§1 General information

Mercedes-Benz Tech Innovation GmbH (hereinafter referred to as “Mercedes-Benz Tech Innovation”) is delighted by the interest you have shown in working in our company. We take the protection of your private data very seriously and want you to feel perfectly comfortable in this respect, particularly with regard to your online application. The protection of your privacy during processing of personal data is an important concern for us and once we take into consideration in our business processes.

The provision of personal data via the “Online Application” feature is neither a contractual nor a legal requirement, but is essential for realization of the application process using the “Online Application” feature. You are not obliged to provide personal data in this context. However, an application cannot be submitted using the “Online Application” feature if information of this nature is not provided. Alternatively, however, you always have the option of submitting an application using the “Video Application” feature.

The information we have provided below will inform you about which personal data is stored when using the “Online Application” feature and how this data is used. This privacy statement applies exclusively to the aforementioned functionality and subsequent billing of your travel expenses and is therefore an addition to the general data protection information.

Please take enough time to read this information.

§2 Data controller

Mercedes-Benz Tech Innovation GmbH
Wilhelm-Runge-Strasse 11
89081 Ulm
Telephone: +49 731 1517211 0
Fax: +49 731 1517211 9
Email: techinnovation@mercedes-benz.com

§3 Data Protection Officer / Data Protection Coordinator

If you have any questions regarding processing of your personal data, you may write to our Data Protection Officer or Data Protection Coordinator.

Data Protection Officer:

Chief Officer Corporate Data Protection
Mercedes-Benz Group AG
HPC W079
70546 Stuttgart
Email: dataprotection@mercedes-benz.com

Data Protection Coordinator:

Data Protection Coordinator
Mercedes-Benz Tech Innovation GmbH
Wilhelm-Runge-Strasse 11
89081 Ulm
Email: mbti-datenschutz@mercedes-benz.com

§4 Types of data collected

Personal data is information with which we can directly or indirectly identify you as a person. It includes your first and last name, gender, address, telephone number, date of birth, IP address and email address.

We process personal data collected during visits to our websites in accordance with the data protection regulations of the country in which the data controller for data processing is located. Our data protection policy is governed by the Data Protection Code of Conduct applicable to Mercedes-Benz Group AG (hereinafter referred to as “Mercedes-Benz”).

Various types of personal data are processed as part of an online application:

• Data contained in the documents submitted by the applicant (e.g. resume (CV), cover letter, motivation, references, certificates, verifications)
• The applicant's first and last name (incl. family prefix)
• Address information (postal address of the applicant)
• Communication data (email address and telephone number of the applicant)
• How the applicant's attention has been attracted to the advertised vacancy
• The URL of the applicant's website
• The applicant's earliest possible starting date
• The applicant's salary expectation
• Where appropriate, data on the assessment and evaluation of an applicant in the application process (no automated decision-making, including profiling)

The following personal data is processed in the context of travel expense accounting:

• The applicant's first and last name (incl. family prefix)
• Address information (e.g. postal address of the applicant), communication data (email address and telephone number of the applicant)
• Bank details of the applicant
• Start and destination of the journey

§5 Purpose of personal data

If you use the "Apply online" function on our website, personal data is collected via a software platform operated by a carefully selected external service provider who is obliged to comply with the relevant data protection regulations. This is Workday Limited (The King's Building, May Lane, Dublin 7, Ireland).
We process your personal data in connection with the application in compliance with the statutory provisions. The personal data collected in connection with an application are generally only used for the processing of the submitted applications and the filling of the advertised positions as well as for the execution of the travel expense report.
For many of our areas within the company, we are looking for the same applicant profile, which is why we no longer publish individual job advertisement there, but combine these into a collected cluster job advertisement. In the course of this, your data will be forwarded as part of the application process within our company to several managers, the departments responsible for filling the positions and employees involved in personnel selection, as well as the respective responsible HR department and works council.
Any further use of this data would only take place if and to the extent necessary to fulfil a legal obligation and/or to safeguard legal claims. After completion of the application process, the processing will initially be restricted; if this is no longer precluded by retention periods and obligations, this is followed by deletion.

§6 Legal basis for use of your data

Insofar as you have consented to us processing your personal data, this consent provides the legal basis for processing (Art. 6 paragraph 1 lit. a) GDPR).

