TUI GROUP CAREERS PRIVACY NOTICE
Trusted. Unique. Inspiring. At TUI we create unforgettable moments for our customers across the world and make their dreams come true. But we are also looking after the personal data you as an applicant share with us. We want you to be confident that your data is safe and secure with us, and understand how we use it.
TUI InfoTec GmbH, Karl-Wiechert-Allee 23, 30625 Hannover
Deutschland. Telefon: 0511-56 78 600; E-Mail: info@tui.info; Registernummer HRB 60673; Amtsgericht: 30175 Hannover
1. What this Privacy Notice covers
This is a general privacy notice which applies to the TUI Group recruitment process. Depending on your country of residence and where the vacancy you apply for is located, different companies in the TUI Group may process your personal data for recruitment purposes and in accordance with this Notice. Applications for certain positions in certain countries may involve the processing of the same or different personal data.
TUI InfoTec GmbH, Karl-Wiechert-Allee 23, 30625 Hannover, Germany (data processor), is responsible for the operation of the recruitment system that stores your personal data on behalf of TUI AG’s subsidiaries (data controller) (referred to in this Notice as “TUI”, “we” or “us”).
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please do take the time to read our Privacy Notice which explains:
- What types of personal data we collect and why we collect it.
- When and how we may share personal data within the TUI Group and other organisations.
- The choices you have, including how to access and update your personal data.
We have tried to keep this Notice as simple as possible, but if you are not familiar with terms such as data controller, special categories of personal data, then read about these and some others in Key Terms.
2. Personal data we collect
We aim to collect the minimum personal data about you.
Information when you browse our careers website. For example:
- Information about your browsing behaviour on our website.
- Information about the way you access our digital services, including operating system, IP address, online identifiers and browser details.
Information as part of application and selection process. For example:
- Your personal details, including your personal address, email address, phone number and date of birth.
- Your work experience, including your CV, cover letter, application questionnaire, professional qualifications, career development, social network profile, performance, training and certifications.
- Nationality, languages spoken and health conditions (if any) and other relevant medical information as necessary for particular positions.
- Results generated as part of our recruitment process, including when you complete our assessments, tests, occupational or personality profile questionnaires, and/or any notes generated by us during the interview process.
- Your feedback and contributions to our online surveys and questionnaires.
- Your values, skills set, emotional, logical and cognitive abilities, personality features.
Other sources of information
- We may use personal data from other sources including, without limitation, public authorities, medical examiners, recruitment agencies, head hunters, accreditation organisations and training providers.
- We may use CCTV images, IP address and browser details collected in or in the immediate vicinity of our offices, car park premises, and other buildings where you may be invited to attend an interview.
- If you contact one of our recruitment helplines or HR services, we may record your calls for quality and training purposes.
Where we need to process special categories of data, for example health data for medical reasons, we will only do so if one or more additional conditions apply. For example, we have your explicit consent; it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent; it is necessary to establish, exercise or defend legal claims; it is necessary for reasons of substantial public interest.
In the UK only, we may collect details about your age, community, ethnicity and gender for certain positions. This information will be used for statistical purposes only and it will not be seen by the hiring team. This will be clear in the recruitment process.
3. Using your personal data
We use your personal data in a variety of ways, as explained below.
