Data privacy statement

Who is the responsible party and what does this information apply to? 

gategroup Holding AG, Sägereistrasse 20, 8152 Glattbrugg, Switzerland (in the following also referred to as “gategroup”, “we,” and “us”), informs you below about the processing of your data when using our websites: and

Who can I contact?

If you have any questions about the data protection notice published here or data protection in connection with our website or the services offered through it, please contact our Data Protection Officer:

gategroup Corporate Data Protection Officer

Please send requests for information to:

If you contact us via email, the communication will be unencrypted.

1 General data protection information for the use of the website 

1.1 Which data are collected when I use the website?

1.1.1 “Log files”

When users visit our website, our system automatically collects data and information from the computer system of the visiting computer in so-called “log files” on each visit. The following data (“technical information”) are collected:

(1)    Name of the requested website
(2)    File
(3)    Date and time of access
(4)    Amount of transmitted data
(5)    Report about successful retrieval
(6)    Information about browser type and version used
(7)    User’s operating system
(8)    User’s internet service provider
(9)    User’s IP address
(10)  Websites from which the user’s system has accessed our internet page
(11)  Websites that are accessed by the user’s system through our website

The data are stored in the log files of our system. The IP address is pseudonymized according to legal provisions. These data, along with other user personal data, are not stored. All log file data are automatically deleted after 3 months.

The legal basis for the temporary storage of data and log files is our legitimate interest Art. 6 para. 1 lit. f GDPR.

Storage in log files is done to ensure the functionality of the website. We collect this technical information for the purposes of (network) security (for example, to combat cyberattacks), to better understand the needs of our users, to continuously improve our website and to provide the respective user with optimal delivery of the website to their device. An evaluation of the data for marketing purposes does not take place.

1.1.2 Use of cookies

Our website uses cookies. A cookie is a small text file that a web portal leaves on a user’s computer system (computer, tablet computer or smartphone) when they visit the web portal.
With the help of cookies, we want to increase the comfort and quality of using our site, for example by saving user preferences.
Cookies do not harm the user’s computer and contain no viruses.
By changing your internet browser settings, you can disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time.
If all cookies are deleted, any opt-out cookies that have already been set will also be deleted, so those opt-out cookies must be set again.

1.2 Use of the services offered on our website

On our website, we offer the opportunity to use different services. In order to provide this, we must collect and process user personal data.
The data you provide will only be used to fulfill these services and will not be further stored without your consent.

1.2.1 Sharing function Sharing a job ad via email 

There is the possibility to forward job ads via email. The following data are collected for this purpose:
- Name of the sender
- Email address of the recipient
The data you provide will be used solely for the purpose of sending the job ad link. Your data will not be stored. Sharing a job ad via social networking sites 

We offer you the opportunity to share and recommend job ads via social networking sites. If you visit our pages and wish to use this function, you must be logged in to the social networking site. We then pass on the URL to the social networking site of your choice.
The purpose and scope of the data collection, the further processing and use of the data by the social networking site, as well as users’ respective rights and settings options to protect their privacy can be found in the data protection notices of the social networking sites:

1.2.2 Registration for an informational event

On the websites and, we offer a variety of informational events for which online registration is possible. The following data are collected for this purpose:

- Last name
- First name
- Date of birth
- Email address
- Telephone number
- Class/Year
- School
- Street/Number
- Zip code/City

The data you provide will be used solely for the purpose of preparing and conducting the event. Your data will be processed exclusively by the organizers and will be automatically deleted after the event and any possible follow-up (for example, reimbursement of travel expenses, provision of information material of the event), but no later than 4 weeks after the event. If you cancel your registration, your data will be deleted immediately.

The legal basis for the processing of the above data for the purposes described is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you give us when registering online.

1.2.3 Registration for your application or for example to use the Job Subscription in the Career Cockpit 

For information regarding the collection and use of your personal data in your personalized area (“Career Cockpit”) or during the application process, please read the additional information below in Chapter 2 “Applicant Data Protection.”

