2 Specific data processing
2.1 Collection of information to use the online offer
- When using the online offer, information is automatically transferred to us by the user’s browser; this includes the name of the accessed website, file, date and time of access, volume of transferred data, report on successful access, browser type and version, the user’s operating system, referrer URL (the site visited beforehand), IP address, and the requesting provider.
- These data are processed for reasons of legitimate interest as per Article 6(1)(f) GDPR (e.g. optimization of the online offer), as well as to guarantee processing security as per Article 5(1)(f) GDPR (e.g. defence against and resolution of cyberattacks).
- This information is deleted automatically seven days after the connection ends – i.e. use of the online offer – as long as no further retention periods prevent this.
- The collection of data and storage of data in log files is critical for the provision of the online offer. For this reason, the user does not have the option of deletion, objection or correction.
2.2 Contact form and email contact
- When contacting us (using an online form or by email), the data provided by the user is only used to process the query and to execute it.
- Additional use of the data only takes place with the user’s consent.
2.3 Links to other websites
- You may be automatically transferred to other websites when using some of our services.
- Please note that this data protection declaration does not apply there. The data protection declaration of the linked website may differ considerably from this one.
2.4 Google Analytics
- 1. With your consent, we use Google Analytics to analyze and optimize our online offer, as well as to facilitate its commercial operation, as per Article 6(1)(a) GDPR. Google Analytics is a Web analysis service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) – hereafter “Google”. Google uses cookies and additional technology. Information generated by the service resulting from the use of the online offer by users is transferred to a Google server in the USA and processed there.
- Google operates for us in an order processing capacity as per Article 28 GDPR. We have concluded a data protection agreement with Google that contains the standard EU data protection clauses.
- We use Google Analytics with activated IP anonymization.
- Google Analytics stores cookies on your Web browser for two years following your last visit. These cookies contain a randomly generated user ID that means you can be recognized during subsequent website visits. Users can prevent the storage of cookies with the corresponding setting in their browser software.
- The recorded data are stored with the randomly generated user ID, facilitating the evaluation of pseudonym user profiles. These user-related data are deleted automatically after 26 months. Other data remain stored in an aggregate form.
- You can find additional information on data usage by Google, as well as setting and revocation options, on Google’s websites:
https://policies.google.com/technologies/partner-sites?hl=de ("Data usage by Google when you use our partners' websites or apps")
https://policies.google.com/technologies/ads ("Data usage for advertising purposes")
https://adssettings.google.com/authenticated ("Control information that Google uses to show you ads").
2.5 Google Tag Manager
- This website uses Google Tag Manager. This service facilitates the use of website tags via a user interface. Google Tool Manager only applies tags. This means that no cookies are deployed and no personal data are collected. Google Tool Manager triggers other tags that may in turn collect data. However, Google Tag Manager does not access these data.
- If deactivation has been performed at a domain or cookie level, this remains the case for all tracking tags provided that these have been applied by Google Tag Manager.
2.6 Google Fonts
- Our website uses Google Fonts from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA).
- The use of Google Fonts takes place without authentication and no cookies are sent to the Google Fonts API. If you have a Google account, none of your Google account data will be transmitted to Google while you are using Google Fonts. Google only records the use of CSS and the fonts used and stores this data securely.
- You can find more about these and other questions at https://developers.google.com/fonts/faq.
- Information on the type of data recorded by Google and the purpose for which they are used can be found at https://www.google.com/intl/de/policies/privacy/
2.7 Consent Management
- Our website uses cookie consent technology from “Complianz GDPR/CCPA Cookie Consent” in order to obtain your consent to the storage of specific cookies on your browser and to document this in a manner that complies with data protection regulations. The company providing this technology is Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands (hereafter “Complianz”)."in order to obtain your consent to the storage of certain cookies in your browser and to document them in compliance with data protection regulations. The provider of this technology is Complianz BV, Atoomweg 6b, 9743 AK Groningen, Netherlands (hereinafter Complianz).
- If you visit our website, a Complianz cookie is saved on your browser and stores the consent you have provided or your revocation of this consent.
- The recorded data are stored until you request that we delete them or you delete the Complianz cookie yourself or the purposes for storing the data expires. Mandatory legal retention periods remain unaffected.
You can find details on data processing by Complianz at https://complianz.io/privacy-statement.
- Complianz cookie consent technology is used to obtain statutory consent for the use of cookies. The legal basis for this is Article 6(1)(1)(c) GDPR.
2.8 Application process
To ensure improved legibility, gender-neutral language will be employed within the context of the following explanations. All personal designations apply to all genders: m/f/x.
2.8.1 Connectoor platform
- We use the recruitment tool Connectoor for the receipt and management of applications and therefore for the purpose of the (potential) establishment of an employment relationship. The application provider is jobEconomy GmbH (Meinekestr. 26, 10719 Berlin, Germany).
