Privacy Policy Recruiting

HUGO BOSS attaches great importance to the protection of your personal data and processes them on the HUGO BOSS Career Site (hereinafter referred to as the "Recruiting Site") at https://careers.hugoboss.com exclusively in accordance with the principles described below and in compliance with the respectively applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR). Insofar as other legal standards – in particular legal standards of other countries – would apply, these shall be deemed to apply accordingly.
In general, this data protection information also applies to the internal career site (hereinafter "EX") that can be accessed by HUGO BOSS employees. Deviations apply in some cases; these are marked accordingly. Some functions are not available in EX.

A. INFORMATION ABOUT THE DATA CONTROLLER

B. Information about your rights as a data subject

Under the conditions provided in Art. 21 No. 1 GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions. Under the conditions provided in Art. 21 No. 2 GDPR you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

C. Information about the processing of personal data

You can use our Recruiting Site for information purposes only, but you can also register on our recruiting platform to apply for vacancies in the HUGO BOSS Group and take advantage of additional services or to leave your data for the purposes described below (see II.).

 I. Informational use of the Recruiting Site

When the use of the website is purely informational, certain information, for example your IP address, is sent to our server for technical reasons by the browser used on your end device. We process this information in order to provide the website content requested by you. To ensure the security of the IT infrastructure used to provide the website, this information is also stored temporarily in what is referred to as a “web server log file”.
You receive more detailed information on this below:

1. Which data do we process and for which purposes?

We process protocol data that is generated when the website is accessed via the Hypertext Transfer Protocol (Secure) - HTTP(S) for technical reasons ("HTTP Data"). This includes, for example, IP address, type and version of your Internet browser, operating system used, the page called up, the page previously visited (referrer URL), date and time of the call. These data originate from you as a user of the website. The provision of this data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not made available, we will not be able to provide the contents of the website that have been called up.

2. What is the legal basis for the processing of your data?

To provide the contents of the website called by the user, HTTP data is temporarily processed on our web server. The processing is based on a balancing of interests (Art. 6 (1) (f) GDPR). Our legitimate interest is the provision of the website content accessed by the user.
In order to ensure the security of the IT infrastructure used for the provision of the website, in particular to identify, eliminate and document malfunctions (e.g. DDoS attacks) in a way that can be proven, HTTP data are temporarily processed in web server log files. The processing is based on a balancing of interests (Art. 6 (1) (f) GDPR). Our legitimate interest is to guarantee the security of the IT infrastructure used for the provision of the website, in particular for the identification, elimination and documentation of malfunctions. ​​​​​

3. To whom is your data passed on?

The data will regularly be passed on to our (hosting) provider(s) as our contract processor(s) based in the EU/ in the EEA as well as in third countries. In the case of service providers in third countries, the legal requirements for legally compliant data processing are available in the form of standard contractual clauses and additional measures. ​​​​​​

4. How long do we store your data?

The log data is stored in server log files in a form that allows the identification of the persons concerned for a maximum period of a couple of days, unless a security-relevant event occurs (e.g. a DDoS attack). In the case of a security-relevant event, server log files are stored until the security-relevant event has been removed and fully resolved.​​​​​

5. Does automated decision making take place?

There is no automated decision making.

II. Further use of the Recruiting Site, in particular for the purpose of applying for or finding a job
1. Which data do we process and for which purposes?

We process the data you provide for your application or your interest in working for our company, which is usually master data (such as your first and last name and birth date), address and contact details as well as education, qualification and professional career data, and in special cases information on special data categories such as about an existing disability or criminal records.
To use our recruiting platform, you can create a candidate profile. Here you can apply for specific jobs and also activate the receipt of notifications about suitable open positions that match your search criteria ("Job Alert"). You can also upload your CV and have it analysed or have questions answered, for example, as part of POD - Personalisation on demand or via our chatbot. You can also register for our Talent Community to be informed about suitable job offers and to receive HR marketing information. We can also assign you to appropriate talent pools based on the information you provide and the profile you share.
Registration for the candidate profile takes place via the registration form or the POD - Personalisation on demand. Within the scope of using our chatbot, you can decide whether you want to create a profile.... If you do not, your data will not be used any further when you stop using the chatbot.
You can register on the platform using your profile data from social networks such as LinkedIn, Facebook or Google. In this case, you agree that the data from these networks may be copied and pasted into our recruiting platform accordingly. In addition to the master data, additional data, such as your current employer and your post, may be transferred from the profile in the desired source. This data is generally not required for the creation of your applicant profile, but may nevertheless be transferred depending on the settings of your profile or other settings of these databases. In these cases, the data controller is not HUGO BOSS, but usually the operator of the respective database.
The provision of your data is neither legally nor contractually required. However, if you would like to apply for a specific position via our recruiting website, the provision of your data is necessary so that HUGO BOSS can decide on your application - and thus ultimately on your hiring. The use of the functionalities mentioned above or below (job alert, POD, chatbot, HR marketing information, talent community) is generally voluntary, but the provision of your data is necessary for the use of these functionalities.


