menu toggle

Applicant Privacy Statement

  1. What is the purpose of this document?

    Cencora, Inc., and its subsidiaries and affiliates (collectively, “Cencora”) is committed to protecting the privacy and security of your Personal Data.

    This privacy notice describes how we collect and use Personal Data about you when you apply for a job / role with us, in accordance with applicable data protection and privacy laws.

    It applies to all job applicants.

    1. Cencora (“our”, “us”, “we”) is responsible for deciding how we hold and use Personal Data about you. Contact details for the Data Protection Officer are set out in Section 12.
    2. This notice applies to job applicants throughout the recruitment process. This notice does not form part of any contract of employment or other contract to provide services.
    3. Controllers / Data Handlers — If you are located in Canada, the European Economic Area (“EEA”), Turkey, Switzerland or the UK, the controller of your Personal Data will be the corporate entity that manages the hiring process and/or which would employ / engage you in the event your application is successful. If you are located in China, the data handler of your Personal Data will be Xia Zhang xiazhang@worldcourier.com.cn
  2. The kind of information we collect and hold about you

    “Personal Data” means any information about an individual from which that individual can be identified or is identifiable.

    There are certain types of more sensitive Personal Data which require a higher level of protection, such as information about a person's health or sexual orientation.

    Information about criminal convictions also warrants this higher level of protection.

    1. We will collect, store and use the following categories of Personal Data about you (where permitted by applicable law):
      (a) Contact Information: your name, home address, date of birth, email address, and telephone number.

      (b) Identification Information: including your date of birth, right to work documentation, and nationality.

      (c) Employment / Education Information: including details of your employment / education history, qualifications, language proficiencies, information provided by references, (in certain jurisdictions) military history, and other information included in a CV/resume or cover letter.
    2. We will also collect, store and use the following more sensitive types of Personal Data where we are permitted to do so under applicable law:
      (a) your racial or ethnic origin;

      (b) religion / philosophical beliefs;

      (c) sexual orientation;

      (d) any disabilities which you may have;

      (e) intellectual and emotional capacity;

      (f) other health conditions that you have in order for us to make reasonable adjustments to your work environment; and

      (g) information about criminal convictions and offences.
    3. The processing of sensitive Personal Data about you is necessary for us to achieve legitimate purposes such as evaluating your application and/or entering into an employment contract with you. Please be advised that we treat all sensitive Personal Data with extra security ensuring specifically that only authorised individuals are able to access it. This is additional to the technical controls that we routinely apply to all Personal Data. We do not expect that our processing of sensitive Personal Data about you would impact your rights and interests adversely.
    4. We have collected the same categories of Personal Data in the 12 months prior to the date of this Privacy Policy.
  3. Categories of Personal Data we sell or share and related information

    We do not sell Personal Data or share it for purposes of cross-context behavioral advertising.
  4. Data retention: for how long will you use my information?
    1. We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements. Typically, where you are unsuccessful in your application, with your consent, we will retain your information for a period of 12 months, and beyond this period if we have your consent, or in line with specific retention requirements in your jurisdiction as described further below.
    2. If you are a candidate in the Netherlands, we will retain your Personal Data for 4 weeks after the application process has ended, or for 1 year if we have your consent. In France, we will retain your Personal Data for 3 months after the application process has ended, or 2 years from the last contact where we have your consent. In Germany, we will retain your Personal Data for no longer than 5 months.
  5. How we will use information about you and with whom we will share it

    We will only use your Personal Data when the law allows us to. Depending on where you are located and to which Cencora company you are applying for a job / role, we may be required to obtain your consent for the handling of your Personal Data e.g., if you are located in Turkey. Alternatively, we will use your Personal Data in reliance on another legal basis such as (where applicable):

    1. Where we need to in order to enter into a contract with you.

    2. Where we need to comply with a legal obligation.

    3. Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests.