- The privacy policy of this provider can be found here: https://www.connectoor.com/datenschutz/. Please note that, despite our incorporation of Connectoor, we remain responsible for processing.
- If you apply to us via Connectoor, the following takes place: the provider collects the following data from you on our behalf:
Your title, first and last name, availability dates, and other data from your application.
- We are then able to access this recruitment tool internally and view your application data. We then have the following possibilities: production of notes associated with your application data; internal communication regarding your application (where relevant, with the department in question); documentation of the decision regarding the subsequent processing of the application: invitation to one or several interviews, invitation to one or several trial working days, transmission of an employment contract document, production of a rejection, or implementation of onboarding activities. You can find further information on possible application areas here: https://www.connectoor.com/funktionen/
- The legal basis for this is Article 88(1) GDPR in conjunction with Section 26(1) German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), whereby processing of application data is permitted even without the applicant’s consent if this is required to make a decision regarding the establishment of an employment relationship. In addition, the assertion of this legal basis does not prevent our use of an external service provider for this purpose, specifically the provider of Connectoor. We have carefully selected this provider, have lawfully established a binding contract with it and inspect it regularly. These processes are always in accordance with Article 28 GDPR, which governs so-called order processing.
- 6. In the event that an employment relationship is established between us, we store your application data until the statutory retention period expires; this is generally ten years following the termination of the employment relationship at the latest. In the event that an employment relationship is unfortunately not established, the following applies: it is of course never enjoyable to reject someone and we do not like to receive rejections ourselves. In the unfortunate event that this happens, we store your application data for six months following receipt of the respective rejection. Here we invoke Article 6(1)(f) GDPR. Under this provision, processing is permitted to safeguard the responsible party’s legitimate interests or those of a third party, providing the interests or basic rights and freedoms of the affected party requiring the protection of personal data do not prevail. Our legitimate interest is derived from Section 15(4) of the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz – AGG). Under this provision, a compensation claim for discrimination must be made in writing within a period of two months. This period begins with receipt of the rejection within the application process. In our opinion, if we are unaware of any complaint six months after rejection, it is safe to assume that such a complaint does not exist, and we are permitted to store the data to that point for the assertion of our legitimate interests (defending ourselves against a compensation claim). If you assert a breach of the rules that prevent discrimination, we are permitted to store data until the process is closed; this is also for the assertion of our legitimate interests (defending ourselves against a compensation claim). We exercise our right of instruction vis-à-vis the provider of Connectoor here in particular.
- There is no legal duty to collect this data during the application phase. It is nonetheless possible that the absence of some or all data could lead to queries. If this absence continues, recruitment may become impossible.
2.8.2 Direct applications
- We offer you the possibility of applying to us (e.g. by email, by post or via an online application form). Below, we provide information about the scope, purpose and use of your data collected within the context of the application process. We ensure that the collection, processing and use of your data comply with the applicable data protection law and all additional legal provisions, and that your data are handled in the strictest confidence.
- Scope and purpose of the data collection
If you send us an application, we process the personal data associated with it (e.g. contact and communication data, application documents, notes taken during interviews, etc.), providing that this is required to make a decision regarding the establishment of an employment relationship. The legal basis for this is Section 26 BDSG (initiation of an employment relationship), Article 6(1)(b) GDPR (general contract initiation) and – if you have provided your consent – Article 6(1)(a) GDPR. Consent may be revoked at any time. Your personal data are only transferred within our company to people who are involved in the processing of your application.
- If your application is successful, the data you have submitted will be stored in our data processing systems based on Section 26 BDSG and Article 6(1)(b) GDPR for the purposes of implementing the employment relationship.
- Data retention period
If we are unable to make you an employment offer, you reject an employment offer or you withdraw your application, we reserve the right to store the data you have transferred to us based on our legitimate interests (Article 6(1)(f) GDPR) for up to six months following termination of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. Retention primarily serves the purpose of verification in the event of a legal dispute. If it is evident that the data will be required after the six-month retention period has expired (e.g. due to threatened or impending litigation), deletion only takes place if the purpose for continued retention lapses.
- A longer retention period may however be applied if you have provided the appropriate consent (Article 6(1)(a) GDPR) or if legal retention obligations prevent deletion.
2.8.3 Inclusion in the applicant pool
- If we do not make you an employment offer, there exists the possibility of being included in our applicant pool. If included, all documents and information from your application will be transferred to the applicant pool to allow us to contact you if an appropriate vacancy opens.
- Inclusion in the applicant pool only takes place with your express consent (Article 6(1)(a) GDPR). Giving your consent is voluntary and does not affect the application process in progress. The affected party may revoke their consent at any time. In this case, the data will be irreversibly deleted from the applicant pool, providing no legal reason for retention exists.
- The data in the applicant pool will be irreversibly deleted two years after your consent has been given at the latest.