Data Protection Notice

The provisions of the EU General Data Protection Regulation (GDPR) have applied since May 25, 2018. With these notes on data protection, we would like to provide you with an overview of how we process your personal data in the UniCredit Bank GmbH application process and your data protection rights.

If you use this website, you have a right to know how we handle your data that arises when you use our website. What this means in plain language can be found below under the points Privacy Policy, Consent, Security and Cookies.

Data Privacy Statement

This privacy policy applies to the careers.unicredit.eu website of UniCredit Bank GmbH). The pages in this site may contain links to other job portals and websites (e.g. UniCredit S.p.A. job portal, third-party websites or other UniCredit Bank GmbH websites) which are not covered by this privacy statement. When you leave this website via a link, we recommend that you read the privacy policy of each website carefully.

Personal data will only be collected or processed by UniCredit Bank GmbH in accordance with applicable data protection regulations.

Below you will find a quick and easy overview of what personal data we collect from you on this website and what we do with it. In addition, we will inform you about your rights under applicable data protection law and whom you can contact if you have any questions.

Who is responsible and contact person for data processing?

The responsible party for this Internet service is:

UniCredit Bank GmbH
Arabellastr. 12
81925 Munich
Phone: +49 (0)89 378-0
E-Mail:

Please note that in the course of the application process - depending on which companies you specifically apply to for a job - the following UniCredit Group companies in addition to UniCredit Bank GmbH will become data controllers within the meaning of the GDPR:
BA Real Invest Client Investment GmbH
Bank Austria Finanzservice GmbH
Bank Austria Real Invest Immobilien-Management GmbH
FactorBank AG
HVB Secur GmbH
Schoellerbank AG
UniCredit Bank Austria AG
UniCredit Direct Services GmbH
UniCredit Leasing (Austria) GmbH
UniCredit Services GmbH
UniCredit S.p.A. Munich Branch
UniCredit S.p.A. Vienna Branch
Wealth Cap Kapitalverwaltungsgesellschaft mbH

If, in the course of your application, you agree to open your profile to other positions in order to be actively approached by the relevant recruiter(s), your profile will also be shared with other UniCredit Group companies.

You can reach UniCredit Bank GmbH's Corporate Data Protection Officer(s) at:

UniCredit Bank GmbH
Datenschutzbeauftragter
Postfach
80311 Munich
Phone: +49 (0)89 378-0
E-Mail:

What personal data do we collect from you?

If you are interested in a job offer or register for this Internet service (i.e. create your profile), we collect personal data from you. As an applicant or registered interested candidate, relevant personal data are, for example:

  • Your personal data (such as name, address, e-mail address and other contact data).
  • Data in the context of your application/registration (such as curriculum vitae, qualifications, certificates)
  • Data in the context of your employment (such as your bank account details, tax identification number (TIN)).

During your visit to the website, we collect technical data through our IT systems, such as information about the Internet browser, the operating system or the time of the page request, in order to ensure error-free provision of the website. The collection of this data occurs as soon as you open our website and is indispensable for the operation of the site.

How and for what do we use your data?

In connection with this website, we use the data only strictly for the purpose of preparing and carrying out the application process and, if an employment relationship is established, collecting the necessary data for carrying out the employment relationship.

On what legal basis do we collect your data?

For the fulfillment of (pre)contractual obligations (Art. 6 para. 1 b DSGVO).

The processing of data is carried out for the initiation of an employment relationship and for the implementation of pre-contractual measures (e.g. review of application documents, invitation to an interview).

Within the framework of the balancing of interests (Art. 6 para. 1 f DSGVO).

To the extent necessary, we process your data beyond the actual performance of the contract or pre-contractual measures to protect legitimate interests of us or third parties. Examples:

  • Analysis of information we collect during website visits for quality improvement,
  • Ensuring IT security and the bank's IT operations.

Based on your consent (Art. 6 para. 1 a DSGVO).

Insofar as you have given us consent to process personal data for specific purposes (e.g. for the further use of your applicant profile for other job advertisements or for the review of your application documents by an external service provider), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. The revocation of consent does not affect the lawfulness of the data processed until the revocation.

Due to legal requirements (Art. 6 para.1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO).

In addition, as a bank, we are subject to various legal obligations, i.e. legal requirements (e.g. German Banking Act, Money Laundering Act, Securities Trading Act, tax laws) as well as banking supervisory requirements (e.g. of the European Central Bank, the European Banking Authority, the Deutsche Bundesbank and the German Federal Financial Supervisory Authority). The purposes of the processing include, among others, fraud and money laundering prevention and the fulfillment of control and reporting obligations under tax law.