    1. We use your Personal Data for the purposes (and where you are employed/engaged in the EEA/UK/Turkey in reliance on the legal bases) identified in the table below.
      Categories of Personal Data Purpose for processing Legal basis (where you or we are located in the EEA/UK/Turkey (as applicable)) Third party organisations with whom the Personal Data is shared/td>
      Name, address, date or birth, country, email, contact telephone number, employment history, salary. To receive and undertake initial review of job applications made using this website or via an appointed agent. As necessary to enter into a contract with you (EEA/UK: Article 6(1)(b) GDPR; Germany: Sec. 26 BDSG; Turkey: Article 5(2)(c), Law no. 6698 on the Protection of Personal Data ("Law”)) Recruitment Agency.
      Name, address, email, contact telephone number. To liaise with applicants by email or phone: this includes updating applicants on the progress of their application, organising an interview. As necessary to enter into a contract with you (EEA/UK: Article 6(1)(b) GDPR; Germany: Sec. 26 BDSG; Turkey: Article 5(2)(c), Law) &Recruitment Agency.
      Visa details, passport, driving license, birth certificate. To check applicants’ legal right to work. Legal obligation under Immigration, Asylum Laws (EEA/UK: Article 6(1)(b) GDPR; Turkey: Article 5(2)(ç), Law) Government.
      Criminal history To understand any criminal convictions held against applicants and/or check criminal records where appropriate or required by law. To fulfil contractual obligations this includes taking action before entering into a contract. Specialist background checking service providers
      Name, address, email, qualifications, professional registrations. To arrange psychometric testing (where applicable). To fulfil contractual obligations this includes taking action before entering into a contract. Psychometric testing service providers.
      Health data To make reasonable adjustments or accommodations at interview stage where appropriate. Legal obligation under Equality Laws (EEA/UK: Article 6(1)(c) GDPR; Germany: Sec. 26 BDSG; Turkey: Article 5(2)(ç), Law) Occupational health service providers.
      Referee name, address, email, job title, contact number. To contact successful applicants’ chosen referencees. As necessary to enter into a contract with you (EEA/UK: Article 6(1)(b) GDPR; Germany: Sec. 26 BDSG; Turkey: Article 5(2)(c), Law) Chosen referees.
      Name, address, previous address, date or birth, gender, passport, driving license, bank statement showing contact details, utility bill statement showing contact details. To undertake financial background, fraud and/or identity checks on successful applicants where appropriate. As necessary to enter into a contract with you (EEA/UK: Article 6(1)(b) GDPR; Germany: Sec. 26 BDSG; Turkey: Article 5(2)(c), Law) Specialist background checking service providers.
      Name, address, country, contact telephone number, emergency contact details, bank details, role, payment data, email, line manager name and contact details For successful candidates, to create a personnel file. As necessary to enter into a contract with you (EEA/UK: Article 6(1)(b) GDPR; Germany: Sec. 26 BDSG; Turkey: Article 5(2)(c), Law) Human Resource Records Management System, e.g., WorkDay
      Name, address, email, country, CV or Resume data To match the details of unsuccessful applicants and contact them in relation to any vacancies which may arise within Cencora which may be of interest. To match the details of unsuccessful applicants and contact them in relation to any vacancies which may arise within Cencora which may be of interest. None.
      Name, address, previous address, passport, driving license, bank statement showing contact details, utility bill statement showing contact details To comply with legal obligations in relation to actual or alleged fraudulent, dishonest or other criminal behavior. To comply with a legal obligation (EEA/UK: Article 6(1)(c) GDPR; Turkey: Article 5(2)(ç), Law) Government and law enforcement.
      Name, date or birth, gender, ethnicity, sexual orientation, health data To report upon the diversity of applicants where required by law. To comply with a legal obligation (EEA/UK: Article 6(1)(c) GDPR; Turkey: Article 5(2)(ç), Law) Government
    2. We may share your Personal Data with other third parties, for example in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your Personal Data with the other parties if and to the extent required under the terms of the transaction.
    3. If you would like to obtain information regarding the names and contact details of the parties with whom we share your Personal Data, their processing purpose and method, the categories of Personal Data shared with them, and the method and procedures for exercising your rights with them, please contact privacy@cencora.com. Please note however that we may not be able to fulfil this request in all instances.
    4. For additional information on sharing of Personal Data in California, U.S., please see Section 15.
  6. From where we collect the Personal Data
    1. We will collect Personal Data from you directly: (a) via your resume / CV which you have shared with us; and (b) when corresponding with you by telephone, digital chat channels, email and letters. Please note that should you be successful in your application, certain of this Personal Data may form part of your employment record.
    2. We may sometimes collect additional Personal Data from third parties such as references, background check providers, any LinkedIn account that may be maintained by the applicant and information from publicly available sources.
    3. Please also be advised that when you visit this website, and even if you do not make a job application, cookies will be used to collect information about you, such as your Internet Protocol (IP) address, which connects your computer or mobile device to the Internet, and information about your visit, such as the pages you viewed or searched, page response times, downloaded errors etc. We do this so that we can measure our website performance and make improvements in the future. For more information about our use of cookies please read our Cookie Policy.
  7. Your right to object to processing

    Where you or the relevant Cencora company are located in the EEA / Switzerland / UK, you have a right to object to the processing of your Personal Data where that processing is carried out for Cencora’s legitimate interests. Please note however that Cencora may not be able to fulfil this request in all instances.
  8. If you fail to provide Personal Data

