Food Folk Danmark ApS and McDonald’s restaurants operated by individual franchisees (“McDonald’s”, “us” or “we”), understand that your privacy is important to you. This Recruitment Privacy Notice explains the type of information we process, why we are processing it, how that processing may affect you, and what kind of security practices we employ. The notice focuses on individuals who are applying to work for us and the data we process as part of that process.
Purpose and basis of the processing of personal data
The register is used to recruit jobseekers and create employment relationships. Personal data is processed in the job applicant's suitability assessment and selection for vacancies. The basis for the processing is the consent given by you on the recruitment portal.
This statement applies to prospective employees located in the Denmark applying for roles with McDonald's, Food Folk Danmark ApS, or at a McDonald's restaurant operated by a franchisee. If you are applying for a role at a restaurant operated by a franchisee, your data will also be shared with and used by that franchisee for the recruitment process and that franchisee will be the data controller. Contacts to the controller can be submitted either by letter or e-mail:
The processor of personal data
- Food Folk Danmark ApA
- Falkoner Allé 20, 2000 Frederiksberg
The technical platform of the register is the Jobylon service, the supplier of which Jobylon AB is responsible for the technical implementation of the register and thus acts as a processor of personal data. Jobylon processes personal information on behalf of McDonald’s and makes its recruitment tools available to McDonald’s.
Recipients of personal data
Personal information is processed by individuals employed by McDonald’s who are responsible for reviewing and recruiting job applications. On a case-by-case basis, third parties, such as recruitment consultants and expert evaluators, can also be used for recruitment.
Data content of the register and data storage
Most of the information is provided by you. The data collected will only be used for recruitment purposes (including statistical purposes such as demographic analyzes of applicants), unless otherwise explicitly stated. Such data will only be processed in aggregated and non-identifiable form.
The service mainly collects the information needed for recruitment, which appears in the job application form used in the recruitment and is obtained from you. The following information can be collected:
- Contact information such as email address, phone number and home address
- Information used to assess aptitude and suitability, such as work experience and training background, language skills and other competences
- General information about job opportunities such as usability and suitable work times
- Attachments such as CV, job application and photo
- Classifications and notes made by the recruiter
- Other information provided by the jobseeker with the job application
- Information such as emails, text messages and files that are generated during the recruitment process
For persons selected for the job, the service may store information necessary for the performance of duties and obligations related to the employment relationship, such as the payment of wages. Such information includes, for example, information on valid licenses and qualifications and a bank account number for payroll purposes.
Applications remain in the service for 12 months from the date of submission of the application. The data can be processed even longer, for example, in a situation where you have been selected as an employee or deputy in the organization. However, McDonald’s has no obligation to retain the information provided.
Personal data will be processed in accordance with standard recruitment practices, the key steps of which are the collection, storage, evaluation, contact and deletion of the data. This type of processing is necessary to enable the recruitment process.
As controller, McDonald’s is responsible for personal information and undertakes not to disclose it to unauthorized third parties. However, the controller may share your personal data with other appropriate personal data processing processes where the process so requires.
Personal data is processed on the basis of consent, so you can withdraw your consent at any time by contacting the controller.
Data transfer outside the EU or the EEA
The information in the register will not be disclosed outside the EU or the EEA.
Registry security principles
The registrar is responsible for ensuring that the information stored in the service is processed in accordance with good security practices and the instructions given by the registrar.
The service provider (Jobylon AB) is responsible for the technical protection of the data stored in the register (Jobylon service), which includes, for example, the internal security of the service, software security updates and backup. Service security can be further tested in third-party audits.
You can exercise the rights listed below by contacting the registrar by letter or email. The exercise of these rights requires that the controller can be able to satisfactorily ascertain the identity of the person requesting the information.
- Access to data: The data subject has the right to receive information from the data controller as to whether his or her data are being processed. If the data is processed, the data subject has the right to check his or her data stored in the register.
- Right to rectification of data: The data subject has the right to request the correction of incorrect or incomplete personal data concerning the data subject.
- Right to delete data: The data subject has the right to request the deletion of his or her data stored in the register, unless there are grounds for retaining the data (eg a statutory appeal period against the selection decision).
- Right to restrict processing: The data subject has the right to demand that the controller restrict the processing of the data subject's personal data if there are grounds for doing so.
- Right to object to the processing of data: The data subject has the right to object to the processing of personal data concerning the data subject if there are grounds for doing so.
- Right to transfer data: The data subject has the right to transfer his or her personal data in a machine-readable form.
- Right to withdraw consent to data processing: If the processing of personal data is based on consent, the data subject has the right to withdraw his or her consent at any time.
- Right to complain to the supervisory authority: The data subject has the right to complain to the controller, the processor or the supervisory authority about maladministration in the processing of personal data.