Who gets your data?

Within the company to which you have applied, those departments that need your data to fulfill our contractual and legal obligations will receive access to it. Service providers and vicarious agents employed by us may also receive data for these purposes, provided that they maintain banking secrecy and data protection. With regard to this website, these are companies in the categories of IT as well as marketing and coverage measurement of the website. We only use selected service providers who are contractually obligated to process the data received exclusively in accordance with our instructions. 

With regard to the transfer of data to recipients outside our bank, it should first be noted that this Internet service enables applications to be made to other UniCredit Group companies, which are themselves data controllers within the meaning of the GDPR. If you apply for a job at another company of the UniCredit Group, your data will of course also be forwarded to this company.

In addition, we may only pass on information about you if this is required by law or if you have given your consent. Recipients:inside of personal data may be public bodies and institutions (e.g. Deutsche Bundesbank, German Federal Financial Supervisory Authority, European Banking Authority, European Central Bank, financial authorities, law enforcement authorities) if there is a legal or official obligation.

Is data transferred to a third country or to an international organization?

UniCredit Bank GmbH does not transfer data to countries outside the European Economic Area (so-called third countries) within the scope of this website. 

However, UniCredit Bank GmbH uses service providers for certain tasks, most of which also use service providers that may have their registered office, parent company or data centers in a third country.

A transfer is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not made such a decision, UniCredit Bank GmbH or Service Provider:in may only transfer Personal Data to Service Providers:in in a Third Country provided that appropriate safeguards are in place (e.g., standard data protection clauses adopted by the Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available.

UniCredit Bank GmbH has also contractually agreed with its service providers that data protection bases in compliance with the European level of data protection will always be concluded with their contractual partners as well. 

How long will your data be stored?

We do not process and store your personal data for longer than we need them for the respective processing purposes.

If the data is no longer required for the fulfillment of contractual or legal obligations (e.g. proof of AGG compliance), it is regularly deleted.

Users of the Internet service are contacted every 11 months and asked to update their applicant profile - if they do not register with the system within one month, the applicant profile is automatically deleted. In addition, you can initiate the deletion yourself in the system at any time - provided that no processes requiring archiving prevent deletion, the profiles will be deleted immediately.

What data protection rights do you have?

Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 DSGVO in conjunction with Section 19 BDSG). 

To assert your rights, please contact our data protection officer as described at the beginning of this data protection notice.

Dealing with social media and third-party integration

How is Social Apply integrated?

This website contains Social Apply capabilities that allow you to create your application by linking to specific platforms. The linked platforms are:

  • LinkedIn
  • XING
  • Indeed
  • Dropbox
  • Google Drive

When using these platforms, cookies may be set by the third-party providers. When visiting the website, you have the option to object to the use of cookies. If you choose to do so, the corresponding functionalities on Social Apply will not be usable.

Cookies overview

Like most websites you visit, this Internet service uses cookies to improve the user experience on both one-time and repeat visits.

A cookie is a small file that stores Internet preferences. Almost every website uses cookie technology. It is downloaded by your internet browser the first time you visit a website. The next time you visit that website with the same terminal device, the cookie and the information stored in it is either sent back to the website that generated it (first party cookie) or sent to another website to which it belongs (third party cookie).

Depending on their function and purpose, cookies can be divided into the following categories: essential cookies, functional cookies, social apply cookies with third-party functionalities.

In the Cookie Banner, you can decide which categories/ cookies you want to allow. In addition to the selection in the Cookie Banner, when you first visit the website, you can also adjust your cookie settings directly in your browser settings.

In the following areas, you will be made transparent which providers and purposes fall into the corresponding cookie categories and exactly what data is set in the respective cookie.

Manage and delete cookies

We offer you the option to conveniently reject or agree to cookies that require consent. The various third-party cookies are grouped into the categories mentioned here. You have the option to switch individual categories on and/or off via the button. Your cookie preference is stored for one year. Even after active consent on your part, you have the right to object to this type of recording at any time by revoking your consent. You can do this via your browser settings.

If a category is switched off or remains switched off and this setting is confirmed/saved accordingly, all cookies of the corresponding category will no longer be loaded and thus no data will be transferred to the respective third-party providers.

If a category is switched on or remains switched on and this setting is confirmed/saved accordingly, all cookies from the category will be loaded and thus the described data will be transferred to the respective third-party providers.