    If you fail to provide certain information when requested, we may not be able to proceed with your application, or we may be prevented from complying with our legal obligations.
  9. Change of purpose
    1. We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and where required, we will explain the legal basis which allows us to do so.
  10. Transferring information outside your country
    1. Given the global nature of Cencora’s activities, Cencora will, for the above listed purposes, transfer your Personal Data to recipients as referred to above, that are located in countries or provinces outside the country in which you are located. These countries or provinces may not have the same privacy laws as the country or province in which you provided your information or have a lower level of data protection. Where Cencora carries out cross-border transfers of your Personal Data it will do so in compliance with applicable privacy laws.
    2. For intra-group transfers of Personal Data, Cencora has entered into an intra-group data transfer agreement. For cross-border transfers of Personal Data to other recipients, Cencora will (as required by law) enter into data transfer agreements with the recipient, seek your consent for the transfer and/or take steps to ensure other appropriate safeguards have been implemented.
    3. For further information about cross-border transfers, please contact privacy@cencora.com.
  11. Data security
    1. We have put in place reasonable and appropriate security measures to prevent unauthorized or unlawful processing of your Personal Data and against accidental loss or destruction of, or damage to, your Personal Data. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. If we choose to enter into a contract with you, your Personal Data will become part of your employment record.
    2. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
  12. Privacy Rights of access, correction, erasure, and restrictio
    1. Depending on where you are located, you have certain rights under privacy laws. These may include the right to:

      Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

      Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

      Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).

      Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

      Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.

      Request the transfer of your Personal Data to another party (known as data portability).

      Right to withdraw consent. Where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the HR Team via info@cencora.com Once we have received notification that you have withdrawn your consent, we will no longer process your Personal Data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
    2. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
    3. If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your personal data, or request that we transfer a copy of your Personal Data to another party, please contact the HR Team in writing via info@cencora.com.
    4. Depending on where you are located, you also have a right to complain about the processing of your Personal Data with a privacy regulator.
    5. Additional country-specific rights are set out in Annex 1.
    6. Your duty to inform us of changes. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
  13. Data protection officer

    We have appointed Data Protection Officers (DPOs) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your Personal Data, please contact the DPO at privacy@cencora.com
  14. Changes to this privacy notice

    We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates (such as by posting the new notice here). We may also notify you in other ways from time to time about the processing of your Personal Data.

    ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS ON PERSONAL DATA PROCESSING AND PRIVACY RIGHTS
  15. Disclosure of Personal Data for Business Purposes in the Past 12 Months

    The following chart describes the categories of Personal Data that we disclosed to third parties for a business purpose in the 12 months prior to the date of this notice:

    Categories of Individuals’ Personal Data Categories of Third Parties With Which We Shared Personal Data for a Business Purpose
    Personal identifiers: email address, postal address, and government-issued identification documents Service providers that assist in providing human resource functions; facilitate scheduling and email communications; provide security services and cloud-based data storage, assist with other IT-related functions; host or facilitate teleconferencing or video conferencing services; provide legal services.
    Protected class information: race, ethnicity, gender, gender identification, disability, veteran status Service providers that assist in providing human resource functions; provide legal services./td>
    Internet or other electronic network activity information: session cookies needed for our career site work and which expire with your session Service providers that provide security services and cloud-based data storage, host our career Website.
    Professional information: records of your work and education history Service providers assist with recruitment activities.
    Educational information: education history; trade school records; certificates obtained Service providers assist with recruitment activities./td>
    1. Business Purposes for Such Disclosures

      We disclosed the aforementioned categories of Personal Data to the categories of third parties identified above for the following purposes: to manage the recruitment and application process; verify applicants’ identities; operate our IT systems and secure our systems and facilities; prevent fraud and other illegal activities; and to obtain professional advice, such as about legal and accounting matters.
    2. Additional Information About How We May Disclose Personal Data

      We may also share your Personal Data as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also share your Personal Data with third parties to help detect and protect against fraud or data security vulnerabilities. And we may share or transfer your Personal Data to a third party in the event of an actual or potential sale, merger, reorganization of our entity or other restructuring.
    3. Additional Information About How We May Disclose Personal Data

      We may also share your Personal Data as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also share your Personal Data with third parties to help detect and protect against fraud or data security vulnerabilities. And we may share or transfer your Personal Data to a third party in the event of an actual or potential sale, merger, reorganization of our entity or other restructuring.
  16. Cookies and Other Tracking Technologies

    Cookies are small, sometimes encrypted text files that are stored on computer hard drives by websites that you visit. They are used to help users navigate websites efficiently as well as to provide information to the owner of the websites. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please visit www.allaboutcookies.org.

    When you visit our Sites, we may place a “cookie” or other online tracking devices (e.g. web beacons) that recognizes you. The cookies and other tracking technologies may also collect information about your IP address or actions taken in connection with the Sites. We may use cookies or similar tracking technologies to capture information about the use of our Sites, including to improve your user experience. We do not allow third parties to use cookies or other trackers through our Sites that track your behavior over time and across the Internet, such as when you visit other websites or applications after visiting our Sites.
  17. Rights Related to California Resident Personal Data Held by Us

    If you are a California resident, you have certain rights. Details on these rights, including what they are, how you can exercise them, and how we will respond, can be found in Annex 1.
  18. Do Not Track Signals

    Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals.
  19. Personal Data of Minors

    We do not advertise our positions to minors under 16, and we do not knowingly collect or sell the Personal Data of minors, including minors under 16 years of age.
  20. Accessibility

    We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us at info@cencora.com
Policy Last Updated: August 30, 2023