We take the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in accordance with the applicable legal data protection requirements for the purposes listed below. Personal data in the sense of this data privacy information is all information that is related to your person.
Controller within the meaning of the General Data Protection Regulation (“GDPR”) is:
Phone: +49 (7541) 9338-96
Questions and comments on data protection:
If you have any questions or comments on data protection, you can also contact our person responsible for data protection directly.
- ’personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;- ’personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
Collection of your personal data
As part of our application process, we collect personal data for the purposes of recruitment, resource planning, business control, information security and data protection. This includes:
Special categories of data: Insofar as special categories of personal data according to Art. 9 GDPR are processed, e.g. data on health, this is done on the basis of Art. 9 para. 2 lit. b GDPR. Processing may also be necessary to assess your ability to work in accordance with Art. 9 Para. 2 lit. h GDPR. Personal data relating to criminal convictions will only be requested if permitted or required by applicable law.
Data from interview and recruitment test: As part of the application process, we may conduct interviews and recruitment tests with you. We may also receive information from individuals or companies that you have provided as references. We use the information obtained, such as the results of the recruitment test, to make a final recruitment decision.
Talentpool: On the basis of your consent according to Art. 6 para. 1 lit. a GDPR, we offer applicants admission to our talent pool. In this way we can stay in contact with you and take you into account when looking for employees or filling current or future vacancies in our company or our affiliated companies. Admission to our talent pool is voluntary and has no influence on current application procedures.
For privacy purposes, we store the login times of registered Talent Pool users. Two years after the last login, your talent pool profile including user account will be deleted.
Statistics for resource planning and business control: Personal data which we have collected in the context of our application procedures will be processed in anonymous form for the purpose of creating statistics for resource planning and business control.
Purposes for the performance of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR)
We process the data you have sent us in connection with your application in order to assess your suitability for the position (or any other open position in our company) and to complete the application process.
Legal basis for the processing of your personal data in this application procedure is primarily Art. 6 para. 1 lit. b GDPR. It allows the processing of the data required in connection with the decision to establish an employment relationship.
Should the data be necessary for legal prosecution after completion of the application procedure, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6 para. 1 lit. f
Purposes in the context of a legitimate interest of us or third parties (Art. 6 para. 1 lit. f GDPR)
We may also use your data on the basis of a balance of interests to protect the legitimate, usually economic interests of us or of third parties, in particular for the following purposes:
- the processing and control of business transactions;
- the recruitment of employees, incl. HR marketing;
- the assertion of legal claims and defence in legal disputes;
- the detection, prevention and investigation of criminal offences;
- ensuring information security and the operability of our IT systems;
- the building and facility safety;
- the performance of data protection measures and activities
Purposes within the scope of your consent (Art. 6 para. 1 lit. a GDPR)
Your personal data may also be processed for certain purposes with your consent. You can revoke your consent at any time with effect for the future.
Purposes for fulfilling legal requirements (Art. 6 para. 1 lit. c GDPR)
We are subject to a large number of legal obligations, such as the legal retention obligations of business documents, and may process your personal data for these purposes. Furthermore, the disclosure of personal data within the framework of official/judicial measures may become necessary, e.g.for the purpose of securing evidence or prosecution.
Direct advertising & promotional communication
Subject to legal permissibility, we use your personal data for purposes of direct advertising for our products and services, as well as for promotional communication with you. Promotional communication can take place via email, telephone, letter, video conferences, chat or messenger services.
You can object to data processing for purposes of direct advertising and promotional communication at any time. The objection can be made form-free. Our contact details can be found at the beginning of this document.
Data categories for indirect collection
We process personal data that we have received directly from you or from third parties. In addition, we process personal data that we have legitimately collected or received from publicly accessible sources (e.g. press, Internet and other media) and we are allowed to process. These include in particular the following data categories:
- master data
- contact details
- Personal skills and qualifications data
- communication data
- contract data
- business transaction
- data protection
Transfer within the EU
Within our company, those internal departments or organisational units that need your data to fulfil our contractual and legal obligations or within the framework of the processing and implementation of our legitimate interest receive it.
Your data will only be passed on to external third parties
- in connection with the initiation or processing of the contract with you;
- for the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data;
- if external service companies process data on our behalf as processor;
- on the basis of our legitimate interest or the legitimate interest of the third party for the purposes mentioned (e.g. to authorities, lawyers, courts, affiliated companies);
- if you have given us your consent to transfer your data to third parties
Beyond that, we will not pass your data on to third parties. As far as we commission service providers within the scope of a data processing agreement, your data are subject there to the same security standards as with us. In all other cases, recipients may only use the data for the purposes for which they were transferred to them.
Transfer outside the EU
A transfer of data to entities in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) takes place if it should be necessary for the execution of an order/contract from or with you, if it is legally required (e.g. tax reporting obligations), if it is within the scope of a legitimate interest of us or a third party or if you have given us a consent.
The processing of your data in a third country can also take place in connection with the involvement of service providers in the context of data processing. If the EU Commission does not decide on an appropriate level of data protection for the country concerned, we guarantee that the rights and freedoms of data subject are adequately protected and guaranteed in accordance with EU data protection regulations. We will provide you with detailed information on request. You may obtain the copy of such information or information on appropriate guarantees upon request, from our company’s data protection responsible person.
Data transfer when hiring
If you are hired, your data will be transferred from our applicant management system to our HR systems. Your data will be processed there as employee data.
Consequences of failure to provide data
According to Art. 13 para. 2 lit. e GDPR we are obliged to inform you that you are not obliged to provide us with your data. Without your data, however, we will not be able to consider you when selecting applicants.
Automated decision making and profiling
We do not use purely automated decision-making procedures in accordance with Article 22 GDPR. If we should nevertheless use such a procedure in individual cases in the future, we will inform you of this separately, insofar as this is prescribed by law.
Duration of storage
Applicant data will be deleted after six months in the event of rejection, with the exception of data that we must continue to store to meet legal obligations or until the statutory limitation periods in respect of legal claims against us have expired.
If you have been accepted for a position as part of the application process, your personal data may be transferred from the applicant data system to our personnel information system, used for other employment-related purposes and stored in the Talent Pool for possible future positions. Your personal data may be subject to further privacy notices.
Your application documents and other personal data stored in the Talent Pool will be automatically deleted at the latest two years after your last successful sign-in to the Talent Pool. However, you can also revoke your consent at any time for the future and declare your objection within the meaning of Art. 21 GDPR.
Rights of data subjects
You may exercise the following rights under applicable data protection laws:
- Right of access by the data subject in accordance with Art. 15 GDPR
- Right to rectification in accordance with Art. 16 GDPR
- Right to erasure in accordance with Art. 17 GDPR
- Right to restriction of processing in accordance with Art. 18 GDPR
- Right to data portability in accordance with Art. 20 GDPR
- Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR
Right to revoke
You have the right to revoke consents granted in accordance with Art. 7 para. 3 GDPR.
Right to object
In accordance with Art. 21 GDPR, you have the right to object. The objection can be made form-free. Our contact details can be found at the beginning of this document.
Changes to this document
We keep this document up to date and reserve the right to adapt our information on data protection accordingly.