Hamilton Services AG
Via Crusch 8
Phone: +41 58 610 10 10
Text: Claudia Hutter, Corinne Dubacher
Pictures: ausdrucksfotografie.ch | Caroline Staeger, Johann Seeber, Christian Danuser
Hamilton Services AG
The author assumes no liability whatsoever with regard to the correctness, accuracy, topicality, reliability and completeness of the information provided. Liability claims against the author for material or immaterial damages resulting from access to or use or non-use of the published information, misuse of the connection or technical faults are excluded. All offers are non-binding. Parts of the pages or the complete publication including all offers and information might be extended, changed or partly or completely deleted by the author without separate announcement.
Liability for Links
References and links to third party websites are outside our area of responsibility. We decline any responsibility for such websites. Access and use of such websites is at the user’s own risk.
The copyrights and all other rights to content, images, photos or other files on the website belong exclusively to Hamilton Services AG or the specifically named holders of rights. For the reproduction of any elements, the written consent of the copyright holders must be obtained in advance.
Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG), every person is entitled to protection of his or her privacy and protection against misuse of his or her personal data. We comply with these provisions. Personal data is treated in strict confidence and is neither sold nor passed on to third parties.
In close cooperation with our hosting providers, we make every effort to protect the databases as well as possible against unauthorised access, loss, misuse or falsification.
Hamilton’s data protection officer within the meaning of data protection law is Roger Lang, President Shared Services. Different data protection officers in the various Hamilton companies and subsidiaries are possible.
Please direct any inquiries on the subject of data protection to:
Hamilton Services AG
Data Protection Officer
Via Crusch 8
When our websites are accessed, the following data is stored in log files: IP address, date, time, browser request and general information transmitted on the operating system or browser. This usage data forms the basis for statistical, anonymous evaluations, so that trends can be identified, on the basis of which we can improve our offers accordingly.
Tracking with fusedeck
This Website uses “fusedeck”, a tracking solution provided by Capture Media AG (hereinafter referred to as “Capture Media”). Capture Media is a Swiss company having its registered office in Zurich which, on behalf of its customers, measures website usage in the context of engagements and events. Tracking is anonymous so that it is impossible to attribute any information gained to any identified or identifiable persons.
Privacy Statement Online Application
Thank you for your interest in Hamilton as a potential employer. We consider the protection of your personal data to be very important.
This Privacy Statement explains which personal data are processed by us, the type of processing that is conducted, and the purpose of the processing. Furthermore, reference is made to the rights of the data subject. It will also inform you of how we process applications that we receive by regular mail or e-mail.
1. Name and address of the controller
The various European companies in the Hamilton Group have centralized some aspects of personnel data processing with Hamilton Services AG. Therefore, regardless of whichever European company within the Hamilton Group you are applying to, your application documents may be forwarded to Hamilton Services AG. Hamilton Services AG requires your personal data to complete the application process. The data controller pursuant to the General Data Protection Regulation, other national data protection laws of the Member States of the European Union, and other data protection provisions is therefore:
Hamilton Services AG
Via Crusch 8
Tel.: +41 58 610 10 10
2. Personal data collection: Scope and procedure
We only collect those personal data from you that are required for the application procedure. In each case, the necessary data are marked as mandatory fields in the relevant forms and include, for example, your first name, surname, e-mail address and date of birth. Your date of birth is required as, by law, some activities have a minimum age requirement. To fully assess your application, we also need you to provide us with information regarding your previous professional background.
Providing us with further optional information will make it easier for us to establish contact with you; you may also send us additional data or files that are relevant for the application process. If, as part of the application procedure, we inquire about your gender by asking your preferred form of address, this is purely because we want to address you in the most appropriate way.
When applying via our job pages, all candidate information and documents are entered directly into the Workday personnel system by candidates. Candidates can access the job postings by clicking on a link on the job page. Candidates are already in the Workday system for the job postings displayed and in the application process.
Workday not only stores the information, but also saves it in a multilevel procedure. Hamilton Services AG remains the owner of the data at all times; Workday is merely a data processor. The data is hosted in a cloud primarily in Ireland and secondarily in the Netherlands. The data centers meet the relevant security standards (ISO 27001 and ISO 27018) and are audited regularly. Workday offers the European Commission’s controller-to-processor Standard Contractual Clauses (Commission Decision 2010/87/EU) which the Court of Justice of the European Union (CJEU) has ruled remain a valid lawful data transfer mechanism for personal data exports. In addition, EU data protection supervisory authorities have approved Workday’s global Processor Binding Corporate Rules (BCRs). BCRs are a detailed, binding code of conduct that governs the processing of personal data within a multinational company, and which is reviewed and approved by EU data protection supervisory authorities.
