Skip to main content

Processing of (personal) data by the entity in charge of the online application process

SkyTeam - Recruitment Privacy Statement

Last update: September 2025

SkyTeam Airline Alliance Management Coöperatie U.A., a company registered in Amsterdam, the Netherlands (Chamber of Commerce registration number 34345101), whose address for visitors is at (1180 AJ) Amstelveen at Amsterdamseweg 55 (“SkyTeam”, “us”, “we”), is a global airline alliance that coordinates and provides commercial activities on behalf of and – to some extent – together with the SkyTeam Member airlines (Members) in the aviation industry. When you apply for a job with SkyTeam, you trust us with your information: it is important to us to process your personal data carefully and securely in a transparent manner. The processing of your personal data is subject to the rules of the General Data Protection Regulation (EU) 2016/679 (GDPR), and potentially to one or more EU member states’ national implementation acts of the GDPR, as well as the data protection laws and regulations of other countries (if applicable). This Recruitment Privacy Statement serves to comply with our transparency obligations under the GDPR, namely to explain to you when we collect your personal data in the capacity of a controller under the GDPR, what personal data we collect, how we use such personal data, and how long we keep your personal data.

For more information, please check our Privacy Policy

This Recruitment Privacy Statement applies to all job applicants (prospective candidates) who apply for employment with SkyTeam, including those applying for permanent, temporary, internship, or contract roles. This Recruitment Privacy Statement was last updated in September 2025. It supersedes any previous versions of our Recruitment Privacy Statement. When there are any updates, we will inform you thereof in this Recruitment Privacy Statement. Please check this Recruitment Privacy Statement regularly for the most current version. If we make any changes that may significantly affect you as a data subject, we will endeavor to actively inform you about those changes before the changes come into effect. All changes will take effect as soon as the Recruitment Privacy Statement has been published on the SkyTeam website.

1. Who is responsible for the processing of your personal data SkyTeam is the data controller, in the meaning of the GDPR, of the processing of your personal data indicated in this Recruitment Privacy Statement.

2. Processing of data: what, when, why, how and for how long? 

  • 2.1 What personal data do we collect of you?
During the recruitment process, SkyTeam may collect the following categories of personal data:
  • Identification Data: Name, date of birth, contact details, nationality, photo (if provided).
  • Application Information: CV/resume, cover letter, education details, work history, contact details, language skills, and assessments.
  • Screening & Background Check Data: Right-to-work documentation, ID/passport copy, , criminal background checks (only where permitted by law), and visa status.
  • Communication Records: Email exchanges, applications via LinkedIn, notes from interviews, and feedback from recruitment agencies.
  • IT & Technical Data (when applying through online systems): IP address, login information, and usage data for recruitment platforms.
  •  Cookie policy If you visit our website, various cookies and similar technologies (hereinafter: “cookies”) are used. We use functional, analytical, social media and advertising cookies. When we place and read cookies, your personal data will be processed. Please read our Cookie Policy for more detailed information about the use of cookies. In the Cookie Table we have listed per cookie all the categories of (personal) data that will be processed subsequently, as well as the associated processing purposes and applicable cookie lifespan
  • Special categories of personal data: Some categories of personal data, such as data revealing racial or ethnic origin, data revealing religious or philosophical beliefs, health-related data, and personal data relating to criminal law matters, are subject to stricter rules under applicable privacy laws. We collect and use these categories of personal data only when you share these data with us. We normally do not collect or use special categories of personal data.
2.2 Why do we collect this personal data. Purposes and legal grounds for processing of personal data:
  • For the functioning and optimization of the website to generate user statistics and to further analyse your website usage o integrate social media plug-ins and marketing activities, such as showing (personalized) advertisements. Please refer to the Cookie Table for an extensive overview.
  • For handling your application and assessing your suitability for a role and contacting you through the recruitment process.
  • For verifying qualifications and references, background checks and work permits checks.
  • For maintaining records of applications.
  • Handling any legal claims and disputes.


2.3 Legal grounds for processing

 

We may collect and use your personal data only if we have a legal basis for doing so.

The legal ground for processing your personal data through the functional and privacy-friendly analytical cookies is our legitimate interest to make our website work properly. For all other types of cookies, we will ask your consent via the “cookie banner”, which will be displayed when you visit our website. For processing personal data in relation to handling your application, verifying qualifications, background, references and maintaining records, and handle legal claims and disputes (see points b, c, d, d and e above) the legal basis for processing your data is “processing necessary for the purposes of the legitimate interests pursued by the controller”.

