data you provide for your application, which is usually master data (such as your first and last name), address and contact details as well as education, qualification and professional career data, and in special cases information on special data categories such as about an existing disability.

We process your data as part of the recruiting platform in order to find suitable applicants for open positions. To use our recruiting platform, you must create a candidate profile. You can use this to apply for specific positions and also activate the receipt of notifications of suitable open positions that match your search criteria (“Job Alert”). Once you have set up your candidate profile, you can also be assigned to corresponding talent pools according to the information and profile releases you have provided.

The provision of your data is not required by law or contract. However, if you wish to apply for a specific position via our Recruiting Site, the provision of your data is necessary so that MYTHERESA can decide on your application – and finally on your employment. The use of the functionalities aforementioned and hereinafter referred to (Job Alert, HR Marketing Information) is voluntary, but the provision of your data is required.

What is the legal basis for the processing of your data?

In the context of a specific application, we process your data in order to reach a decision on the establishment of an employment relationship. The legal basis for this is Art. 6 para. 1 b) GDPR or specific national law (e.g. Art. 88 GDPR in conjunction with § 26 para. 1 of the Federal Data Protection Act (BDSG)).

If you create a candidate profile on the recruiting website in order to set up a job alert or to activate HR marketing information or if you voluntarily provide us with further personal data, we will process your data in this context on the basis of the consent you have previously given. The legal basis for this consent is Art. 6 para. 1 a) GDPR or specific national law (e.g. Art. 88 GDPR in conjunction with § 26 para. 2 BDSG). You can revoke your consent at any time – with effect for the future. You can send the revocation to privacy@mytheresa.com or make the desired settings yourself in the candidate profile.

To whom is your data passed on?

Within MYTHERESA, access to your personal data is only granted to those departments which require it in order to make a decision on the establishment of an employment relationship or to process your e-recruiting candidate profile (e.g. HR, works council, departmental managers).

When you create your candidate profile, you can also activate the visibility of your profile for recruiters and department heads of all MYTHERESA Group companies in your country or for recruiters and department managers of all MYTHERESA Group companies. The visibility of your candidate profile can also be activated or restricted later in your account. If you agree to the release of your profile for recruiters of other MYTHERESA Group companies, this may also allow Group companies outside the EU (so-called third countries) to view your profile data. In such cases, MYTHERESA will ensure that these Group companies comply with an appropriate level of data protection. You can request further information on this at privacy@mytheresa.com. MYTHERESA also uses various IT service providers based within the EU/EEA to provide the cloud-based recruiting website and to perform other IT support and administrative tasks.

Your personal data is always protected from unauthorized access by the necessary security measures (encryption, physical security measures of the servers, etc.).

How long do we store your data?

In principle, you can change and delete your data yourself within your candidate profile on the recruiting website at any time or request the deletion of your profile by e-mail to privacy@mytheresa.com. However, we reserve the right to provide data for a specific application after a corresponding rejection for up to max. 6 months after receipt of the rejection from own evidence preservation interests. If you do not log in for a period of 6 months after completing your last application process, your data / candidate profile will be automatically deleted. Insofar as we process your data based on your consent, your data will be deleted irrespective of this within the statutory period after your consent has been withdrawn.

Does automated decision making take place?

There is no automated decision making according to Art. 22 GDPR.

 

Sign up for email on career topics

Within your candidate profile, you can also activate updates on career topics, which we will then send to you by e-mail (HR marketing information on the company, events, fairs, etc.)

Which data do we process and for which purposes?

In this case, we process contact data (email address, name, title), technical communication and usage data (such as date and time of registration or confirmation, IP address of the device used, date and time of deregistration, date and time of the newsletter call, IP address, type and version of your internet browser, operating system used) as well as analysis data (e.g. data on the use of the newsletter, in particular calls, frequency of calls and click behavior in the newsletters called up).

Your data is required to send the emails to you as a subscriber. We use the title and name to address you personally. Other data is used to analyze the usage behavior in our newsletter and for the purposes of personalization and needs-based design of the newsletter as well as to create anonymous reports for analysis and determination of the newsletter strategy.

