Privacy statement on the ESM careers webpage
Privacy statement on the ESM careers webpage
Objective and scope
The purpose of this Privacy Statement is to inform you of how the European Stability Mechanism (ESM, “we”, “us” or “our”) process your personal data via the ESM careers webpage https://vacancies.esm.europa.eu/ (“Website”) only.
Controller and Data Protection Officer
The controller is the ESM at 6a Circuit de la Foire Internationale, L-1347 Luxembourg, Tel.: (+352) 260 962 0, e-mail: info@esm.europa.eu.
The ESM has nominated a Data Protection Officer (DPO). You can contact our DPO by e-mail at DataProtectionOfficer@esm.europa.eu or by post at the above address with the addition “To the Data Protection Officer”.
Processing personal data
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. Personal data mentioned in this Privacy Statement is processed when you visit the Website and when you apply to our vacancies. We collect these data mostly directly from you; however, we may sometimes also obtain personal data related to you from third parties.
1. Visiting the Website
a) Browser Data and Server Log Files
Each time you visit the Website, the following data is automatically processed, which may relate to you as a user (“Browser Data”):
- Your IP address,
- Type of your browser,
- Date and time of your visit,
- HTTP status code of the access (server information to client about successful processing of request),
- Website from which your system accessed our website (referrer URL),
- Website that is accessed by your system from our website (accessed URL),
- Your location.
The processing of Browser Data is technically necessary. It is carried out to properly display our website to you and to ensure its stability and security. This data processing is necessary in the execution of the ESM’s mandate, for the performance of tasks or activities carried out by the ESM in accordance with the ESM Treaty, By-Laws, and the applicable rules and procedures; this includes the processing of personal data necessary for the management and functioning of the ESM.
We store the Browser Data in so-called server log files for troubleshooting purposes. Browser Data is not stored together with other data relating to you, e.g., your application data. This data processing is necessary in the execution of the ESM’s mandate, for the performance of tasks or activities carried out by the ESM in accordance with the ESM Treaty, By-Laws, and the applicable rules and procedures; this includes the processing of personal data necessary for the management and functioning of the ESM.
For the provision of the website, we use the web hoster service provided by Oracle Luxembourg S.à.r.l (“Oracle Luxembourg”). Oracle Luxembourg servers on which the website is hosted are located in Frankfurt, Germany. Oracle Luxembourg is a part of Oracle Corp., a corporation with global reach. For this reason, Browser Data, may be transferred by Oracle Luxembourg to third-countries that do not provide an adequate level of protection for personal data. In case Browser Data are transferred by Oracle Luxembourg to such third-countries, Oracle Luxembourg is required to take adequate measures designed to protect personal data embodied in Browser Data in line with Oracle’s Binding Corporate Rules for Processors (BCR-P) or the terms of the EU Model Clauses.
b) Technically Necessary Cookies
Cookies are text files that are stored on the browser or by the browser on the user's computer which provide information about the user. Technically necessary cookies, which are necessary to display the website to you, will be set when accessing the Website. The cookies listed below identify the connection between you and the Website and ensure the stability of the Website. This data processing is necessary in the execution of the ESM’s mandate, for the performance of tasks or activities carried out by the ESM in accordance with the ESM Treaty, By-Laws, and the applicable rules and procedures; this includes the processing of personal data necessary for the management and functioning of the ESM.
arg_idpsession10: This cookie is used as a unique session identifier. This cookie is deleted once the user logs out or the session expires.
JSESSIONID: This cookie stores information about the current session on the user's computer. It is required for the website to function correctly, for example to support navigation between pages. It is stored until deleted by the user.
taleosession: This cookie is used to tie a user’s browser session to the session stored on the web server. This cookie expires once the user logs out or the session expires.
arg_sessionid: This cookie is used as a unique session identifier. It is deleted once the user logs out or the session expires.
queryData: This cookie supports the search and apply functionality of Taleo during the user session. It is stored until deleted by the user.
restoreQuery: This cookie supports the search and apply functionality of Taleo during the user session. It is stored until deleted by the user.
savedQuery: This cookie stores information in the search criteria provided by the candidate while searching for jobs. This data is stored when the candidate navigates from the job list page to another page and the value restores the search criteria when he comes back to the job list page. This cookie expires with the session.
ignoreSavedQuery: When a career section is accessed for the first time by opening a new tab/window, this cookie skips taking in the savedQueryCookie. This cookie expires with the session.