| Purpose | Legal basis |
|---|---|
|
Support applications, recruitment and selection. We need to process your personal data so that we can manage your application process. We will use your personal data to assess your suitability for the role you have applied for. We may also use your personal data to progress your application for employment and, if your application is successful, to administer your employee record. In order to optimize the recruitment process and make sure applicants who are most suitable for the role are taken to the next phase in the process, online pre-assessments based on automatic-decision making algorithms may be used (in this respect you will always have the right not to be subject to a decision based solely on automated processing). These tests are able to assess your job knowledge, measure technical or theoretical expertise in a particular field, your integrity, cognitive ability, personality characteristics, emotional intelligence, and/or physical abilities. |
|
|
To make contact and interact with you. We may use your contact details to contact you (either by post, phone, email or text message) as part of our recruitment process to arrange an interview, obtain more information about you or give you updates on the status of your application. If you have subscribed to one of our job alert services, we may also send you job alerts and emails about new vacancies, information about other TUI Group companies’ recruitment campaigns and other recruitment information which might interest you. We will only do this if you previously agreed to receive these communications. You can change your mind at any time by unsubscribing from these emails. |
|
|
To manage and improve our recruitment services. We may use personal data to manage and improve our online recruitment platform, mobile apps, and other recruitment services. We monitor how recruitment platforms are used to help protect your personal data, detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our recruitment services. To improve our recruitment services and our interaction with you, we may invite you to take part in our surveys or questionnaires carried out by the TUI Group and by other organisations on our behalf. |
|
|
Establish, exercise or defend our legal rights. |
|
|
Check and verify your identity, and prevent or detect fraud and crime. |
|
|
In an emergency e.g., in the event of an accident, we may contact your next of kin or share your personal data with our first aiders and emergency services. |
|
|
Security operations e.g., to respond to and manage security operations, accidents or similar incidents, including health and safety purposes. |
|
|
Comply with relevant laws e.g., employment laws, health and safety regulations, tax and social contributions, specific regulations applicable to certain positions e.g. regulations from civil aviation authorities. |
|
|
Technical improvement of the usability of applications, including profiling. |
|
Sova Video Recruitment
We use a platform to conduct an online-based video interview as part of recruitment. You are given access to the Sova platform via a personalized link. The following personal data is processed as part of the process: Video responses from applicants; IP address; and a session cookie
Personal data is processed to distinguish applicants from one another and to assign statements to an applicant. Without processing data, participation in the online-based video interview is not possible. Processing of personal data is necessary in order to take steps at the request of the applicant prior to entering into a contract.
Recordings are used exclusively for evaluating applicants’ responses to interview questions. Recordings are analysed and the results made available to our recruiters, who assign results to applications and decide on the continuation of the recruitment process.
If an applicant contacts Sova support, they may access data to provide such support. Data stored at Sova will be securely deleted after a completed or terminated application on the Sova platform. For further details please see the Sova Candidate Privacy Notice.
Microsoft 365
When processing your personal data in the application process we will use Microsoft 365 products from Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399 USA. Microsoft 365 is a collection and compilation of various digital tools and applications created in the 365 platform for the purpose of collaboration, security, data protection and the processing of various data. The core of this compilation primarily includes the tools Microsoft Exchange Online (e-mail, calendar, address book, tasks), Microsoft SharePoint (storage, processing) and Microsoft Teams (collaboration, chat, meetings). Further information can be found in the Microsoft Privacy Statement.
Conditional offer
If we make you a conditional offer, we may ask you to provide us with further information or complete further questionnaires to meet the requirements of the role. Without such information, we may have to withdraw the offer.
Pre-employment checks
Where we are under legal obligation, we will verify your identity and right to work in the relevant country. We may also seek for further assurance as to your trustworthiness, integrity and reliability. We may ask you:
- Proof of your identity, including your driving license and passport.
- Proof of your professional qualifications and diplomas.
- Contact details of your references, so we can contact them to verify information on your CV (such as your previous professional experiences).
- To complete a questionnaire about your health, so we can establish your fitness to work or obtain professional advice if any adjustments are needed so that you may work effectively. This questionnaire will be processed by one of our occupational healthcare advisors. In addition, as part of our recruitment process for pilots or cabin crew members, we may ask you to attend a medical examination organised by certified aviation medical examiners.
Criminal records
Depending on applicable law, the nature of the position offered and to protect our customers and members of staff, we may, for example, ask you to complete a Disclosure and Barring Service (DBS) check, criminal records declaration to declare any unspent conviction and we may also check your details with fraud prevention agencies.
Should we identify any convictions or act of fraud or any other criminal offence which may be incompatible with the nature of the position offered to you or present a high level of risk for the interests and/or safety of our customers or members of our staff, we may decide to interrupt or terminate your recruitment process.
Final offer
If we make a final offer, we may ask you for:
- Your bank details and social security number (or equivalent) so we can process the payment of your salary.
- Emergency contact details, so we know who to contact in case you have an emergency at work.
Before providing another person’s personal data, you must be sure that they have agreed to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.