You can also block and delete cookies by changing your browser settings. To manage cookies, most browsers allow you to accept or reject all cookies or accept only certain types of cookies. The procedures for managing and deleting cookies can be found in the browser's built-in help function. Should you restrict the use of cookies, certain functional components of the website may no longer function properly.

Essential cookies

Essential cookies ensure functions without which you could not use this website. These cookies are used exclusively by UniCredit Bank GmbH and are therefore so-called first party cookies. Furthermore, such cookies ensure, for example, the functionality of a change from http to https when changing pages and thus the compliance with increased security requirements for data transmission. Last but not least, such a cookie also stores your decision regarding the use of cookies on our website.

Cookies that are absolutely necessary cannot be deactivated via the function of this page. You can generally deactivate cookies in your browser at any time. However, we would like to point out that our website will then no longer function at all or only partially.

  • Session cookie (ScustomPortal-{portalUrlPath}): used to keep user logged through privated portal areas.
  • Token field for CSRF (tokenField): Used for CSRF protection (only for logged users).
  • Cookie consent preferences (userCookieConsent-{portalUrlPath}): used to store the cookie types allowed/declined by the users in portals with the cookie management feature enabled, so they don't have to renew their consent on every page view/visit.

For how long are cookies stored?

  • Session cookie: Until you close your browser.
  • Token field for CSRF: 1 hour.

Functional cookies & Google Maps

These are cookies that require your consent and are only set with your explicit consent. You can give this consent if you check the "Functional" category in the cookie banner and accept the selection. The selection via the "Accept all" button includes this consent.

On the one hand, language cookies are controlled by the functional cookies.

  • Language cookie (portalLanguage-{portalId}): used to store current language selected by user in the portal.

For how long are cookies stored?

  • Language cookie: Until you close your browser.

In addition, the functionality of YouTube and Google Maps is controlled via functional cookies.

We use YouTube on individual pages of this website. This is a video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as "YouTube". YouTube is a subsidiary of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google". 

We use YouTube in connection with no-cookie links to show you videos. However, when you click on a YouTube video, information (including your IP address, the date and time and the website you visited) may still be transmitted to the YouTube or Google server in the USA. We have no influence on this.

The user of the career portal has the option to object to this. To do this, he can specify his preferences in the cookie banner. If he decides to do so, YouTube cannot be used on our career portal. YouTube's policies are governed by a completely separate privacy policy, and questions about YouTube's policies should be directed to that location.

If you are logged into YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

Google Maps: In this website we use Google Maps on the homepage. Google Maps is a functionality of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Google Maps enables the user to track the location of the offered sites. By using Google Maps, information (including your IP address, the date together with the time and the website you visited) may be transmitted to Google's server in the USA. The user of the website has the option to object to this when visiting the website. If he decides to do so, Google Maps will not be usable. Google Maps policies are governed by a completely separate privacy policy, and questions regarding Google Maps policies should be directed to.

Performance & Social Apply Cookies

LinkedIn: If you choose to apply by linking to the LinkedIn profile, LinkedIn uses cookies on the job portal. LinkedIn's policies are governed by a completely separate privacy policy, and questions about LinkedIn's policies should be directed to that office. By using LinkedIn to provide information on this Job Portal, you consent to the third-party cookie on this Job Portal.

Name
  1. lidc
  2. li_gc
  3. bscookie
  4. bcookie
  5. JSESSIONID
  6. lang
Domain
  1. linkedin.com
  2. linkedin.com
  3. linkedin.com
  4. linkedin.com
  5. linkedin.com
  6. linkedin.com
Expires
  1. 48h
  2. 48h
  3. Same day
  4. Same day
  5. Session
  6. Session
Size
  1. 100
  2. 77
  3. 96
  4. 49
  5. 36
  6. 18
HttpOnly
  1.  
  2.  
  3. X
  4.  
  5.  
  6.  
Secure
  1. X
  2. X
  3. X
  4. X
  5. X
  6. X
Same Site
  1. None
  2. None
  3. None
  4. None
  5. None
  6. None
Priority
  1. Medium
  2. Medium
  3. Medium
  4. Medium
  5. Medium
  6. Medium

Google Drive: If you choose to upload documents through a Google Drive account, Google Drive uses a third-party cookie on the Job Portal. Google Drive policies are governed by a completely separate privacy policy, and questions about Google Drive policies should be directed to this office. By using Google Drive to provide information to this Job Portal, you consent to the third-party cookie on this Job Portal.

