You will find your company-specific contact person by clicking on "Contact" after the login to the ESS employee portal.

If you have any specific questions about the registration, you will find notes under "Frequently Asked Questions" or please contact your local HR department.

I do not have access data to the ESS employee portal. Where can I get them?

If you have not yet received your access data, please contact your HR department.
Not all areas participate in the ESS employee portal, your HR department can also provide you with information on this.

How can I change my current password?

If you are already registered in the ESS, please log out. Please enter your username and password on the login page. Click on "Change Password" to open a form where you can enter the old password and the new password twice. After saving, you wil be logged in automatically and use the new password prospectively.

Please note that you can only change your password once a day.

Are there certain naming conventions that I have to consider when assigning passwords?

The following password guidelines must be considered for data protection reasons:

- minimum password length: 8 characters
- a minimum of 2 letters, 1 digit and 1 special character (e.g. $Lotta12)
- the following special characters may be used: !"@$%&/()=?'`*+~# -_.,;:{[]}\<> Attention: the special chraracters ? and ! must not be used in the first character!
- a minimum of 1 lowercase letter and 1 uppercase letter
- the new password must differ from the old password in a minimum of 3 characters
- the new password must not correspond the last 10 assigned passwords
upper and lower case printing will be considered
Certain passwords are invalid. You may not use 3 successive, identical characters or month names (e.g. ball0001, schifffahrt01, juni2009).

I have locked my user/forgot my password. What can I do to regain access?

On the login page, you can use the "Forgot Password" or "Locked Password" functions to automatically unlock your user. Besides your personal number and date of birth, you will need your PIN code to generate a new password and, if necessary, to unlock your user.

What is a PIN code?

With the personal letter for ESS use, you were given a PIN code which you need to enter in the event of a forgotten password.
The PIN code is a second password with which you may regenerate the first password for ESS access. You have received this password from your HR department in the form of a cover letter. The PIN code is comparable to the PUK for mobile phones.

I have misplaced my PIN code. How do I get a new PIN code?

With your personal letter for the ESS use, you have been given a PIN code which you can use in the event of an forgotten password. If you no longer have this PIN code or have not received it, please contact your HR department.

When using the ESS employee portal I have technical problems (display problems of PDFs, the Adobe Reader toolbar is not displayed, error messages, etc.). Who should I contact?

Please check in advance whether your PC/terminal device meets the necessary requirements for the use of the ESS employee portal.

If error messages occur in the portal, please forward them to your responsible HR department (a screenshot is often helpful for a problem analysis). If your HR department cannot help, it will forward the message to your local IT or the system administrators of the ESS employee portal. If you have problems viewing PDFs, your local IT department may be able to help you.

Please comprehent that we do not offer any support for private PCs/ terminal devices.

What safety regulations do I have to consider when using the ESS employee portal?

Via the link "Safety Instructions" you will find important information on what to consider when using the ESS employee portal. In addition, you will also find further information on security.

Here you will find information on the technical requirements for using the ESS employee portal.

In order to ensure problem-free access, current websites must meet wide- range technical requirements. The display and usability of a website can vary due to different browsers, operating systems, screen resolutions and access devices.

Please check the following overview which lists the combinations of devices, browsers and operating systems.
The latest versions of the browser and the app are required.

If other combinations/browsers are used, problems may occur with the display/functionalities

Desktop operating systems

• Microsoft Windows version 7 or higher
• Microsoft Browsers (Internet Explorer)
• Google Chrome
• Mozilla Firefox
• Apple MacOS version 10.10 or higher
• Apple Safari
• Google Chrome

Mobile operating systems (mobile phones and tablets)

• Apple version 8 or higher
• Safari
• Android version 4.4 or higher
• Google Chrome
• Windows version 10 or higher
• Microsoft Browser

App of the employee portal
The app for the ESS employee portal is currently available for Apple and Android.

PDF display
Please use the latest version of Adobe Acrobat Reader.

The Internet has developed into a self-evident medium whose importance is constantly increasing. In addition to the positive opportunities offered by the Internet, there are also a number of security risks that must be countered by appropriate measures.

Attack scenarios, in particular, are increasingly not only aimed at exploiting system and application vulnerabilities and specifically using certain user behaviour patterns. However, by dealing sensitively with the given technical possibilities, most attacks can be fended off.
The following points are essential for handling the ESS:

• General Rules of Conduct
• Security on the Internet PC
• Checking the authenticity of the ESS employee portal

General Rules of Conduct

Checking the Internet Address

As a user, you should ensure that the correct address ESS.BERTELSMANN.DE and a lock are displayed in the address bar of the browser. The address should always begin with https://.