If you send your application documents to us in paper form, your original documents will be returned to you by mail and will not be considered. We only process applications submitted electronically. We restrict the processing of your application to the information you have made available to us. Please note that this may also include information you have stored on professional online networks such as e.g. XING or LinkedIn or job exchanges.
3. Processing of personal data in the application process
We store your application and thus also your personal data as part of the application process. Data may be processed by different divisions within the Hamilton company. Your data will be treated confidentially at all times and only made accessible to the necessary people as part of the personnel selection process. Your data will never be shared with third parties.
If your application concerns employment with a European company within the Hamilton Group, some of your personal data may continue to be used within the context of the employment relationship, as is necessary for continuation of that employment relationship. By submitting your application, you also agree that in the event of an employment relationship, your application documents and the data received therein will be kept in the personnel file for the duration of the employment. If there is no employment relationship, your data will be deleted after six months, provided that you do not expressly request a longer retention period.
By submitting candidate dossiers, you confirm to comply with the legal requirements of Swiss data protection law. With regards to candidates from the European Union, you also guarantee to comply with the provision of the EU General Data Protection Regulations (GDPR). We retain candidate files for a maximum of 12 months. As this period end, all candidate dossiers will be deleted and your ownership period expires. This provision shall in any case take precedence over any other provisions in your signed Terms and Conditions.
Claims arising from data protection violations: In the event of claims being asserted by third parties, you shall indemnify us in full.
Cookies enable us to provide more user-friendly services to users of this website than would be possible without using cookies.
Cookies enable us to recognize visitors to our website. The purpose of this recognition is to make it easier for visitors to use our website.
Users of our website can permanently disable cookies at any time by adjusting the settings of the used internet browser accordingly. Furthermore, already stored cookies can be deleted at any time via the relevant internet browser or other software programs.
5. Legal basis
Within our company, point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data in the application process. (Consent from the person concerned to the processing of the personal data relating to them for one or more specific purposes).
Article 88 of the General Data Protection Regulation (GDPR, processing in the context of employment) also applies in Germany, as do various country-specific regulations, such as e.g. § 26 of the new Federal Data Protection Act (new BDSG – data processing for the purpose of the employment relationship).
If you wish to withdraw the consent you have given for your data to be processed, you may do so by sending us an e-mail or by writing to us at the address stated in paragraph 1. Any withdrawal of consent or request for deletion will mean that we can give no further consideration to your application.
6. Rights of the data subject
If your personal data are processed and you are a data subject pursuant to the GDPR, then you may have the following rights vis-à-vis the controller:
Right of access
You have the right to obtain confirmation from the controller as to whether or not personal data concerning yourself are being processed by us.
Where that is the case, you have the right to obtain the following information from the controller:
(1) the purposes of the processing of the personal data;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom personal data concerning yourself have been or will be disclosed;
(4) the envisaged period for which personal data concerning yourself will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data concerning yourself, or restriction of processing of personal data by the controller, or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to obtain information about whether personal data concerning yourself are transferred to a third country or an international organization. You have the right to obtain information about appropriate safeguards pursuant to Article 46 GDPR with respect to such transfer of data.
Right to rectification
You have the right to require the controller to rectify or complete processed personal data concerning yourself if such data are incorrect or incomplete. The controller shall rectify the data without undue delay.
Right to restriction of processing
You have the right to obtain restriction of processing of personal data concerning yourself in the following cases:
(1) the accuracy of personal data concerning yourself is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims, or
(4) if you have objected to processing pursuant to Article 21(1) GDPR and verification is pending as to whether the legitimate grounds of the controller override your grounds.
Where processing of personal data concerning yourself has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the aforementioned conditions, you shall be informed by the controller before the restriction of processing is lifted.
Right to erasure
Obligation to erase data
You have the right to obtain from the controller the erasure of personal data concerning yourself without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) personal data concerning yourself are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) you withdraw your consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
(3) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
(4) personal data concerning yourself have been unlawfully processed.
(5) personal data concerning yourself has to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.
(6) personal data concerning yourself have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Informing third parties
Where the controller has made personal data concerning yourself public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the data controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise, or defense of legal claims.
Right to be informed
If you have obtained rectification, deletion or restriction of processing from the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller shall inform you about those recipients if you request it.
Right to data portability
You have the right to receive the personal data concerning yourself which you have provided to a controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, or on a contract pursuant to point (b) of Article 6(1) GDPR, and
(2) the processing is carried out by automated means.
In exercising that right, you also have the right to have personal data concerning yourself transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by exercise of that right.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to withdraw consent
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning yourself infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.