Data protection information on our processing of job applicant data under articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
1. Entity with responsibility for data processing; contact data
Responsible entity in terms of data protection law:
Auf dem Mutzer 11
Tel.: +49 (0)2163 947-754
Contact data for our data protection officer:
Auf dem Mutzer 11
2. Purposes and legal basis of our processing of your data
We process personal data in compliance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection rules (details below). Further details of, or supplements to, the purposes of the data processing can be found in the relevant contractual documents, forms, a declaration of consent and/or other information supplied to you.
2.1 Purposes related to performance of a contract or steps taken prior to a contract (article 6 (1) b GDPR)
Your personal data are processed for the purpose of processing your application in response to a specific advertisement of a vacant position or your unsolicited application, and in this connection particularly for the following purposes: examination and assessment of your suitability for the vacant position, assessment of performance and attitude within the legally permissible limits, where applicable for the purpose of registration and authentication of the application via our website, where applicable for the drafting of an employment agreement, the verifiability of transactions, orders/commissions and other agreements, also for quality assurance by way of the relevant documentation, measures for the fulfilment of general obligations of due care, statistical analyses of corporate management, travel and event management, travel reservations and settlement of travel expenses, authorization and credentials management, cost accounting and controlling, reporting system, internal and external communications, invoicing and valuation of operational performance for tax purposes (e.g. meals in canteen), expenses settlement via company credit card, health and safety at work, contract-related communication with you (including arranging dates and times), assertion of claims at law and defence in legal disputes; ensuring IT security (including system or plausibility tests) and general security, including safety of buildings and plant, securing and exercising right of admission by taking appropriate measures, such as, where applicable, CCTV for the protection of third parties and our staff and for the prevention and successful investigation of criminal acts and the preservation of the related evidence; ensuring the integrity, authenticity and availability of data; prevention and successful investigation of criminal acts; controls by supervisory bodies or authorities (e.g. auditing).
2.2 Purposes related to our or a third party’s legitimate interests (article 6 (1) f) GDPR)
In addition to the actual performance of the contract or pre-contractual requirements, we process your data in certain cases, when necessary, in order to pursue our or a third party’s legitimate interests. Your data are processed only if and to the extent that no overriding interests of yours mitigate against such processing. The processing is in particular for the following purposes: measures for the further development of existing systems, processes and services; comparison with European and international anti-terror lists in cases where this goes beyond the statutory obligations; enhancement of our data, inter alia through use of or research into data accessible to the public, where necessary; benchmarking; development of scoring systems or automated decision-making processes; security of buildings and plant (e.g. by admission controls and CCTV) in cases where this goes beyond general obligations of due care; internal and external investigations, security checks.
2.3 Purposes related to your consent (article 6 (1) a GDPR)
Your personal data may also be processed for specific purposes (e.g. obtaining references from previous employers or using your data for future vacancies) if you have given your consent. Normally you may revoke such consent at any time. You will be informed expressly at the appropriate point in the consent text about the purpose and the consequences of a revocation or a failure to give consent.
The basic rule is that a revocation of consent will only be effective for the future. Processing done before the revocation will not be affected and will continue to be lawful.
2.4 Purposes related to compliance with a legal obligation (article 6 (1) c) GDPR) or in the public interest (article 6 (1) f) GDPR)
Like everyone involved in economic activity, we too are subject to a number of legal obligations. Primarily, these are statutory requirements (e.g. German works constitution act, social security code, commercial and tax law), but there may also be obligations imposed by supervisory and other public authorities (e.g. employers’ liability insurance association). The purposes of processing may include, in certain cases, checks on identity and age, the prevention of fraud and money laundering, (e.g. comparisons with European and international anti-terror lists), company health management, ensuring safety at work, the fulfilment of control and notification obligations under tax law, the archiving of data for the purposes of data protection and data security, and for the purpose of auditing by tax consultants, auditors and tax and other authorities. Furthermore, it may become necessary to disclose personal data in the context of measures taken by courts or public authorities for the purpose of furnishing evidence, criminal prosecution or the enforcement of claims under civil law.
3. Categories of data processed by us in cases where we do not receive data direct from you; the origin of such data
In cases where this is necessary for the contractual relationship with you and the application you have submitted, we process data lawfully received from other sources or other third parties. We also process personal data which we have lawfully obtained, received or acquired from sources accessible to the public (e.g. telephone directories, commercial and club registers, population registers, the press, the internet and other media), where this is necessary, and we are allowed to process these data subject to the relevant provisions of statute law.
Relevant categories of personal data may in particular, where appropriate, be:
- Address and contact data (registration and comparable data, e.g. email address and telephone number)
- Information about you in the internet or in social networks
- Video data
4. Recipients or categories of recipients of your data
Inside our company, your data are received by those persons, offices or organisational units that need the data to fulfil our contractual and statutory obligations (such as managerial personnel and heads of department who are looking for new staff or who are involved in the decision on how to fill the position, accounts department, medical officer, occupational safety, where applicable staff representatives etc.) or within the framework of pursuing and implementing our legitimate interests. Your data are passed on to external persons or entities exclusively
- for the purpose of complying with statutory requirements, according to which we are obliged to provide information, ensure registration or disclose data (e.g. tax authorities) or when the disclosure of the data is in the public interest (see section 2.4);
- in cases where external service companies process data under commission from us as contracted processors or businesses to which operations have been outsourced (e.g. banks, external computer centres, travel agencies/travel management, print shops or companies providing data disposal, courier, postal or logistic services);
- on the basis of a legitimate interest or the legitimate interest of a third party for the purposes specified in section 2.2 (e.g. transfer to public authorities, enquiry agencies, lawyers, courts, expert witnesses, group affiliates, corporate bodies, supervisory authorities);
- if you have given us your consent to transfer of data to third parties.