What is the legal basis for the processing of your data?

The emails will be sent on the basis of your consent according to Art. 6 Para. 1 a) GDPR. Otherwise, the processing is based on a balance of interests according to Art. 6 para. 1 f) GDPR in favor of our legitimate interest, which consists in providing, evaluating and improving our career appearance and communication measures.

To whom is your data passed on?

The data will be passed on to our (hosting and email) providers as our processors based in the EU.

How long do we store your data?

We store this data as long as you have not unsubscribed from our newsletter. In exceptional cases, we also store this data insofar as and for as long as we are subject to legal retention or documentation requirements for this data or insofar as this is necessary for evidence purposes.

Does automated decision making take place?

There is no automated decision making according to Art-. 22 GDPR.

 

Cookies

General Information 

Your browser uses cookies. Cookies are small data packages that are stored by your browser on your end device. These technologies help to optimize the offers of the website, e.g. to recognize you when you visit the website again. Information on the processing of your personal data in connection with cookies can be found in our Cookie Policy. Personal data is any information that can lead to the identification of particular person. The execution of programs or the transmission of viruses to your computer is not possible. We and our service providers are using browser- and flash cookies and other common online tracking technologies, including small graphics called counting-pixels, pixel-tags, Web- Beacons or Clear GIFs in connection with the provision of our services to track the use of the online offer by our users. We generally refer to such other tracking technologies and cookies as “cookies”. Using the cookie banner, you can decide which types of cookies may be allowed to be used. We would also like to point out, that you can generally prohibit the use of cookies or delete cookies in your browser settings any time. For more detailed explanations of the specific procedure, please refer to the corresponding instructions of the providers. Insofar as you prohibit the use of cookies, functional impairments are possible. 

Types of cookies

MYTHERESA uses different types of cookies – specifically – strictly necessary Cookies, functional Cookies, Cookies for analytics purposes and Cookies for marketing purposes. More Information about these different types of cookies is provided below.

Inside our company, your personal data will only be provided to those departments and persons who need this data to comply with their contractual and legal obligations or to protect our legitimate interests. There is no automated individual decision- making according to Art. 22 GDPR.

MYTHERESA uses service providers in the EU, the USA, China and Singapore to provide certain services and transmits personal Data to them for this purpose.

Strictly necessary Cookies

Some functions of our website cannot be offered without the use of technically necessary cookies. For this purpose, we collect technical communication and usage Data in these cookies, such as the IP Address, technical Log-Information, Log-In Information and a specific cookie ID that allows us to identify you when you visit our Website again. 

Functional Cookies

Functional Cookies have the purpose of providing you with a better browsing experience. These cookies are not required, but they allow us to remember the choices you have made in the past, like what language you prefer, the country- and currency settings, as well as a specific Cookie – ID, that allows us to identify you when you visit our Website again. 

The provision of our personal data is not required to use the website. Please note that if you do not provide you data to the extent mentioned above, this may have a negative impact on the presentation and user comfort (Usability). 

Analytics Cookies

MYTHERESA uses several cookies for analytics/ statistical purposes. These cookies collect information about how you use a website and allow us to improve the offer. For this purpose, we collect technical communication and usage Data in these cookies, such as the IP Address, technical Log-Information, Log-In Information and a specific cookie ID that allows us to identify you when you visit our Website again. We also collect certain data in connection with your order.  The provision of our personal data is not required to use the website.

Marketing Cookies

MYTHERESA uses several cookies for marketing/tracking purposes, i.e. to deliver personalized advertising. This also includes the use of cookies from various social media providers, such as Facebook. For this purpose, we collect technical communication and usage Data in these cookies, such as the IP Address, technical Log-Information, Log-In Information and a specific cookie ID that allows us to identify you when you visit our Website again. We also collect certain data in connection with your order.  The provision of our personal data is not required to use the website.#

 

EFFECTIVE DATE AND AMENDMENT OF THIS DATA POLICY

This privacy policy is effective immediately.

Due to technical developments and/or changes in legal or regulatory requirements, it may be necessary to amend this Privacy Policy. The current data protection information can be retrieved.at any time at https://career.mytheresa.com.