Table of contents
- General information about data protection
- Information for applicants
- Information for business partners
1. General information about data protection
1.1 Information about the responsible party:
Im Neuen Felde 87
Protecting your personal data is particularly important to us. Your personal data is processed under the data protection regulations, in particular the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG - new).
The following information provides an overview of the nature, extent and purpose of the collection, processing and transmission of personal data and the security measures used to protect this data.
Personal data is individual information about personal or factual circumstances of an identified or identifiable natural person, such as your name, address, telephone number, date of birth, and email and IP address.
1.2 Legal bases for processing personal data
- Art. 6(1)(a) EU GDPR is the legal basis for the processing of personal data, provided we obtain the consent of the data subject. In accordance with Art. 7(3) EU GDPR, you can withdraw your consent to the processing of your personal data at any time for the future.
- Art. 6(1)(b) EU GDPR is the legal basis for the processing of personal data that is required for the performance of a contract or for the implementation of pre-contractual measures.
- Art. 6 (1)(c) EU GDPR is the legal basis when the processing of personal data is necessary to fulfil a legal obligation to which our company is subject.
- Art. 6 (1)(f) EU GDPR is the legal basis when the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. In this case you have the right to object under Art. 21 EU GDPR.
1.3 Data erasure and storage period
Personal data will be deleted as soon as the purpose of storage ceases to apply. Your personal data may be stored beyond this if our company has to abide by legally prescribed retention obligations.
1.4 Your rights
Upon written request, we will inform you in accordance with Art. 15 EU GDPR and our legal obligation under Art. 12 EU GDPR whether and which of your personal data is processed or stored by us. Furthermore, you have the right to rectification of incorrect data under Art. 16 EU GDPR, right to data portability under Art. 20 EU GDPR, right to erasure of your personal data under Art. 17 EU GDPR – provided that there are no legal retention obligations to the contrary – as well as the right to restriction of processing under Art. 18 EU GDPR. Furthermore, you have the right to lodge a complaint with the competent supervisory authority under Art. 77 EU GDPR.
You also have the right to object under Art. 21 EU GDPR.
Of course, you have the option to withdraw your consent at any time with future effect under Art. 7(3) EU GDPR. To do so, please contact us at the contact address provided below.
If you have any questions regarding the processing of your personal data, you can contact our data protection officer, who is also available in the event of requests for information, suggestions, or complaints.
Data protection officer at
Im Neuen Felde 87
2.1 Provision of the website
Use of hosting service providers
Our website is hosted on servers located in the EU by a hosting service provider on the basis of a data processing agreement in accordance with Art. 28 EU GDPR. As part of its services, the hosting service provider may have access to personal data of our users, in particular to technical data that is generated as part of the technical communication between you and our website (e.g. server log files). The provider may not use this data for their own purposes. The use of a hosting service provider is based on our legitimate interests in accordance with Art. 6(1)(f) EU GDPR in the provision of infrastructure and platform services, computing capacity, email dispatch and security services.
Server log files
When you visit our website or use its services, the device you use to access the site automatically transmits log data (connection data) to our server. The relevant information consists of
- type and version of the browser you are using,
- type and version of the operating system you are using,
- referrer URL of the page from which you arrived at our website,
- date and time at which you accessed our website,
- name of the sub-pages you accessed,
- IP address of your computer system,
- transmitted data volume.
The collected data is used exclusively for statistical evaluations for the purpose of operation, security and optimisation of the offer. For security reasons, however, we reserve the right to subsequently check the log data if there is a justified suspicion of illegal use based on concrete indications. The data will not be stored longer than necessary for this purpose. This collection is based on our legitimate interests in accordance with Art. 6(1)(f) EU GDPR.
Cookies are small text files that are automatically created by your browser and stored on your device when you visit our website. Cookies do not harm your computer and do not contain viruses. Most of the cookies we use are deleted at the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognise your computer the next time you visit us (so-called persistent cookies). Thanks to these files, it is possible, for example, to have information displayed on the page that is specifically tailored to your interests.
Usercentrics: As a cookie consent management platform, we use the consent management service of Usercentrics. The provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. The purpose of data processing is to comply with legal obligations and to store consent. The legal basis is Art. 6 para. 1 lit. c EU DS-GVO. The consent data (consent given and revocation of consent) is stored for three years. For more information on the processing of your data at Usercentrics, please see the data protection provisions at www.usercentrics.com/privacy-policy.
Security of your data
We use technical and organisational security measures to adequately protect the data you provide against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. For example, we use SSL encryption to transmit confidential content, such as inquiries that you send to us as the site operator. You can recognise an encrypted connection by the address line of the browser changing from 'http://' to 'https://' as well as by the padlock symbol in your browser address bar. If SSL encryption is activated, the data you transmit to us cannot be read by third parties. We keep improving our security measures in line with the state of the art.
If you contact us (e.g. via contact form, email, telephone, social media), your personal data will be stored and processed by us for the purpose of handling the request and any associated follow-up questions in accordance with Art. 6(1)(b) EU GDPR (in the context of pre-contractual/contractual measures) or in accordance with Art. 6(1)(f) EU GDPR (general inquiries). We do not disclose this data without your respective consent.
The data you provide will remain with us until you request that we delete it, object to its storage, or the purpose for storing the data no longer applies (i.e. after we have completed processing your inquiry), provided that this is not in conflict with any statutory retention obligations.
2.3 Analysis tools
The analysis measures listed below and used by us are carried out on the basis of Art. 6(1)(a) EU GDPR (consent). By using these analysis measures we want to ensure the appropriate design and ongoing optimisation of our website. We use the analysis tools to record website use in a pseudonymised manner and evaluate this for the purpose of optimising our offer.