We will not pass on your data to any further or additional third parties unless we have expressly informed you thereof. If we engage service providers to carry out contracted processing on our behalf, your data will be protected there by the same safety standards as ours, in order to give your data appropriate protection. In other cases the recipients may only use the data for the purposes for which the data were transferred to them.
5. Duration of storage of your data
We process and store your data for the duration of your application. This includes the period leading up to a contract (pre-contractual legal relationship).
We are in addition subject to various data retention and documentation obligations, which are stated inter alia in the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods prescribed therein for retention or documentation are up to ten years after the end of the business relationship or the pre-contractual legal relationship. Your original application documents will be returned to you, if you have not been engaged, at the end of a period of six months. Electronic documents are accordingly deleted after six months. Should we wish to store your data longer in case of future vacancies or if you have entered your data in an applicants’ pool, the data will be deleted at later points of time; you will be given the relevant details in connection with the process in question.
If and when the data are no longer necessary for the fulfilment of contractual and statutory obligations, they are normally deleted, unless their continued processing – with time limit – is necessary for the fulfilment of the purposes specified in section 2.2 on grounds of an overriding legitimate interest. Such an overriding legitimate interest is for example also present if deletion, because of the special method of storage, is not possible, or only possible at disproportionately great expense. In these cases we can store and use your data, where appropriate to a limited extent, even after our contractual relationship has ended, for a period agreed together with the purposes. The basic rule for such cases is that limited processing is substituted for the deletion of the data. In other words, measures are taken to block the data against their otherwise normal use.
6. Processing of your data in a third country or by an international organisation
Data are transferred to points in states outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if this should be necessary for the fulfilment of a contractual obligation towards you (e.g. application for a position outside Germany), or if it is in pursuit of our or a third party’s legitimate interest, or if you have given your consent.
In this context, your data can also be processed in a third country in connection with the use of service providers for the performance of contracted processing. If the EU Commission has not adopted a decision on an adequate level of data protection in the country in question, we will ensure, under the relevant EU data protection requirements and by means of the relevant written agreements, that your rights and freedoms are appropriately protected and guaranteed. Information on the suitable and appropriate guarantees and the possibility of obtaining a copy thereof – i.e. how and where to get it – can be requested from the company data protection officer or the HR department responsible for you.
7. Your data protection rights
Subject to certain conditions you can assert your data protection rights against us
Every person affected has the right to information under article 15 GDPR, the right to correction under article 16 GDPR, the right to deletion under article 17 GDPR, the right to restriction of processing under article 18 GDPR, and the right to data portability under article 20 GDPR. The right to information and the right to deletion are subject to the restrictions imposed by sections 34 and 35 BDSG. You also have the right to lodge a complaint with a data protection supervisory authority (article 77 GDPR in conjunction with section 19 BDSG).
Your requests regarding the exercise of your rights should wherever possible be directed, in writing, to the address given above or direct to our data protection officer.
8. Scope of your obligations to provide us with your data
You need only provide the data which are necessary for the processing of your application or for a pre-contractual relationship with us or which we are under a legal obligation to collect. Without these data we will normally not be in a position to continue to implement the application and selection process. If we request additional data from you, we will inform you expressly about the voluntary nature of your compliance.
9. Existence of automated individual decision-making (including profiling)
We do not make use of a purely automated decision-making process as referred to in article 22 GDPR. If we should however in future use such a process in individual cases, well will inform you separately provided this is required by law.
Information on your right to object, article 21 GDPR
1. You have the right to object at any time to the processing of your data on the basis of article 6 (1) f) GDPR (data processing on the basis of a weighing up of interests) or article 6 (1) e) GDPR (data processing in the public interest). This is however conditional on there being reasons present which are inherent in your particular personal situation. This also applies to profiling, within the meaning of article 4 no. 4 GDPR, that is based on the present provision.
If you lodge an objection we will cease to process your personal data, unless we can demonstrate that there are compelling and legitimate reasons for the processing which override your interests, rights and freedoms, or unless the processing serves the assertion, exercise and defence of legal claims.
You may of course withdraw your application at any time.
2. It is not planned to use your personal data for the purpose of direct advertising. We must nevertheless inform you that you have the right at any time to lodge an objection against advertising; this also applies to profiling insofar as it is connected with such advertising. We will respect and observe such objection for the future.
The objection need not be in a specific form and should if possible be sent to:
Auf dem Mutzer 11
Tel.: +49 (0)2163 947-754
Our data protection information on our data processing under articles 13, 14 and 31 GDPR may be amended from time to time. All changes will be published on this page. Superseded versions will be available for inspection in an archive.