Art. 6 paragraph 1 lit. b) GDPR provides the legal basis for processing of personal data for the purpose of initiating or performance of a contract with you.

Insofar as the processing of data is necessary for compliance with our legal obligations (e.g. for storage of data), we are authorized in this respect pursuant to Art. 6 paragraph 1 lit. c) GDPR.

In addition, we process personal data pursuant to Art. 6 paragraph 1 lit. f) GDPR to safeguard our legitimate interests and the legitimate interests of third parties. These legitimate interests include maintenance of the functionality of our IT systems, (direct) marketing of our own and third-party products and services and the legally required documentation of business contacts. In the context of the required weighing of interests in each case, we give particular consideration to the type of personal data, the processing purpose, processing circumstances and your interest in the confidentiality of your personal data.

§7 Disclosure of your data to third parties; use of service providers

Data collected during the application process is not disclosed to third parties. Any use of this data above and beyond this would only apply if and to the extent that this would be necessary to fulfill a legal obligation and/or to grant legal claims. Disclosure of your data to our carefully selected service providers will only occur in the context of the application process as described in Section 5.

§8 Disclosure of your data to other countries

In principle, personal data collected in connection with an application will not be transferred to third countries, but is processed exclusively in member states of the European Union. Remote maintenance and support provided by Workday Limited which can be realized from third countries (USA, New Zealand, Canada) represent the sole exception to this principle. Each execution of this remote maintenance and support is approved in advance by Mercedes-Benz Tech Innovation.

From the point of view of the EU, an adequate level of protection conforming to EU standards exists for the processing of personal data (so-called adequacy decision) in the following countries: Andorra, Argentina, Canada (limited), Faeroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. In the case of recipients in other countries, we agree to use the EU-standard contractual clauses to achieve an “appropriate level of protection” in compliance with statutory requirements. We will be more than happy to provide you with a copy of these standard data protection clauses should you so wish. Please direct your inquiry towards the Data Protection Coordinator at Mercedes-Benz Tech Innovation. You can find the Data Protection Coordinator’s contact details under Section 3 of this privacy policy (see sub item “Data Protection Coordinator”).

§9 Use of cookies

Information on use of cookies

We use cookies and similar software tools such as HTML5 Storage or local shared objects (referred to collectively as cookies). These are technically necessary for provision of the job application portal, including the functions and services you use.

1. Functions and use of cookies

a. Cookies are small files placed on your desktop, notebook or mobile device by a website, which you visit. This enables us to manage items such as your selection in the online vehicle configurator, your login status on our websites or your shopping cart (if available on a website). Cookies may also contain personal data (e.g. a pseudonym string for managing your current browser session).

b. You can also visit our websites without cookies being used, meaning you can prevent their use and also delete cookies at any time by configuring appropriate settings on your device. This is realized as follows:

i. Most browsers are preset to automatically accept cookies. You can change this presetting by activating the *Accept no cookies* setting in your browser.

ii. You can delete existing cookies at any time. Please consult the instructions for your browser or provided by your device manufacturer for details of how to achieve this.

iii. You can find information on the deactivation of local shared objects at the following link: Information on deactivation of local shared objects

iv. Like the use of cookies, their rejection or deletion is also linked to the device employed and, additionally, to the browser used. You therefore need to reject or delete cookies separately for each of your devices and, if you use several browsers, to also delete the cookies for each browser.

c. If you decide against the use of cookies or delete them, you may not be able to avail of all the functions of our websites, or individual functions may only be available to you to a limited extent.

2. List of cookies:

Which technically necessary cookies are used in Workday?

Name: PLAY_LANG

Strictly necessary/functional: Strictly necessary
Standard or configurable feature: Standard
Content: User browser language specification (e.g. en-US)
First party or third party: First party
Category: Session management
Lifetime/Persistence: End of session
Purpose: Communication of user browser language to ensure session consistency.

Name: PLAY_SESSION

Strictly necessary/functional: Strictly necessary
Standard or configurable feature: Standard
Content: User session ID.
First party or third party: First party
Category: Session management
Lifetime/Persistence: End of session
Purpose: To identify the session in the event of subsequent inquiries.