You can revoke your consent at any time with future effect.
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. Google Analytics uses so-called cookies. These are text files that are stored on your computer. They make it possible to analyse your use of the website. User and event data are automatically deleted after 14 months.
- IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other states party to the agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google uses this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
- Browser plug-in / prevention of data collection
- Data processing agreement
We have entered into a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Ads / Remarketing / Conversion Tracking / Double Click Ad
2.4 Third-party content and services
Based on our legitimate interest under Art. 6(1)(f) EU GDPR, content, services, and products of other providers that complement our offer are integrated within our online offer. Using the services mentioned below helps us to ensure an appropriate design and the continuous optimisation of our website. If we require your consent for the use of these services, the legal basis is Art. 6(1)(a) EU GDPR. You can revoke your consent at any time with effect for the future.
Google Tag Manager
Our website uses Google Tag Manager. Google Tag Manager is a solution from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland with which we can manage website tags via an interface. The tool itself (which implements the tags) is a cookie-less domain that does not collect any personal data. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a user has deactivated cookies at the domain or cookie level, activation remains in place for all tracking tags implemented with Google Tag Manager. The tags used are individually named below. You can customise the settings for these tags in the privacy settings, for example, by deactivating cookies for these elements.
Links to third-party websites
2.5 Social Media
We maintain publicly accessible online presences in social networks for communication with the customers and interested parties active there as well as for the presentation of our services.
The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 para. 1 lit. f. EU DS-GVO. If the users are asked by the respective providers of the platforms for consent to data processing or if the user voluntarily sends information to our online presences, the legal basis of the processing is Art. 6 (1) lit. a EU DS-GVO in conjunction with Art. 7 EU DS-GVO. If this information contains contract-relevant content, the legal basis is Article 6 (1) (b) of the EU Data Protection Regulation.
For a detailed description of the respective processing and the opt-out options, please refer to the information of the providers linked below.
In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
- LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.
We generally address persons of legal age with our online offer. Personal information of persons who have not yet reached the age of 16 may only be made available to us with the express consent of the legal guardian (Art. 8 EU GDPR). Processing without the consent of the legal guardian is not permitted. We therefore reserve the right to delete all data relating to minors if we do not have the consent of a legal guardian.
3. Information for applicants
3.1 Purpose and legal basis for collection and processing
Your data will be processed by us for the purpose of processing your application in accordance with Art. 88 EU GDPR in conjunction with Art. 26 BDSG-new. If special categories of personal data within the meaning of Art. 9(1) EU GDPR are voluntarily disclosed during the application process, their processing is additionally carried out in accordance with Art. 9(2)(b) EU GDPR.
3.2 Recipients of your data
Recipients of your data are the parties involved in the human resources process (including human resources, managers and department heads) of the responsible party. Your data will be treated as strictly confidential and will not be passed on to third parties without your respective consent. There are no plans to transfer your data to third countries or international organisations.
3.3 Storing your data
Your application data will be deleted 180 days after the position has been filled. If you are also interested in future advertised positions, we require your written consent to store your application documents for a longer period of time. Under Art. 7(3) EU GDPR, you can withdraw this consent for the future at any time. To do so, please send an email with the corresponding note to the contact address given above.
4. Information for business partners
4.1 Purpose and legal basis for collection and processing
Primarily, data processing is used to establish, implement, and terminate the contractual relationship. The primary legal basis for this is Art. 6(1)(b) EU GDPR. Without using your data in this way, it is not possible to create a business relationship between you and us.
We also process your data on the basis of Art. 6(1)(f) EU GDPR to protect our legitimate interests or those of third parties (e.g. authorities). This may be necessary, for example, to maintain IT security and IT operations or for purposes of corporate management, internal communication and other administrative purposes. You may object to this processing by stating specific reasons in accordance with Art. 21 EU GDPR.
In addition, we process your data to fulfil legal obligations such as regulatory requirements, commercial and tax retention obligations or documentation obligations. The legal basis for this is Art. 6(1)(c) EU GDPR in conjunction with the nationally applicable laws.
In individual cases, we may also process your data on the basis of your separate consent granted to us in accordance with Art. 6(1)(a), 7 EU GDPR (e.g. as part of the registration for our newsletter or the publication of photos and videos). You are always free to decide whether you wish to give your consent. Once you have given your consent, you can withdraw it at any time with effect for the future. To do so, use the link provided in the respective action or send corresponding requests to the contact address given above.
If we process your personal data for a purpose not mentioned above, we will inform you in advance.
4.2 Recipients of your data
Within our company, your personal data is only received by those persons who need it to fulfil our contractual and legal obligations. In addition, we sometimes use different service providers to fulfil these obligations and so it may be necessary to disclose your personal data to other recipients outside the company, insofar as this is necessary to fulfil our contractual and legal obligations. These third parties may be, for example, authorities, financial institutions, suppliers etc.
We sometimes use external service providers for the technical processing of your data. We may transfer and process the data outside the country in which you reside / have your company headquarters or in one of the countries in which we operate. These may also be located outside the European Economic Area (EEA). If we transfer personal data to service providers or companies outside the EEA, your data is only transferred if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding corporate data protection regulations or EU standard contractual clauses) are in place. You can also request detailed information using the contact information above.
4.3 Storing your data
We only store your personal data for as long as it is required for the above-mentioned purposes. After termination of the contractual relationship, your personal data will be stored for the time period we are legally obliged to do so. This regularly results from legal record keeping and retention obligations, which are regulated, among other things, in the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). These obligations result in storage periods of up to ten years. In addition, personal data may be retained for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years).