1.3 Right to object according to Art. 21 GDPR

You have the right to file an objection at any time, for reasons that arise from their particular situation, to the processing of personal data concerning yourself on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The responsible party may no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, personal data concerning you will no longer be processed for these purposes.
You have the opportunity, in the context of the use of information society services—notwithstanding Directive 2002/58/EC—of exercising your right to object by automated means using technical specifications.

1.4 Transmission of personal data to third parties  

In order to be able to offer you our services, it may happen that we have to transmit your personal data to third parties within or outside the gategroup. These recipients can be categorized as follows:

  • gategroup employees from different business units
  • Internet agency (content maintenance of the website)
  • Hosting provider (technical operator of the website) 
  • Lufthansa Global Business Services GmbH (shared service center and operations) 

It may happen that personal data are transferred to third countries. For your protection and the protection of your personal data, appropriate guarantees are provided for such data transfers in accordance with and in compliance with the legal requirements.

If such transfers are made to a country for which no adequacy finding has been issued by the EU Commission, we use the EU standard contractual clauses.

Information on EU standard contractual clauses can be found at on the websites of the European Union.

1.5 Your data protection rights

It is an important issue to us to make our processing procedures fair and transparent. Therefore, it is important to us that, in addition to the right to object, the concerned person may exercise the following rights if the respective legal requirement are met:

•    Right of access by the data subject, Art. 15 GDPR
•    Right to rectification, Art. 16 GDPR
•    Right to erasure (“right to be forgotten”), Art. 17 GDPR
•    Right to the restriction of processing, Art. 18 GDPR
•    Right to data portability, Art. 20 GDPR

To exercise your right, you can email to In order to be able to process your request as well as for identification purposes, we would like to point out that we will process your personal data in accordance with Art. 6 para. 1 lit. c GDPR.

In addition, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for gategroup Holding AG is:

The Hessian Commissioner for Data Protection and Information Security

P.O. Box 3163
65021 Wiesbaden
Gustav-Stresemann-Ring 1
65189 Wiesbaden

1.6 Data security

Your data are automatically encrypted when being transmitted to gategroup. The data security precautions always correspond to the current state of technology.

1.7 Consent

If you have given us consent to the processing of your personal data, we hereby inform you that you can revoke this consent at any time.
If you have given your consent on this website, then please revoke it on the page on which you originally gave your consent.
In all other cases or if you have problems revoking your consent on this internet page, you can contact
Please note that the consent you revoke has only an effect on the future and has no influence on the legality of processing in the past. In some cases, despite your revocation, we are authorized to further process your personal data on a different legal basis, such as contract fulfillment.

2. Applicant data protection

Protecting your personal data is very important to us. Therefore, in the following we would like to inform you about our data protection principles. The respective gategroup to which you are applying is committed to upholding these principles, allowing you to apply within a trustworthy process.

2.1 Data usage in the application management system

2.1.1 User accounts 
To register for our application management system each user has to set up a user account. A user account consists of at least the following information:
First name
Last name
User name
E-mail address

The storage retention period of a user account is 6 months. After 6 months the acceptance of the data protection regulations must be renewed by the user. If the renewal is made, account storage is prolonged for a further 6 months.

If the user still has an open application in process at the time of expiration, then the storage retention period is automatically prolonged until this application process is completed.

2.1.2 Application relevant data
Following the completion of the application process, the answers and information you have given during your online application process will be stored along with your name. After this time, your results will be stored in an anonymous way, without your name, for further statistical evaluation purposes. This statistical data record does not allow any type of inference to the actual person and serves solely as a basis for statistical evaluations. Further recruitment procedures will follow in subsequent application steps. A negative test result will also be relevant for applications to similar jobs within the gategroup.

2.1.3 Applications to a job offer
If you have applied to a job offer your data will be made available to the specialized department which posted the position as well as to the relevant personnel department.
The storage retention period of the user account applies.