Name: timezoneOffset

Strictly necessary/functional: Strictly necessary
Standard or configurable feature: Standard
Content: Decimal value that indicates the number of minutes until the UTC time zone is reached.
First party or third party: First party
Category: Session management
Lifetime/Persistence: End of session
Purpose: Processing of inquiries and recognition of inquiries whose time has expired on basis of a common time zone.

Name: WorkdayLB_UICLIENT

Strictly necessary/functional: Strictly necessary
Standard or configurable feature: Standard
Content: Hexadecimal coded value that indicates the IP address and TCP port number to which all subsequent inquiries for the UI Client Service should be send.
First party or third party: First party
Category: Load balancing
Lifetime/Persistence: End of session
Purpose: Management of inquiries from a single user on the same server for this function to ensure a consistent experience.

Name: WorkdayLB_SAS

Strictly necessary/functional: Strictly necessary
Standard or configurable feature: Standard
Content: Hexadecimal coded value that indicates the IP address and TCP port number to which all subsequent inquiries for the Static Asset Service should be send.
First party or third party: First party
Category: Load balancing
Lifetime/Persistence: End of session
Purpose: Management of inquiries from a single user on the same server for this function to ensure a consistent experience.

Name: WorkdayLB_SAS

Strictly necessary/functional: Strictly necessary
Standard or configurable feature: Standard
Content: Hexadecimal coded value that indicates the IP address and TCP port number to which all subsequent inquiries for the Static Asset Service should be send.
First party or third party: First party
Category: Load balancing
Lifetime/Persistence: End of session
Purpose: Management of inquiries from a single user on the same server for this function to ensure a consistent experience.

Name: wday_vps_cookie

Strictly necessary/functional: Strictly necessary
Standard or configurable feature: Standard
Content: Hexadecimal coded value that indicates the IP address and TCP port number to which all subsequent inquiries for the VPS should be send.
First party or third party: First party
Category: Load balancing
Lifetime/Persistence: End of session
Purpose: Management of inquiries from a single user on the same server for this function to ensure a consistent experience.

Name: enablePrivacyTracking

Strictly necessary/functional: Strictly necessary
Standard or configurable feature: Used if the cookie banner is configured for the career website
Content: Boolean tracker for external career website cookie banners
First party or third party: First party
Category: Cookie management
Lifetime/Persistence: End of session
Purpose: Used to record and respect user choices regarding the acceptance or rejection of cookies that are not strictly necessary.

§10 Storage of data

We delete your personal data as soon as the purpose for which we collected and processed the data no longer applies. Data will only be stored beyond this point in time insofar as this is necessary pursuant to the laws, regulations or other legal provisions to which we are subject in the EU, or according to legal provisions in third countries if therein exists an adequate level of data protection in each case. If deletion is not possible in an individual case, the respective personal data is marked with the aim of restricting processing of your data in future.

The duration of data storage is:

• in the event of an employment relationship
- ten years following termination of employment

• in the event of rejection of an application
- three months after notice of rejection is issued

• in the case of travel expense accounting
- ten years after receipt of the bill

§11 Secure data transmission

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized accessing by third parties. Our security measures are continuously being improved in line with technological developments.

§12 Rights of the data subjects and the right to object with a supervisory authority

As the data subject affected by data processing, you have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).

If you have consented to the processing of your personal data by us, you have the right to withdraw your consent at any time. The lawfulness of processing of your personal data until withdrawal is not affected by the withdrawal. Further processing of this data on other legal grounds such as fulfillment of legal obligations remains unaffected (cf. “Legal basis of processing”).

Right to object

You have the right to object to the processing of your personal data due to Art. 6 paragraph 1 lit. e) GDPR (data processing in the public interest) or Art. 6 paragraph 1 lit. f) GDPR (data processing for reasons of a legitimate interest) at any time for reasons arising from your particular situation. If you object, we will only process your personal data if we can demonstrate compelling legitimate reasons that override your interests, rights and freedoms, or if processing serves the establishment, exercise or defense of legal claims.

If possible, please send your claims or explanations to the following contact address: mbti-datenschutz@mercedes-benz.com

If you believe that processing of your personal data violates legal provisions, you have the right to lodge a complaint with a responsible data protection supervisory authority (Art. 77 GDPR).

Updated: February 2024

Further information on data protection: https://www.mercedes-benz-techinnovation.com/en/privacy