Data Protection Information for Candidates

We are pleased that you are interested in our company and are applying or have applied for a job with us. This notice contains information on the processing of your personal data in connection with your application.

Who is Responsible for Data Processing?

The responsible party within the meaning of data protection legislation is

Steigenberger Hotels AG
Lyoner Strasse 25
60528 Frankfurt am Main
Phone: +49 69 66564-01

Further information on our company, details of authorised representatives, and other contact details can be found on our website and the information in its imprint:

Should you be applying for the job advertisement of another company (subsidiaries, subsidiaries seated in another country, associated companies, managed companies or franchisees), Steigenberger Hotels AG will process your data on behalf of the respective company.

Which Data of Yours will be Processed by Us? And for what purpose?

We process the data that you choose to disclose to us in conjunction with your application (proactive or for a specific position) via our website, application platforms or by e-mail in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process. This data includes, for example: Name, date of birth, gender, address, email address, telephone number, photo, resume, education, work experience, language skills, etc.

What is the Legal Basis for Our Processing of Your Data?

The legal basis for the processing of your personal data in this application procedure is § 26 of the German Federal Data Protection Act (German abbreviation BDSG), as well as Art. 6 (1) (b) GDPR. This law permits the processing of data required to decide whether to establish an employment relationship.

Should the data be required after the application process has been completed, or for legal purposes, data processing may be carried out on the basis of the requirements of Art. 6 of the EU General Data Protection Regulation (GDPR), in particular to safeguard legitimate interests pursuant to Art. 6(1)(f) of the GDPR. In this case, our interest would be the assertion of, or defence against, legal claims.

How Long Will the Data be Stored?

The data of unsuccessful applicants will be deleted after 6 months.

If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There the data will be deleted after 24 months.

If you have accepted a job offer from us, the data from the applicant data system will be transferred to our personnel information system.

Where does your data come from?

Usually, your data will have been provided by yourself. It is also possible that your data has been made available to us by external sources, such as the Federal Employment Agency or personnel service providers.
To Which Recipients Will the Data be Forwarded?

We use a specialized software provider for the application process. This firm will act as a service provider for us and may acquire knowledge of your personal data in connection with the maintenance and servicing of the system. We have concluded a data processing agreement with this provider, which ensures that the data processing is carried out in a permissible manner.

Your applicant data will be reviewed by the personnel department after receipt of your application. Suitable applications are then forwarded internally to the heads of departments which have relevant open positions. After this, further processing is coordinated. As a rule, only those persons within the company who need your data for the orderly processing of your application will have access to your data.

Should you have applied for a position posted by another company, your personal data will be shared with the persons in charge of recruiting at that specific company.

Where is the Data Processed?

The data will be processed exclusively in processing centres within the Federal Republic of Germany.

Transfer of data to third countries

If you have applied to a company outside the European Union and Switzerland, your data will be transferred to the personnel managers of the company concerned. The legal basis for the transfer is Art. 49 para. 1 lit. b) and c) GDPDR.

If you have applied to our subsidiary in Switzerland, your data will be transferred to the persons responsible for human resources in this company on the basis of Art. 45 para. 1 GDPDR.

Your Rights as a "Data Subject"

Pursuant to the right of access established by Art. 15 of the GDPR, you can request confirmation from us as to whether personal data relating to you will be processed by us. You are also entitled to disclosure of the personal data we have attained, and to further information about our handling of personal data.

You have a right of correction and/or completion against us if the processed personal data concerning you is incorrect or incomplete (Art. 16 GDPR).

Under the conditions set out in Art. 18 GDPR, you may request that the processing of your personal data be restricted.

You may demand that we immediately delete the personal data relating to you (known as the "right to be forgotten" under Art. 17 GDPR), unless we are entitled or obliged to further store or process the data (e.g. by statutory data-retention obligations).

You have the right to receive the personal data which you have provided to us in a structured, commonly used, and machine-readable format (Art 20 GDPR).

You have the right, for reasons arising from your own situation, to object at any time to the processing of your personal data based on Art. 6(1)(e) or (f) of the GDPR.

You have the right to revoke your declaration of consent under data protection law at any time. Revocation of the consent shall not affect the lawfulness of the processing carried out based on prior consent up to the time of revocation.

Our Data Protection Officer

You can reach our Data Protection Officer at

TÜV Informationstechnik GmbH
Langemarckstr. 20
45141 Essen

E-mail address:

Right of Appeal

Notwithstanding your rights as described above, you also have the right to complain to a regulatory authority. The supervisory authority responsible for our firm’s operations is: Commissioner for Data Protection and Freedom of Information for the State of Hessen, Gustav-Stresemann-Ring 1, 65189 Wiesbaden