2. What is the legal basis for the processing of your data?

IIn the context of a specific application, we process your data in order to reach a decision on the establishment of an employment relationship. The legal basis for this is Art. 6 (1) (b) GDPR or specific national law (e.g. Art. 88 GDPR in conjunction with § 26 para. 1 of the Federal Data Protection Act (BDSG)).
If you create a candidate profile on the recruiting website in order to set up a job alert or to activate HR marketing information or if you voluntarily provide us with further personal data, we will process your data in this context on the basis of the consent you have previously given. The legal basis for this consent is Art. 6 (1) (a) GDPR or specific national law (e.g. Art. 88 GDPR in conjunction with § 26 para. 2 BDSG). You can revoke your consent at any time - with effect for the future. You can send the revocation to privacy@hugoboss.com or make the desired settings yourself in the candidate profile.


3. To whom is your data passed on?

Within HUGO BOSS, access to your personal data is granted to those departments which require it in order to make a decision on the establishment of an employment relationship or to process your e-recruiting candidate profile (e.g. HR, works council, departmental managers).
When creating your candidate profile, you explicitly agree to your profile also being made available to recruiters from other HUGO BOSS Group companies. This means that group companies outside the EU (so-called third countries) may also view the data in your profile. If the General Data Protection Regulation (GDPR) applies, you also expressly consent to the transfer of your data to third countries in accordance with Art. 49 (1) 1 (a) GDPR. These third countries may not have a level of data protection comparable to that of the EU. Therefore, there may be a risk that your data may be collected and processed by local authorities and that your data subject rights may not be enforced. You can revoke your consent at any time with future effect by deleting your candidate profile. For more information, please contact privacy@hugoboss.com.
Recruiters from other subsidiaries may access data on applicants and interested persons in order to inform you about suitable positions or interesting news.
HUGO BOSS also uses various IT service providers based within the EU/EEA or third countries to provide the cloud-based recruiting website and to perform other IT support and administrative tasks. In the case of service providers in third countries, the legal requirements for legally compliant data processing are available in the form of standard contractual clauses and additional measures.
Your personal data is always protected from unauthorized access by the necessary security measures (encryption, physical security measures of the servers, etc.).

4. How long do we store your data?

In principle, you can change and delete your data yourself within your candidate profile on the recruiting website at any time or request the deletion of your profile by e-mail to privacy@hugoboss.com. However, we reserve the right to provide data for a specific application after a corresponding rejection for own evidence preservation interests. If you do not use the recruiting platform or do not interact with us for a certain period of time, your data / your candidate profile will be automatically deleted. This period can be up to 13 months. Insofar as we process your data on the basis of consent, your data will be deleted independently of this after revocation of your consent within the statutory period.​​​​​

5. Does automated decision making take place?

The decision about your employment is not made exclusively automatically.
To evaluate your accuracy of fit for a specific job and, if necessary, to match your profile to other suitable vacancies, we use "CV parsing", which uses artificial intelligence to filter out information from your CV and compare it with the requirements for the respective job. This makes it possible to identify matches and suggest jobs that fit your profile well.​​​​​​

III. Emails on career topics

You can also activate updates on career topics, which we will then send to you by e-mail (HR marketing information on the company, events, fairs, etc.). EX users can receive corresponding e-mails independently of further activation.