2.1.4 Recognition of declined applicants
If your application does not lead to an employment contract, a recognition data record will be stored. We need this data record in order to recognize you if you apply to the same position anew. All of your specialized qualifications will be deleted from this data record. The recognition data record only includes the following information:
- Last name
- First name
- Date of birth
- Job ID
- Date of rejection letter

A recognition data record is permanently deleted after 365 days. The recognition data record of applicants for vocational training positions is permanently deleted after 180 days.

2.1.5 Simultaneous application for jobs in different companies within the gategroup 
In the event that an applicant applies to multiple job positions with different companies in the gategroup, those personnel departments which were directly applied to will be made aware of all simultaneous applications. This is done to ensure efficient handling of applications. Application data will not be shared.

This does not have any effect on the actual application process.

2.2 TalentHub participation
A user account and a completed talent profile are required in order to participate in TalentHub. The collection and processing of personal data takes place only to ensure network activities such as i.e. to contact Talents, to send vacant job offer suggestions and for event invitations. TalentHub is a gategroup-wide network. Access to Talent profiles is therefore available across all companies within the gategroup. Data processing outside of the gategroup does not occur. The Talents must renew their data protection policy consent every six months, if the extension consent is not granted, the data is deleted.

2.3 Security when dealing with person-related data
Your data is automatically encrypted during its transfer into our application management system. The precautions taken to protect data always correspond to the current status of technology. 

2.4 How long is your data stored?
Your personal data will be deleted after one year at the latest according to the legal deadlines in so far as Article 17, para. 3, DSGVO applies to possibly keeping them longer.

2.5 Which data protection rights do you have?
It is an important issue for gategroup to make our processing procedures fair and transparent. Therefore it is important to us that aside from the right of objection, the concerned person may make use of the following rights, when the individual legal requirements below are met: 

  •  Right to obtain information, Art. 15 DSGVO
  •  Right of correction, Art. 16 DSGVO
  •  Right of deletion (“Right to be forgotten”), Art. 17 DSGVO
  •  Right of processing limitation, Art. 18 DSGVO
  •  Right of data transmission, Art. 20 DSGVO
  •  Right of objection, Art. 21 DSGVO

Based on Article 15 of the EU General Data Protection Regulation (GDPR), you have the right to submit a request for information regarding collected and processed personal data.
In order to exercise this right, please email, providing a detailed description of your request for information and the following:

  • Last name, first name
  • Applicant number
  • Email address
  • Group company to which you have applied

Please note that information regarding your personal data can only be provided on submission of a valid copy of your ID and that only one company can be queried per request for information.
We will review your request for completeness and correctness and inform you of the following once you have been successfully identified:

  • The data concerning you which we have stored (presented in categories, where applicable),
  • The purpose of the processing of these data,
  • The origin of the data,
  • If the data are transferred, the recipients of these transfers (information regarding appropriate safeguards for transfers to third countries, where applicable),
  • Criteria for determining the planned duration of storage/actual duration of storage, where applicable,
  • Automated decision-making including profiling, if relevant,
  • Your data protection rights.

Please note that we will store your request for information for a period of three years. The Applicant Management department of the recruiting Group company is responsible.

If you should send us a copy of your ID, then we ask you to kindly “black out” all other data except for your first and last name and address. 

Please note that in the case of an objection your application process cannot be continued. 

In order to process your request as well as for identification purposes, we would like to point out that we will process your personal data in accordance with Art. 6 para. 1 lit. c DSGVO.

Furthermore you have the right to lodge a claim with the supervisory authority according to Article 77 DSGVO in combination with § 19 BDSG. The supervisory authority responsible for gategroup Holding AG is:

The Hessian Commissioner for Data Protection and Information Security

Postfach 3163
65021 Wiesbaden

Gustav-Stresemann-Ring 1
65189 Wiesbaden


Enforcing and complying with data protection statements

gategroup commits itself to complying with the data protection points stated above.

For questions or suggestions regarding data protection in our application management system, please contact:

gategroup Holding AG

Sägereistrasse 20

8152 Glattbrugg


Disclaimer and limitations of this data protection notice

This data protection notice affects only processing on the websites and Other websites are not covered by this data protection notice and provide their own specific data protection notices.