Data processing - applicants

The following provides an explanation of how and pursuant to which principles ERGO (i.e. ERGO Insurance SE and/or ERGO Life Insurance SE Eesti filiaal) processes personal data of job applicants (hereinafter – applicants) of ERGO.

ERGO processes personal data being guided by the European Union General Data Protection Regulation (GDPR), the Personal Data Protection Act, the Employment Contracts Act, and requirements of other relevant legal acts.

One of the central principles for the protection of personal data is fair and transparent processing of personal data, which requires that ERGO as an employer and data controller notifies applicants of processing of personal data and purposes thereof.


General Data Protection Regulation or GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Employer and data controller means ERGO who processes personal data or on whose assignment personal data are processed.

Applicant means the natural person with whom ERGO plans to hold or holds negotiations for entry into an employment contract.

Third party means a person other than ERGO or the applicant or a data processor of ERGO.

Data subject means the person whose personal data are processed.

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data processing means any operation performed on personal data (e.g. collection, recording, storage or alteration of personal data, granting access to personal data, or retrieval, use or transmission of personal data).

Data processor means a person who processes personal data on behalf of ERGO and on the basis of an agreement entered into with ERGO.


  • ERGO processes personal data of an applicant only during the recruitment process.
  • ERGO processes personal data on the basis prescribed by Article 6(1)(b) of the General Data Protection Regulation, i.e. processing is necessary in order to take steps at the request of the applicant prior to entering into an employment contract.
  • If an applicant is not selected for a job, ERGO will no longer process the personal data of the applicant.
  • ERGO stores the personal data of an applicant for one year as of the day when the decision to select or not select the applicant for a job is made. The data are stored for one year for the purpose of resolving disputes that may arise in respect of the aforementioned decision between the applicant and ERGO.
  •  At the request of an applicant, ERGO stores personal data of the applicant in its information system for making any potential additional job offers to the applicant.
  • ERGO does not transfer personal data of an applicant to third parties or to third countries. ERGO has the right to verify the accuracy of the data provided by the applicant and assess the suitability of the applicant for the job (e.g. public databases, credit information, criminal records database, public web).
  • ERGO has the right, in order to obtain feedback pertaining to work, to contact the referees whom the applicant has pointed out in the applicant questionnaire. ERGO presumes that the applicant has notified these persons beforehand that ERGO may use their data (incl. contact details) for contacting and asking for feedback from them.
  • ERGO ensures personal data protection via organisational, physical and IT security measures.
  • ERGO represents and warrants that they have adopted all necessary measures for the protection of personal data and that the processing of personal data is limited to the minimum required for achieving the purposes of personal data processing.
  • ERGO grants access to personal data of an applicant only for those employees of ERGO who have received the relevant training and have the right to process personal data and only to the extent that is necessary for achieving the purposes of personal data processing.
  • ERGO bears full liability for adhering to the requirements provided for in the General Data Protection Regulation.
  • An applicant has the right of access to the personal data concerning them and possessed by ERGO and the right to obtain additional information on processing of their personal data.
  • An applicant has the right to file complaints concerning the processing of their personal data at any time, incl. to demand termination of processing of the personal data concerning them, termination of access to the personal data and/or erasure, rectification or closure of the collected data if such a right arises from the Personal Data Protection Act or any other legal act.
  • If an applicant finds that ERGO has breached their rights upon processing of personal data, the applicant has the right to contact ERGO for termination of the breach or erasure of the personal data, sending an e-mail to
  • The duties of the data protection officer of ERGO are performed by the Head of the Legal Department of ERGO (Ivo Viires, The data subject has the right to have recourse to the Data Protection Inspectorate or a court at any time for the protection of their rights.