We will use your personal information for the above purposes, in line with local HR privacy and related policies and laws applicable to your employment. We do not sell your personal data to third parties.
4. Sharing personal data with suppliers
We work with carefully selected suppliers that carry out certain functions on our behalf or provide elements of our recruitment service for us. For example, companies that help us store and combine data, manage our online recruitment system, online assessment providers, credit check agencies and our occupational healthcare advisors.
We may also need to share personal data with other carefully selected suppliers that carry our certain functions on our behalf. For example, companies that help us with recruitment services, relocation services, and legal services.
We ensure that appropriate measures are taken to help keep your information secure, and they must not use your personal data for their own marketing purposes.
We only share the minimum personal data to enable our suppliers to provide their services to you and us.
5. Sharing personal data with public, regulatory, and government bodies
We may share the minimum personal data necessary with public, regulatory, and government bodies if the law says we must, or we are legally allowed to do so.
6. Sharing personal data within the TUI Group
We may share the minimum personal data necessary with other companies in the TUI Group. For example you apply for a role or move roles in another country, you keep the same role but move to a different country, a change in role involves a transfer between TUI entities, integration with other internal systems e.g., payroll.
We may also share personal data with an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the organisation receiving your personal data can use your data in line with this Privacy Notice.
We guarantee that this will be kept to a minimum and all legal (e.g. works council agreements, intra-group data processing agreements) and technical/organisational (e.g. strict role based access controls, user access management) measures are in place.
7. Protecting your personal data
We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.
The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential.
TUI Group is a global enterprise. In the course of our business activities, the personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") or the United Kingdom (UK). It may also be processed by organisations operating outside the EEA who work for us or for one of our suppliers. We put in place appropriate protections to make sure your personal data remains adequately protected and that it is treated in line with this Notice. These protections include, but are not limited to, appropriate contract clauses, such as Standard Contractual Clauses approved by the European Commission and/or the UK government, and appropriate security measures.
8. Data retention
If your application is successful, we will retain your personal data only for as long as it is necessary for legitimate business reasons and/or to meet legal requirements. This includes your criminal records declaration, fitness to work, records of any anti-fraud checks and references.
If your application is unsuccessful at any stage of the recruitment process, personal data you provided and information generated during the recruitment process (such as, your application details, CV, interview notes and questionnaire results) may be retained for up to a maximum of two years from termination of your application, unless you consented to a longer retention period for future opportunities. The maximum retention period may vary country by country depending on local business reasons and legal requirements. We may ask for your consent to keep your application details on our talent data base for a maximum period of two years so we can be in touch with you if we have new vacancies which might interest you.
After this period, we will securely erase your personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.
Deletion of candidate profile
Your candidate profile will be automatically deleted, taking into account the legal retention period, if you have not logged into your profile for more than 180 days. Automatic deletion will not take effect if you log into your profile within 180 days, you are in an active application process, or a local legal storage period in the country in which you apply to us requires this.
In addition, you have the option to update or delete your data and/or candidate profile independently in the system at any time. You can adjust your profile visibility settings at any time. This will be taken into account in the application process.
You can also delete your profile at any time or request us to do so via Datenschutz@tui.com. Separately, you may exercise your right to deletion in accordance with the rights described below: Your rights in relation to your personal data.
9. Cookies and similar technologies
Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and mobile apps, and we use them to improve your experience on our website. Please see our separate Cookie Notice.
10. Links to other websites and social media features
Our website may contain links to websites operated by other organisations that have their own privacy notices. Please make sure you read the terms and conditions and privacy notice carefully before providing any personal data on another organisation’s website as we do not accept any responsibility or liability for websites of other organisations.
Our website may contain social media features such as Facebook, Google (including Maps), LinkedIn, X, Pinterest and YouTube that have their own privacy notices e.g. to advertise our jobs and vacancies. Please make sure you read their terms and conditions and privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for these features.
11. Your rights in relation to your personal data
Subject to applicable conditions and limitations, you have certain rights in relation to your personal data.
Please include details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.
Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorised to make such a request or complaint when you contact us on behalf of someone else.
We will respond to a request without undue delay and, in any event, within one month of its receipt (or within a shorter period if required by applicable local law). This period may be extended by two months, where necessary, taking into account the complexity and number of the requests. In the event an extension is required, we will inform you of any extension within one month and provide reasons for the delay.