Name
  1. _Host-GAPS
  2. NID
Domain
  1. accounts.google.com
  2. google.com
Expires
  1. Same day
  2. 6 months
Size
  1. 60
  2. 178
HttpOnly
  1. X
  2. X
Secure
  1. X
  2. X
Same Site
  1.  
  2. None
Priority
  1. High
  2. Medium

Indeed: If you choose to apply via a link to the Indeed profile, Indeed uses cookies on the Job Portal. Indeed's policies are governed by a completely separate privacy policy, and questions about Indeed's policies should be directed to that office. By using Indeed to log in to this Job Portal or provide information, you consent to the third-party cookie on this Job Portal.

Name
  1. _gat
  2. G_ENABLED_IDPS
  3. DSTL
  4. _gid
  5. SURF
  6. _ga
  7. OptanonConsent
  8. reese84
  9. __ssid
  10. OptanonAlertBoxClosed
  11. preExtAuthParams
  12. CTK
  13. APPLE_N
  14. fbredirect
Domain
  1. indeed.com
  2. secure.indeed.com
  3. secure.indeed.com
  4. indeed.com
  5. indeed.com
  6. indeed.com
  7. indeed.com
  8. secure.indeed.com
  9. indeed.com
  10. indeed.com
  11. secure.indeed.com
  12. indeed.com
  13. secure.indeed.com
  14. secure.indeed.com
Expires
  1. Session
  2. No expire date
  3. Session
  4. 48 hours
  5. Session
  6. Same day
  7. Same day
  8. 1 month
  9. Same day
  10. Same day
  11. Session
  12. 5 years
  13. Session
  14. Session
Size
  1. 5
  2. 20
  3. 5
  4. 30
  5. 36
  6. 30
  7. 281
  8. 571
  9. 37
  10. 45
  11. 617
  12. 19
  13. 23
  14. 24
HttpOnly
  1. X
  2.  
  3.  
  4.  
  5. X
  6.  
  7.  
  8.  
  9.  
  10.  
  11.  
  12.  
  13. X
  14.  
Secure
  1. X
  2.  
  3.  
  4.  
  5. X
  6.  
  7.  
  8.  
  9.  
  10.  
  11.  
  12. X
  13. X
  14.  
Same Site
  1. None
  2.  
  3.  
  4.  
  5.  
  6.  
  7. Lax
  8. Lax
  9.  
  10. Lax
  11.  
  12. None
  13.  
  14.  
Priority
  1. Medium
  2. Medium
  3. Medium
  4. Medium
  5. Medium
  6. Medium
  7. Medium
  8. Medium
  9. Medium
  10. Medium
  11. Medium
  12. Medium
  13. Medium
  14. Medium

XING: If you choose to apply via a link to the XING profile, XING uses cookies on the Job Portal. XING's policies are governed by a completely separate privacy policy, and questions regarding XING's policies should be directed to that office. By using XING to log in to this Job Portal or provide information, you consent to the third-party cookie on this Job Portal.

Name
  1. userConsent
  2. prevPage
  3. visitior_id
  4. c_
  5. xing_csrf_checksum
  6. xing_csrf_token
  7. CONSENT
  8. DV
  9. NID
Domain
  1. xing.com
  2. xing.com
  3. xing.com
  4. xing.com
  5. login.xing.com
  6. login.xing.com
  7. google.com
  8. google.com
  9. google.com
Expires
  1. 20 years
  2. Same day
  3. 2 years
  4. 48 hours
  5. Session
  6. Session
  7. 19 years
  8. Same day
  9. 6 months
Size
  1. 65
  2. 29
  3. 46
  4. 34
  5. 61
  6. 47
  7. 22
  8. 49
  9. 178
HttpOnly
  1.  
  2.  
  3. X
  4. X
  5. X
  6.  
  7.  
  8.  
  9. X
Secure
  1. X
  2.  
  3. X
  4. X
  5. X
  6. X
  7. X
  8.  
  9. X
Same Site
  1. None
  2.  
  3.  
  4.  
  5. Lax
  6. Lax
  7. None
  8.  
  9. None
Priority
  1. Medium
  2. Medium
  3. Medium
  4. Medium
  5. Medium
  6. Medium
  7. Medium
  8. Medium
  9. Medium

Security

Everything possible is being done using state-of-the-art technology to ensure that your data is secure on the Internet and in the bank's infrastructure. Nevertheless, we rely on your help - you can find out what you can contribute here: Fraud prevention (German)

In order to facilitate a speedy application process, UniCredit Bank GmbH sends all relevant information and documents to your e-mail address stored in the application procedure. UniCredit Bank GmbH offers transport encryption (TLS - Transport Layer Security) as standard here if the mail server of your e-mail provider supports TLS.