In some cases, you might have consented to the collection and use of your personal data; your consent (which you may withdraw anytime, see below) will then be the legal ground for SkyTeam to process your data.

If you refuse to provide the personal data we need for the application process or to comply with a legal obligation, we may not be able to complete the application process in full and have to stop the process. If you provide incomplete or inaccurate information we may be forced to deny you participating to the application process or to stop the application process.

2.4 How do we collect personal data?
We may collect your personal data directly from:
  • Your job application via our website , recruitment platform, and email.
  • Interviews and communication with recruiters or hiring managers,
  • External recruitment agencies or platforms (e.g., LinkedIn, Indeed),
  • Publicly available professional profiles (where relevant and lawful),
  • Background check providers or assessment tools (e.g., Validata).
 
2.5 How long do we retain your personal data?
We aim to strike a balance between retaining necessary information and ensuring its secure and timely disposal when no longer needed. We retain your personal data based on our Data Retention Policy:
  • Unsuccessful applicants:
    • Without consent: Data will be deleted 20 days after the application process ends.
    • With consent: Data may be retained for up to 1 year for potential future job opportunities.
  • Successful applicants:
    • Recruitment data will become part of the employee file and retained for up to 2 years after termination of employment.
All retention periods are in line with our legal obligations and legitimate business needs.

2.6 Who will have access to your personal data
Your information may be collected by, shared with, and processed by employees working for or on behalf of SkyTeam on a need-to-know basis for the purposes described in Section 2.2 such as Internal hiring managers and HR teams.
We also may use third-party service providers, including:

    • Recruitment agencies,
    • Social network such as LinkedIn, Indeed.co, and Glassdoor.com
    • Background screening providers,
    • IT system providers (e.g., recruitment platforms),
    • Legal and audit partners.

Therefore, your personal data will be processed by these third party service providers. When we use services of a party who processes your personal data on our behalf, acting as a processor, we have concluded appropriate data processing agreements in line with applicable data protection laws.

3. Do we transfer your personal data outside the EEA?
The processing of your personal data shall not entail the transfer of your personal data to a third country that does not provide the same level of protection as within the European Economic Area (EEA).

4. How do we protect your personal data? 

We are committed to ensuring that your personal data is kept secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate physical, technical and organizational measures to safeguard the information we collect and process.


5. What are your rights?
As a data subject, you have certain rights concerning our processing of your personal data. You may:
 
  • Request access to your personal data. You have the right to ask us if we are processing your personal data, and, if so, provide you with a copy of that personal data.
     
  • Request correction of your personal data. You have the right to rectify your personal data, if you believe that the personal data we have about you is incomplete or inaccurate. If we have shared your personal data with others, we will also inform them of the correction where possible. 
     
  • Request erasure of your personal data. You have the right to ask us to delete or remove your personal data in some circumstances. If we have shared your personal data with others, we will inform them of the erasure where possible. Due to the way we maintain certain services, it may take some time before backup copies are erased. 
     
  • Request to restrict our processing of your personal data. You have the right to ask us to block or suppress the processing of your personal data in certain circumstances, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted. If we have shared your personal data with others, we will inform them of the restriction where possible. 
     
  •  Request to exercise your right to data portability. You have the right to obtain personal data you have provided to us in a structured, commonly used and machine-readable format in certain circumstances. This way you can use your personal data elsewhere or you can also ask us to transfer your personal data to a third party. Upon request and where this is technically feasible we will transmit your personal data directly to the other controller. 
     
  •  Object to the processing of your personal data. You have the right to ask us to stop processing your personal data, if we are relying on legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for processing. At any time and free of charge you can object to direct marketing purposes in case your personal data are processed for such purposes, which includes profiling purposes to the extent that it is related to such direct marketing. In case you exercise this right, we will no longer process your personal data for such purposes.
     
  • Withdraw your consent. You have the right to withdraw your consent, if we rely on your consent as a legal basis for the processing of your personal data. This will not affect the lawfulness of our prior processing of your personal data.


  • Lodge a complaint with the supervisory authority. You have the right to lodge a complaint with your national supervisory authority, if you have a concern about the way we handle your personal data.
 

Contact details
If you have any questions or concerns regarding this statement or your data, please contact:

SkyTeam Privacy Office
Email: customercontact@skyteam.com 

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.