1. Which data do we process and for which purposes?

In this case, we process contact data (email address, name, title), technical communication and usage data (such as date and time of registration or confirmation, IP address of the device used, date and time of deregistration, date and time of the newsletter call, IP address, type and version of your internet browser, operating system used) as well as analysis data (e.g. data on the use of the newsletter, in particular calls, frequency of calls and click behavior in the newsletters called up).
Your data is required to send the emails to you as a subscriber. We use the title and name to address you personally. Other data is used to analyze the usage behavior in our newsletter and for the purposes of personalization and needs-based design of the newsletter as well as to create anonymous reports for analysis and determination of the newsletter strategy.

2. What is the legal basis for the processing of your data?

The emails will be sent on the basis of your consent according to Art. 6 (1) (a) GDPR. Otherwise, the processing is based on a balance of interests according to Art. 6 (1) (f) GDPR in favor of our legitimate interest, which consists in providing, evaluating and improving our career appearance and communication measures.
In the case of EX, the messages are sent within the scope of the employment relationship, i.e. pursuant to Art. 6 para. 1 b) GDPR in conjunction with Section 26 para. 1 sentence 1 BDSG.

3. To whom is your data passed on?

The data will regularly be passed on to our (hosting) provider(s) as our contract processor(s) based in the EU/ in the EEA as well as in third countries. In the case of service providers in third countries, the legal requirements for legally compliant data processing are available in the form of standard contractual clauses and additional measures.​​​​​​

4. How long do we store your data?

We store this data as long as you have not unsubscribed from our newsletter. In exceptional cases, we also store this data insofar as and for as long as we are subject to legal retention or documentation requirements for this data or insofar as this is necessary for evidence purposes.

5. Does automated decision making take place?
There is no automated decision making.

IV. Further information on the application procedure

In the course of the application process, additional data may be processed, such as data from interviews, recommendations, data from publicly accessible sources, or bank and travel data for the settlement of travel expenses in accordance with further information. The legal basis for this is Art. 6 (1) (b) GDPR or Art. 88 GDPR in conjunction with specific national law (e.g. § 26 para. 1 Federal Data Protection Act (BDSG)).

V. Use of the "referral function

Persons with access to EX (usually HUGO BOSS employees) can recommend vacancies to external persons via the recommendation function ("Referral") and invite them to apply. The recommendation is made by sending a recommendation link by e-mail to the e-mail address entered. HUGO BOSS employees are required to obtain the consent of the recipient of the recommendation in advance and to confirm this accordingly. The legal basis for this is consent within the meaning of Art. 6 Para. 1 a) GDPR.
If the recipient of the recommendation does not apply for a job within 30 days, his or her data will be deleted automatically. Otherwise, the previous information apply. The progress of the recommendation recipient's application process(es) can be tracked by the sender of the recommendation for one year. This is done in order to enable and verify participation in and compliance with the conditions of the HUGO BOSS employee recommendation programme. A premature deletion of the data record, for example for legal reasons or due to the exercise of the aforementioned data protection rights, remains without prejudice.
The recommendation function is also available internally. The above applies here mutatis mutandis.​​​​​​

VI. Other use of the HUGO BOSS internal career site ("EX")

EX can be accessed internally by all HUGO BOSS employees and used for internal job searches and internal recruiting. Here, all employees are visible to all employees with the following data: surname, first name, current job title, company contact data. The legal basis for this is a balancing of interests within the meaning of Art. 6 Para. 1 f) GDPR. Our legitimate interest is to promote the mobility of our employees in various dimensions, which is not outweighed by the interests of the employees worthy of protection.
Further, potentially development-relevant data such as willingness to change, willingness to be mobile, special knowledge etc. can be entered on the page. This is done on the basis of consent as defined in Art. 6 Para. 1 a) GDPR. This consent can be revoked at any time by changing the entries.
The above statements apply accordingly to the other functions also available in EX.
Employee data remain stored in our systems for the duration of the employment relationship and are automatically deleted after one year following resignation.

D. Cookies
Cookies are small data packages that are stored by your browser on your end device. These technologies help to optimize the offers of the website, e.g. to recognize you when you visit the website again.
Information on the processing of your personal data in connection with cookies can be found in our Cookie Policy.

E. EFFECTIVE DATE AND AMENDMENT OF THIS privacy POLICY
This privacy policy is effective immediately.
Due to technical developments and/or changes in legal or regulatory requirements, it may be necessary to amend this Privacy Policy. The current data protection information can be retrieved.at any time at https://careers.hugoboss.com.