We want to promote user trust in the web and therefore disclose the handling of personal data. Below you will find out what information we collect and for what purposes and how we handle it.
This data protection declaration contains special information for applicants as well as general information that applies to both the applicants and other visitors to our online offer.
As it is a matter of course for us to handle your data carefully and to treat it confidentially, we ask you to send us only serious applications and to check attached files for viruses, etc. in advance before you forward them to us.
Table of Contents
- Objective and responsibility
- Basic information on data processing and legal bases
- Safety Precautions
- Disclosure of data to third parties and third parties
- Purpose and scope of processing of applicant data
- Passing on of applicant data
- Method of submitting applications
- Retention and deletion of applicant data
- Collection of access data
- Cookies & range measurement
- Google Analytics
- Integration of third-party services and content
- Rights of users
- Deletion of data
Objective and responsibility
- You can contact our data protection officer at the e-mail address: firstname.lastname@example.org
- The term “user” used below includes both applicants and other website visitors. All terms used, such as “applicant”, are to be understood as gender-neutral. The term “applicant” includes persons that apply for both permanent and project-based freelance positions (in particular merchandiser).
Basic information on data processing and legal bases
- We process personal data of users only in compliance with the relevant data protection regulations. This means that user data will only be processed if a legal permission has been obtained. This means, in particular if data processing is necessary for the provision of our contractual services (e.g. processing of orders) and online services, or is required by law, if the user has given his or her consent, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our online services within the meaning of Art. 6 Para. 1 letter f. GDPR, or until the GDPR is valid on the basis of § 15 Paragraph 3 TMG), in particular for range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of the services of third-party providers.
- With regard to the processing of personal data on the basis of the Basic Data Protection Ordinance (GDPR), we would like to point out that the legal basis of the consents Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfil our services and implementation of contractual measures Art. 6 para. 1 lit. b GDPR, the legal basis for processing data with regards to the employment relationship, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR.
- We take organizational, contractual and technical security measures in accordance with the state of the art in order to ensure that the regulations of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
- The security measures include in particular the encrypted transmission of data between your browser and our server.
Disclosure of data to third parties and third parties
- Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, for billing purposes or for other purposes if these are necessary in order to fulfil our contractual obligations towards the users.
- If we use subcontractors to provide our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
- If content, tools or other means from other providers (hereinafter jointly referred to as “third providers”) are used within the scope of this data protection declaration and their named registered office is in a third country, it is to be assumed that data is transferred to the countries in which the third providers have their registered office.
- Third countries are countries in which the GDPR is not directly applicable law, i.e. in principle countries outside the EU or the European Economic Area.
- The transfer of data to third countries takes place either if an appropriate level of data protection, user consent or other legal permission is available.
Purpose and scope of processing of applicant data
- We process the applicant data only for the purpose and in the context of the application procedure in accordance with the legal requirements. Candidate data is processed in order to fulfil our contractual obligations and on the basis of our legitimate interests, as well as the interests of the applicants in carrying out a fast and effective application procedure.
- The application procedure requires that applicants provide us with their data. The necessary applicant data are marked as such in our online form. This includes personal data, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. For applications for project-related freelance work, this includes information on the existing driving licence, available passenger cars and storage areas, information on VAT deductibility as well as existing business liability insurance and the existence of a trade licence. In addition, applicants may voluntarily provide us with additional information. By submitting the application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this data protection declaration.
Passing on of applicant data
- We do not pass the applicant data on to third parties. However, we can be supported by external service providers or other companies within our group of companies as part of the application process. The service providers can also process applicant data. The service providers process the applicants’ data only on our behalf and on the basis of contractual obligations that provide for compliance with the agreed organisational and technical measures.
- Furthermore, the applicant data can be passed on if a position has been expressly advertised by several companies within our group of companies, i.e. if the application procedure is carried out by several companies.
- In all other cases, we ask the applicants for permission before we disclose their data.
Method of submitting applications
- Applicants can send us their applications using the contact form on our website. The data is encrypted and transmitted to us according to the state of the art.
- Alternatively, applicants can send us their applications by e-mail. Please note, however, that e-mails are not sent in encrypted form. We cannot therefore accept any responsibility for the transmission of the application between the sender and reception on our server and therefore recommend that you use the online form.
Instead of using the online application form and e-mail, applicants can still send us their application by post.
Retention and deletion of applicant data
- If the application is successful, the data provided by the applicants can be further processed by us for the purpose of employment, or in the case of merchandiser for the purpose of freelance-based work.
- Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.
Candidates will be deleted after a period of six months, subject to justified revocation, so that we can answer any follow-up questions to the application and meet our obligations under the General Equal Treatment Act (AGG).
- When contacting us (via contact form or e-mail), the user’s details are processed for processing the contact request and its handling.
- User data can be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization and must be stored as business letters for 6 years and, in the case of statutory tax relevance, for 10 years.
Collection of access data
- On the basis of our legitimate interests, we collect data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
- Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.
Cookies & range measurement
- If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
- Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
- We use Google Analytics only with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
- The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
- Further information on data use by Google, possible settings and objections can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using our partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”).
Integration of third-party services and content
- On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 letter f) DS-GMO), we use content or service offers from third-party providers within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as may be linked to such information from other sources.
- The following list provides an overview of third-party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out):
– Note on Google, Inc.: Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Rights of users
- Users have the right, upon request and free of charge, to obtain information about the personal data that we have stored about them. In addition, users have the right to correct incorrect data, to restrict the processing and deletion of their personal data, if applicable, to assert their rights to data portability and, in the event of the acceptance of unlawful data processing, to file a complaint with the responsible supervisory authority (Bavarian Data Protection Authority, P.O. Box 606, 91511 Ansbach).
- Likewise, users can revoke consents, in principle with effect for the future, without giving reasons.
Deletion of data
- The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to keep it in safekeeping. If the user’s data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.
- In accordance with statutory requirements, the records are kept for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).
Right of Objection
Users can object to the future processing of their personal data in accordance with legal requirements at any time without giving reasons. The objection may be lodged in particular against processing for direct marketing purposes.
- We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service or data processing. However, this only applies with regard to declarations on data processing. If user consents are required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the users’ consent.
- Users are asked to inform themselves regularly about the contents of the data protection declaration.