Any unknown Internet address can be classified as not trustworthy. Never enter personal information and/or your access data at foreign addresses.

Confidentiality of Password and PIN Code

Password and PIN code may only be used in the ESS employee portal. The password and PIN code may never be transmitted by email or entrusted to third parties in any other way.

Make sure that no one "peeks over your shoulder" when entering your password and PIN code and never store it on the hard disk or other storage media of your terminal device. To do so, deactivate automatic password storage in your browser.

Changing the Password if compromise is suspected

If you have inadvertently visited a dubious website and disclosed your details, we recommend that you change your password immediately. The change can be made directly on the login page under the function "Change Password".

Use the "Log Out" funtion to end a session

Only by calling up this function, your connection will be properly disconnected. Automatic logogg only occurs, if no user entries have been made for a period of 15 minutes.

Always ask critically whether the input required on a website makes sense in connection with the action you want to take.

Security on the Internet PC

The trustworthy state of the PC with which you access the portal is the prerequisite for secure use of the ESS employee portal.
Use and install only software from trusted sources.

Always think about whether you really need software and whether you really trust the provider (manufacturer and download source). In general, you should not open, download or run files from unknown servers or email attachments of unknown origin. However, if this is necessary, at least it makes sense to scan the files with an up-to-date virus scanner.

Up-to-date Software and Security Software

All precautions for a safe use of the Internet should already have been taken on the used terminal devices of your company.
On private devices, please make sure to update your operating system and browser regularly.
It is also recommended to install a virus scanner and a personal firewall.

Phishing Emails

Phishing emails are used by fraudsters to obtain your PINs and passwords by pretending to be a trustworthy source.

Your HR department will not aks you to disclose confidential information such as your password or pin code.

Phishing emails usually contain a link to the relevant website. The Internet address usually has only marginal deviations from the real address and the visual impression of the real pages is completely imitated.
Therefore, never use links that are offered to you in emails.

Further Information

On the following pages you will find further information on security on the Internet:

• www.bsi-fuer-buerger.de
• www.buerger-cert.de

Checking the authenticity of the ESS employee portal

Authentication is the proof of a communication partner that he is actually the one he claims to be. Authenticity is guaranteed in the ESS employee portal by using the SSL protocol. The authenticity of the provider is confirmed by a certificate. A first and simple possibility of verification is also possible using the displayed Internet address (URL) in the browser.

Certificate Verification

The SSL connection guarantees that an encrypted communication with ESS employee portal takes place. SSL certificates generally contain the provider's public key as well as information for unambiguous identification.

A certificate from another provider should never be accepted during a session. Manual confirmation of the certificate is not required because it uses a certificate from a trusted certificate issuer. Potential attackers usually use self-created certificates, which are only accepted by the browser with the user's confirmation, as the user cannot determine the authenticity without any doubt.

Therefore, care must be taken with certificate requests from the browser before accepting foreign certificates or classifying them as trustworthy.

You can check the provider's certificate and the strength of encryption of your SSL session by double-clicking the "Padlock" icon in the browser's status icon.

Certification Center

The certification center is an internationally recognised independent and trustworthy authority that issues certificates. When certificates are issued, a special proof of authenticity is required, so that an authenticity check can later be performed on the issued certificate.

The ESS uses the certification agency "DigiCert" or rather "thawte, Inc." (a DigiCert company).

Fingerprint Matching (SSL Server Certificate)

You can also check the correctness and authenticity of the certificate used by calling up the fingerprint.

If you view the details of the certificate in the browser, you will see the fingerprint below. By matching the displayed data with the publisher's information, you can be sure that it is the original certificate you want to use. The SSL certificates assures you that a secure communication with the desired conversation partner is encrypted.

The most common and currently most secure method for unambiguous authenticity determination is SHA-256.

Fingerprint for the ESS employee portal:
SHA-256:
0D:06:7A:18:29:2F:CA:8B:35:5C:E6:73:24:8E:72:2F:
A3:3D:50:A9:C8:C9:16:7D:F2:C0:D7:23:D4:9A:4C:F1
SHA-1:
94:D7:9F:0F:41:EC:2E:E1:1A:68:D0:2F:39:03:CC:A9:F5:ED:F5:5A

Privacy Policy

This Privacy Policy satisfies the disclosure requirements according to Art. 12 ff. of the EU General Data Protection Regulation ("GDPR") and provides a summary of the processing of your personally identifiable information ("personal data", "personal information") on this website.

1. Who is accountable for processing my data?

Bertelsmann SE & Co. KGaA
Carl-Bertelsmann-Str. 270, 33311 Gütersloh, Germany
info@bertelsmann.de
Phone: +49 (0) 52 41-80-0
Fax: +49 (0) 52 41-80-623 21

is responsible for processing your data on this website (hereinafter referred to as "we"). We process personally identifiable information ("personal data") in accordance with GDPR provisions and the German Federal Data Protection Act (BDSG).
You can contact our designated Data Protection Officer at the address indicated above by using the reference "For the attention of the Data Protection Officer" or by writing to: datenschutz@bertelsmann.de.

2. What data is collected?

When you visit our website, the data of the computer you use to access our website is automatically logged (“access data”). This access data includes server log files that generally consist of information pertaining to your web browser type and version, your perating system, your internet service provider (ISP), the date and time you used the website, the website previously visited by you and the websites you accessed from our website, in addition to the IP address of your computer. With the exception of your IP address, the information contained in the server log files is not personally identifiable. An IP address is personally identifiable when it is static (permanently allocated when using internet access) and the ISP is able to attribute it to a specific person.

Some features of our website require that you divulge personal information to us. In this case, the information provided by you is used to provide the service requested by you or process a matter submitted by you (e.g. search queries, entries made in forms or contracts, click data).

3. What cookies are used?

Cookies are used on our website. Cookies are small text files that are saved to your computer when visiting a website. The cookies that are saved can be attributed to the web browser used by you. When the website is visited again, the web browser return the content of the cookies, thus enabling you, the user, to be recognized. Certain cookies are deleted when you log out or end the browser session ("transient cookies" or "session cookies"). Other cookies are saved for a specific period of time ("temporary cookies") or indefinitely ("persistent cookies"). These cookies are automatically deleted when the defined period lapses. The privacy and security settings of your browser enable cookies to be deleted at any time and also enable you to configure the use of cookies in accordance with your preferences. However, you may not be able to use all the features of our website if you delete the cookies used by our website As a general principle, cookies enable online recognition without reference to a specific person. Cookies may become personally identifiable when the information they contain is merged with other information apart from the information generated by the cookies themselves. Here a distinction is made between cookies that are necessary for the provision of website features, and cookies that are are required for other purposes, e.g. analysis of user behaviour or displaying advertising-related content.

4. What data is collected and for what purpose?

The purpose of data processing may be based on technical, contractual or statutory requirements or result from consent having been given by the user.

We use the data described in section 2 and the cookies decribes in section 3 for the following purposes:
- To provide website features and content and ensure technical security in troubleshooting technical issues and also to ensure that unauthorized persons do not gain access to out website systems;

For information on other data processing purposes, please refer to the sections below of this Privacy Policy.

4.1 Provision of the website

4.1.1 Description and scope of data processing

In order to enable the proper functioning of our website, security analyses to be conducted, and denial-of-service attacks to be prevented and stopped, server log files are automatically collected and saved on a short-term basis as an integral part of access data that is created by the system of the visiting computer upon accessing our website and while using it (see section 2). The content of the server log files is not merged with other data. We use the server log files for statistical analyses to troubleshoot and remedy technical issues, prevent and defend against denial-of-service attacks and attempted fraud, and to optimize the proper functioning of our website.

4.1.2 Purpose and legal basis of data processing

The legal basis for the creation of server log files follows from Art. 6(1)(f) GDPR. Our legimitate interests lie in the proper functioning of our website, conducting security analyses and defending against threats.

4.1.3 Duration of storage or criteria applied in defining this period

When the pages of our website are accessed, information is logged to server log files that are stored on our web server; the IP address contained in them is deleted after 7 days at the latest. No analysis is conducted during this time unless there is a denial of service or other attack.

4.1.4 Options for lodging an objection and having your data removed

You have the right to lodge an objection to the processing of your data contained in the server log files provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1.

5. Who comes into possession of my personal data?

Within our company those who need acces to your information for the purposes described in section 4 will be given access to it. Service providers contracted by us may also be given access to your information ("contract data processors", e.g. data centers, mailing services for newsletters, web tracking). They are bound by our directives and must provide for data security and the confidential treatment of your information under the contract data processing aggreements we have concluded with them.

No sharing of information with other recipients such as advertising partners, providers of social media services or credit institutions ("third parties") takes place.

6. Is my personal data processed outside of the EU or EEA ("transfer to a third country")?

The hiring of service providers can lead to your data being transferred to a country that does not guarantee the same data protection standard as the European Union. In this case, we ensure that the service providers guarantee an equivalent level of data protection contractually or otherwise. You have the right to obtain the appropriate guarantees in accordance with cht, über die geeigneten Garantien gemäß Art. 46 GDPR. You are also welcomed to request a copy of these guarantees using the contact details given in section 1.

7. What data privacy rights do I have?

You have the right to request access to your personal data that is currently stored by us. If this data is incorrect or not up to date, you have the right to request rectification. You also have the right to have your personal data erased and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. You also have the right to request a copy of the personal data provided by you in a structured commonly-used, machine-readable format (right to data portability).

If you have given your consent to the processing of your personal information for specific purposes, you can revoke that consent at any time in the future. Your notice of revocation is to be addressed to us by writing to the contact address indicated in section 1.

Pursuant to Art. 21 GDPR, you also have the right for reasons relating to your specific situation to raise an objection to the processing of your data that is done on the basis of Art. 6(1)(f) GDPR. You also have the right to lodge an objection to the processing of your personal information for direct marketing purposes. The same applies to automated processes involving the use of individual cookies, unless they are required for providing the functionality of our website.

You also have the right to lodge a complaint with the competent data protection authority. The authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf, Germany
Phone: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de

You also have the right to contact the data protection authority at your place of residence and request support in pursuing your matter.

8. Date of this Privacy Policy:

June 2018

Website Credits

Website Credits according to § 5 Telemediengesetz (TMG)

Bertelsmann SE & Co. KGaA
Carl-Bertelsmann-Straße 270
33311 Gütersloh
Phone: +49 (0) 52 41-80-0
Fax: +49 (0) 52 41-80-623 21
Email: info@bertelsmann.de
Internet: www.bertelsmann.de

www.facebook.com/Bertelsmann | twitter.com/Bertelsmann_com | www.youtube.com/user/BertelsmannSE

VAT no.: DE 126 770 390
Registry no.: HRB 9194
Registry court: Gütersloh district court
Chairman of the Supervisory Board: Christoph Mohn

General Partner

Bertelsmann Management SE
Gütersloh District court HRB 9084

Executive Board of Bertelsmann Management SE

Dr. Thomas Rabe (Chairman), Markus Dohle, Dr. Immanuel Hermreck, Bernd Hirsch

Chairman of the Supervisory Board of Bertelsmann Management SE

Christoph Mohn

Responsible for the content

Axel Marx, Bastian Hemmesmann

Disclaimer

All information on this website has been carefully checked. We make every effort to continually expand and update its content, but cannot guarantee its completeness, accuracy and comlete up-to-dateness. Bertelsmann SE & Co. KGaA provides this information without any assurances or warranties of any kind, either express or implied. Bertelsmann SE & Co. KGaA excludes all liability for damages arising directly or indirectly from the use of this website, provided they are not based on intent or gross negligence on the part of Bertelsmann. As a content provider within the meaning of § 7 (1) TMG, Bertelsmannis responsible in accordance with the general laws for its own content, which is made available for use on ess.bertelsmann.de Cross-references (“links”) to content provided by other parties are to be distinguished from this “own” content. By providing such links, Bertelsmann makes third-party content available for use. This external content was checked for possible civil or criminal liability when the link was first created. However, it cannot be ruled out that the content is subsequently changed by its respective provider. Bertelsmann does not constantly check the content to which it links in its offer for changes which could give rise to new responsibilities If you believe that a linked external site violates applicable law or includes content that is otherwise inappropriate, please let us know.

Copyright

Copyright 2019 / Bertelsmann SE & Co. KGaA. All rights reserved. All content (text, images, graphics, sound, video and animation files as well as their grouping etc.) on the Bertelsmann SE & Co. KGaA website is protected by copyright and other protective laws. This legal protection also extends to databases and similar facilitites. The contents are freely usable only for their intended purpose of being viewed on the Internet. Beyond the limits of copyright law, the content of this website may not be reproduced, disseminated, altered or made accessible to third parties in any form without the written permission of the Bertelsmann SE & Co. KGaA. Some sections of the Bertelsmann SE & Co. KGaA website also contain pictures that are subject to third-party copyrights. Unless otherwise specified, all brand names and logos on the Bertelsmann SE & Co. KGaA website are trademarked.

Implementation

The ESS employee portal is a service of the following department: Personalinformations- und Abrechnungssysteme (ZPI).

Bertelsmann SE & Co. KGaA
Personalinformations- und Abrechnungssysteme (ZPI)
Carl-Miele-Str. 214
33311 Gütersloh

Licence certificates

Purchased pictures: Login page: © Michael Sapryhin - stock.adobe.com