It is our aim for you to feel at home on our website, which means that protecting your privacy and your personal rights is very important to us. Therefore, we would ask you to carefully read the summary below about how our website works. You can trust that your data will be processed transparently and fairly, and we will make every effort to handle your data carefully and responsibly.
Controller and data protection officer contact details
The controller as defined by the GDPR, other data protection laws applicable in EU Member States and other provisions aimed at protecting data shall be the company named in the respective job advertisement.
You can reach the company’s data protection officer by writing to: email@example.com
Scope of processing of personal data
We collect and use personal data from you only to the extent necessary to provide a functional website along with our content and services. Your personal data is only collected and used with your consent. An exception to this rule is where prior consent is not possible due to given circumstances and the processing of the data is permitted by statute.
The security of your personal data is of high priority to us. We therefore take technical and organisational measures to protect your data stored by us in order to effectively prevent its loss and its misuse by third parties. Our employees tasked with processing personal data in particular are bound by confidentiality obligations and are required to comply with these. Your personal data is secured by ensuring that it is transmitted in encrypted form; for instance, we use SSL (Secure Sockets Layer) to communicate with your web browser. A padlock symbol will be displayed by your browser so that you can see when an SSL connection has been established. To ensure that your data is protected at all times, the technical security measures undergo regular review and are adapted to new technological standards where necessary. These principles also apply to companies that we commission to process and use data in accordance with our instructions.
Purposes of processing and the legal principles governing how your personal data is processed
Your personal data may be processed on the basis of the following legal principles:
Duration of storage and routine erasure of personal data
We regularly delete your applicant data six months after having made a decision on the vacant position. In the event that we decide to welcome you as a new colleague, we will transfer your personal data to our personnel management system.
Collection of general data and information (log files)
In keeping with Art. 6, para. 1, letter f of the GDPR, our website collects a range of general data and information upon each access that is temporarily stored in a server’s log files. A log file is created as part of the automatic logging performed by the processing computer system. The following data may be collected:
The collection and storage of this data is required for the operation of the website in order to provide the website functionality and correctly deliver the content of our website. We also use the data to optimise our website and ensure the security of our IT systems. For this reason, the data is stored for a maximum of seven days as a technical precaution.
Processing personal data in connection with your application
a) Data you provide directly to us
We collect and use your personal data insofar as you provide it to us in connection with your application (letter of motivation, curriculum vitae, school certificates, training certificates and/or work references, as well as records created during telephone calls or job interviews with you). We also store correspondence (e-mail, letters) as well as any other documents you provide us with during the application process (e.g. recruitment tests). In individual cases, we also store particularly sensitive data (e.g. data on your health, religious beliefs or sexual orientation).
b) Data about you we obtain from other sources
In individual cases, we also obtain the aforementioned data from third-party sources, (e.g. headhunters, recruitment companies and personal data that is publicly accessible – XING or LinkedIN profile).
Based on Art. 6, para. 1, letters c and f of the GDPR, we use and store your personal data and technical information where necessary to prevent or investigate misuse or other illegal behaviour on our website, e.g. to maintain data security in the event of attacks on our IT systems. This may also be done on the basis of orders by public authorities or courts of law, insofar as we are required to do so by law, and also to preserve our rights and interests and to enable a legal defence on our part.
Transmission of personal data to third parties
When we transfer your personal data to somebody else, we always do so as securely as possible. For this reason, your data is only ever provided to service providers and partners who have gone through a rigorous selection process and are contractually obliged to comply with data protection requirements. We also only transmit your data to bodies which are located within the European Economic Area and are thus subject to strict EU data protection legislation or which are bound by a corresponding security standard. Transmission of data to third countries is not currently performed or planned.
a) Transmission among companies affiliated with the Group in accordance with Art. 6, para. 1, letter b of the GDPR
We transmit your personal data for the conclusion and performance of contracts relating to the performance of deliveries and services on our website to companies affiliated with the Group within Germany to be stored in central databases and for internal Group billing and accounting purposes. This is necessary in particular for you to be able to use all of our services.
b) Transmission to processors in accordance with Art. 28 of the GDPR
c) Transmission to other third parties in accordance with Art. 6, para. 1, letters c and f of the GDPR
Finally, we may transmit your data to third parties or government bodies under current data protection legislation if we are legally required to do so (e.g. on the basis of an order of a public authority or court of law) or if we are entitled to do so (e.g. because it is necessary for the investigation of criminal activity or to assert and enforce our rights and interests).
Of course, you have rights in connection with the collection of your data, which we are pleased to inform you about here. If you wish to make use of any of the following rights free of charge, simply send us a message. You can use the following contact details without incurring any costs other than those charged by your communications provider for transmitting the message:
By email: firstname.lastname@example.org
For your own security, we reserve the right to acquire further information needed to confirm your identity when responding to an existing enquiry. If identification is not possible, we also reserve the right to refuse to respond to your enquiry.
a) Right to information
You have the right to demand information from us on the personal data stored about you.
b) Right to rectification
You have the right to demand immediate rectification and/or completion of the personal data stored about you.
c) Right to restrict processing
You have the right to demand that processing of your personal data be restricted if you dispute the accuracy of the data stored about you, if processing is unlawful and we no longer require the data, but you do not wish the data to be deleted and require it to assert, exercise or defend legal entitlements, or if you have disclosed your objection to its processing.
d) Right to erasure
You have the right to demand erasure of your personal data stored by us, unless the retention of the data is necessary for freedom of expression, for freedom of information, for compliance with a legal obligation, for reasons in the public interest, for asserting or defending against legal claims or for exercising legal rights.
e) Right to information
If you have asserted your right to rectification, to erasure or to place restrictions on processing, we will notify all recipients of the your personal data of how this data has been rectified, erased or is now subject to restrictions on processing, unless it is impossible to do so or involves disproportionate effort.
f) Right to data portability
You have the right to have a copy of the data that you have provided us with sent to you or a third party in a structured, standardised and machine-readable format. If you demand that the data be sent directly to another data controller, this will only be done if it is technically feasible.
g) Right to object
If your personal data is being processed on the basis of legitimate interests in accordance with Art. 6, para. 1, letter f of the GDPR, you have the right to object to processing at any time in accordance with Art. 21 of the GDPR.
h) Right to withdraw consent
You have the right to withdraw your consent for the collection of data at any time with future effect. The data collected until the withdrawal takes legal effect remains unaffected by this. We hope that you understand that it may take some time to process your withdrawal for technical reasons and that you may continue to receive messages from us during this time.
i) Right to submit a complaint to a regulatory authority
If the processing of your personal data violates data protection legislation or if your data protection rights have been violated in any other way, you may submit a complaint to the regulatory authority.
Data that we are required to store in accordance with statutory obligations, articles of association or contractual retention requirements will be restricted instead of being erased in order to prevent its usage for other purposes.
Links to the websites of other companies
Our website contains links to the websites of other companies. We are not responsible for the data security precautions of other websites accessible via these links. Please enquire through these external websites about their respective privacy policies.
Version: September 2018, Version 2.0