JSESSIONID: This cookie stores information about the current session on the user's computer for the career section. It is needed for the web site to function correctly, for example to support navigation between pages. It is stored until deleted by the user.
arg_sessionid: This cookie is used as a unique session identifier for the career section. This cookie is deleted once the user logs out or the session expires.
locale: This cookie is a language and personalisation cookie for access during the session. It will be stored until deleted by the user.
lastActiveElementId: This cookie stores the last clicked page element and it is being used to restore focus on the last accessed user interface element when a page navigation happens. This cookie expires with the session.
redirectSourceCareerPortalCode: This cookie stores information on the standard career section to which the mobile career section is linked. This data is used when application acknowledgement emails are sent to candidates when they apply through mobile career section. This cookie expires with the end of the session.
blockRedirectionToMobileVersion: Career sections accessed by mobile can be seen in full version too. When candidates view mobile career sections in full version, this cookie gets set and it blocks the automated navigation from standard career section to mobile career section in mobile devices. This cookie expires with the session.
JSESSIONID: This cookie is created by Tomcat (a servlet container) to store the java session Id. It ceases to exist when the browser is closed.
ORA_OTSS_SESSION_ID: This cookie stores the application session id. It ceases to exist when the browser is closed.
ORA_OTSS__SWF_SESSION_ID: This cookie is used to store the flash Uploadify session Id to upload documents. It ceases to exist when the browser is closed.
ORA_OTSS_ANCHOR: This cookie is used to handle anchors in the deep links. We store the anchor with an expiry of 2 seconds.
SMSSOOIF: This cookie is used if 'LoginAuth.OIF.VerifyModeList' property contains 'cookie'. The cookie stores the value 'true' with an expiry of 1 year.
ORA_OTSS_SMARTORG_USER_HOME_URL: This cookie stores the value of "homeURL", which comes as a payload from TEE, with an expiry of 10 years.
Cookie-Accept: This cookie is a permanent non expiring cookie installed on the device which indicates the user has permanently accepted cookies. With this cookie in place, neither the cookie banner nor the blocking modal will appear in future sessions.
ORA_OTSS-cookies-enabled: This cookie presents when the browser cookie is disabled. This cookie expires when the browser is closed.
c) Job Alerts
If you sign up for job alerts, we will process your name, your e-mail-address, your field of interest and your preferred job location. We use this data to keep you updated about job opportunities at the ESM and to attract potential applicants. The legal basis for this data processing operation is your consent. We will store your personal data until you withdraw your consent (as mentioned below).
2. Applying to our vacancies
a) Login
To apply for a position at the ESM you first must register and log in to an application account. For this purpose, we process your username, your password, and your e-mail address. The legal basis for the processing of your personal data is your request prior to entering into an employment or another contract with us. We will delete your login data if your account is inactive for two years.
b) Recruitment application
When you apply to one of our vacancies, to review your application, we process the following personal data:
- Uploaded documents: cover letter and resume
- Basic data: name, address, (secondary) nationality, date of birth, gender, phone number, email address
- Whether you are a current or former ESM employee
- Language skills: mother tongue, level of English, other languages including skill level
- Employment preferences: conditions, interests, and date of availability
- Work experience: last/current/former employers, employment sector, job function, location of employer, start date, and end date
- Education: institution, major/program, location, education level, start date, and graduation date
If you are a candidate to an interim work position, we may also collect personal data from third parties in relation to you. Interim agencies submit applications on behalf of their candidates via our website. In such case, they provide the candidate’s CV, name/first name, nationality, postal address, and email address.
The legal basis for the processing of your personal data is your request prior to entering into an employment contract with us. If you are the selected candidate, the ESM may process your application data during the employment or other relationship, as applicable, and after the end of this relationship in accordance with ESM’s schedule of retention periods. If you are not the selected candidate, we retain your personal data for two years after their submission.
3. Recipients of your personal data
Your personal data may be shared with parties both internal and external to the ESM:
Within the ESM
The recipients of your personal data are normally ESM members of staff. They may also be interim workers, trainees, or consultants working for the ESM.
Outside of the ESM
Third party processors that are used by the ESM are HRMC, as website administrator of the ESM careers webpage, and Oracle, Corp.
4. Your Data Subject Rights
You have various rights as an individual which you can exercise under certain circumstances in relation to your personal data that we hold: right to access, right to rectification, right to erasure, right to restriction, and, if applicable, right to withdraw consent.
If you want to exercise your rights or have questions regarding them, please contact us at DataProtectionOfficer@esm.europa.eu or send your request to the following address: 6a, Circuit de la Foire Internationale, L-1347 Luxembourg.
5. Updates to our Privacy Statements
The ESM keeps its Privacy Statements under regular review and places any updates on our Website. This Privacy Statement was last updated on 29 June 2022.