Right of access to your personal data (Article 15, GDPR)
You can request access to the personal data we hold about you.
Rectification of data (Article 16, GDPR)
You can request us to correct incorrect or incomplete personal data about you.
Right to Erasure (Article 17, GDPR)
You can request the deletion of your personal data. For example, if data is no longer necessary for the purposes for which it was collected. You can also request deletion if we process your data on the basis of your consent and you withdraw this consent.
Right to restrict processing (Article 18, GDPR)
You can request the restriction of the processing of your personal data. For example, if you dispute the accuracy of your data. You can then request the restriction of processing for how long it takes to verify the accuracy of the data.
Right to data portability (Article 20, GDPR)
If data processing is based on consent or the performance of a contract and processing is carried out by automated means, you can request to receive your data in a structured, common and machine-readable format and to transmit it to another data controller.
Right to object (Article 21, GDPR)
Where processing is based on legitimate interests or the public interest, you can object at any time to the processing of your personal data, on grounds relating to your particular situation.
Automated individual decision-making, including profiling (Article 22, GDPR)
You may object to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Complaints about how your personal data is handled
You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to your local data protection authority. The main authorities are listed below.
| Country | Data Protection Authority | Address | Website |
|---|---|---|---|
| Germany | Lower Saxony Authority | Prinzenstr. 5, 30159 Hannover, Germany | https://lfd.niedersachsen.de |
| UK | Information Commissioner’s Office | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF | https://ico.org.uk/ |
| Austria | DSB | Österreichische Datenschutzbehörde Barichgasse 40-42, 1030 Vienna, Austria | www.dsb.gv.at / |
| Belgium | Gegevensbeschermingsautoriteit | Drukpersstraat 35, 1000 Brussel | www.gegevensbeschermingsautoriteit.be |
| Denmark | Datatilsynet | Carl Jacobsens Vej 35, 2500 Valby | https://www.datatilsynet.dk |
| Finland | Office of the Data Protection Ombudsman | P.O. Box 800, 00531 Helsinki, Finland | https://tietosuoja.fi/etusivu |
| France | CNIL | 3 Place de Fontenoy TSA 80715, 75334 Paris Cedex 07 | www.cnil.fr |
| Italy | Garante per la protezione dei dati personali | Piazza Venezia 11, 00187 – Roma | https://www.garanteprivacy.it/ |
| Netherlands | Autoriteit Persoonsgegevens | Postbus 93374, 2509 AJ Den Haag | www.autoriteitpersoonsgegevens.nl |
| Norway | Datatilsynet | Postboks 458 Sentrum, 0105 Oslo | https://www.datatilsynet.no/ |
| Poland | UODO | ul. Stawki 2, 00-193 Warszawa | https://www.uodo.gov.pl/ |
| Portugal | Comissão Nacional de Proteção de Dados (CNPD) | Av. D. Carlos I, 134, 1º, 1200-651 Lisboa | https://www.cnpd.pt/ |
| Spain | Agencia Española de proteccion de datos (AEPD) | Jorge Juan, 6. 28001 - Madrid | https://www.aepd.es/ |
| Sweden | Swedish Authority for Privacy Protection | Box 8114, SE-104 20 Stockholm | https://www.imy.se/ |
| Switzerland | Federal Data Protection and Information Commission | Feldeggweg 1 CH - 3003 Bern | www.dsb.gv.at |
12. Contact us
TUI InfoTec GmbH
Datenschutz
Karl-Wiechert-Allee 23
30625 Hannover
Where appropriate, your query, request or complaint may be forwarded to another Data Protection Officer in the TUI Group to handle it.
13. Changes to our Notice
This Privacy Notice replaces all previous versions. We may change the Notice at any time so please check it regularly for any updates. If the changes are significant, we will provide a prominent notice on our website including, if we believe it is appropriate, electronic notification of Privacy Notice changes.
Last update: November 2024
14. Key terms
Data controller: The data controller determines the purpose and manner in which personal data is used.
European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.
Profiling (GDPR): Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Special categories of data (GDPR): These are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation.