As of January 2022
As the controller, we hereby comply with our duty to provide information and inform you about the nature, scope, purposes, and other details regarding the processing of personal data. First of all, we provide general information on this, insofar as it relates to all processing or represents overriding regulations for this. This is followed by information on individual processing operations.
For offers of other providers, which are referred to e.g. via links, their conditions and privacy policies apply.
Under the term ‘General explanations’ we have compiled information in order to avoid overloading the content with additional information and having to repeat it.
In particular, we would like to refer to the explanations on the data categories, which should enable a better understanding of the descriptions concerning the processing operations.
Auf den Häfen 12-15
28203 Bremen, Germany
Shareholders: Florian Bonert, Dennis K. Njuguna, Leon P. Trippel
Contact email: firstname.lastname@example.org
In carrying out our activities, the transfer or disclosure may be necessary in the context of the processing of personal data, in particular if one of the following reasons based on the indicated legal basis applies:
Categories of recipients in the context of our activities and operations may include in particular:
In addition, we point out in the individual processing operations if further recipients come into consideration.
In order to carry out our activities, we also use service providers bound by instructions as processors within the scope of the processing of personal data, who are also considered recipients of the data within the meaning of data protection. A contract for commissioned processing ensures in particular that the processing is carried out on the basis of our instructions, that sufficient guarantees exist for compliance with suitable technical and organisational measures, and that the rights of the persons affected are guaranteed.
In general, we use service providers for the following processing purposes:
In addition, we point out in the individual processing operations when processors are used.
We store personal data as long as it is necessary for the purposes of the corresponding processing (Art. 5 para. 1 lit. c DSGVO), legal retention periods exist (Art. 6 para. 1 lit. c DSGVO) or we have a legitimate interest in the storage (Art. 6 para. 1 lit. f DSGVO) or a corresponding consent from the affected person exists (Art. 6 para. 1 lit. a DSGVO).
We store data in accordance with the following rules for the duration specified in each case and delete or destroy it after the specified storage period has expired:
The beginning of a time limit is usually the end of the calendar year or the month in which the last event for the respective processing took place (e.g. enquiry, order, delivery, legal transaction, end of a contract through performance, expiry or termination, invoicing, receipt of payment).
After the storage period has expired, it is reviewed whether further storage is necessary. If circumstances arise during storage (e.g. conclusion of a contract, negotiations about claims, legal disputes, etc.) that make a longer storage period necessary, these periods are extended accordingly.
Special features regarding the storage period of certain processing operations are indicated at the appropriate place. If no information is provided for the corresponding processing, the storage period is based on the criteria mentioned above.
As a rule, no decision vis-a-vis persons based exclusively on automated processing or profiling within the meaning of Article 22 of the GDPR takes place. If such procedures are used in individual processing operations, we will point this out and provide meaningful information about the logic involved and the scope and intended effects.
If a person is affected by the processing of personal data by us (e.g. as a user of our online services, customer, contact person, employee or applicant, etc.), they have various rights vis-a-vis us:
It may also make use of the right of appeal to a supervisory authority under data protection law in accordance with Art. 77 DSGVO.
We would like to point out that the claims are subject to the legal requirements and may also be restricted under certain circumstances (e.g. § 34 BDSG).
In order to exclude abuse, we must be certain of the identity of the persons concerned, depending on the form (e-mail / in writing), content and scope when exercising rights. Please note that we therefore require and, if necessary, request corresponding identification and verification documents.
To exercise your rights, please use the contact information above.
If processing takes place on the legal basis of consent, this can be revoked.
Revocation of consents:
Consents to the processing of personal data may be revoked by the affected person at any time, becoming effective in the future. However, processing based on consent prior to revocation is not affected by this.
The revocation shall be made by the person affected or, in the case of a child, by the holder of parental control.
We regularly provide specific ways to revocation consents, but it can also be done using the contact above.
A right of objection can be considered for certain processing operations.
Right of objection in individual cases:
If the processing is based on a legitimate interest (Art. 6(1)(f) DSGVO), the affected person may exercise their right to object under Art. 21 DSGVO, in particular if there are grounds arising from their particular situation or if their personal data are used for direct marketing purposes.
If necessary, we will point out special options for objecting to certain processing operations. Otherwise, the above contact information can be used for an objection.
In the following, we explain the processing within the framework of the online offers and media services provided and offered by us.
Our online offers serve the purpose of general communication, the offering and presentation of information about us as well as the provision of benefits and services within the scope of our contract fulfilment or pre-contractual measures. For the provision, the users’ page views are processed and the corresponding content data is provided and transmitted.
The resulting connection data is stored in a log file. The storage is pseudonymised by replacing the identifiable data (in particular the IP address) anonymised by removing the identifiable data (in particular the IP address).
The connection data is stored to ensure the information security and functionality of the website. An evaluation may also be carried out for these purposes.
The regular deletion of the log data takes place after 6 months of their collection at the latest.
In order to provide certain options for using the website, it is technically necessary to save a cookie (see below) in the browser to assign the user to a specific session. This includes, in particular, functions such as a login, user settings, shopping cart and selection options as well as forms, but also security functions to exclude spamming and misuse, etc.
There is no possibility to object to the processing, as the collection and storage of the data is absolutely necessary for the provision. A deletion in the log file is disproportionately costly due to a hardly possible allocation and the data consistency of a log file.
The provision of the data takes place within the framework of the use of the offers. Use is not possible without the provision.
The legal basis for data processing in the context of provision is our legitimate interest resulting from this purpose (Art. 6 para. 1 lit. f DSGVO). Insofar as online offers are necessary for the fulfilment of a contract with the user or pre-contractual measures at the user's request, the legal basis in this respect is also Art. 6 para. 1 lit. b DSGVO. If and insofar as we obtain consent for processing in the context of provision, this is the legal basis (Art. 6 para. 1 lit. a DSGVO).
We also use links to offers from other providers on our online offers in order to optimise functionality and increase user-friendliness. The respective provider or operator is controlling these linked offers. We have no influence on the processing. In this respect, we refer to the privacy policies of the providers of these offers in order to get an appropriate picture of the processing.
To protect our online offers from spam and abuse, we use the 'Friendly Capture' tool. This privacy-friendly tool processes the data of the user's browser request and uses an algorithm to determine whether it is a request from a regular user or an abusive, mostly automated request. The data processed in this process is anonymised so that it is not possible to draw conclusions about specific users with the data. The use of some offers is not possible without the use of this service.
The data is stored anonymously.
The legal basis is our legitimate interest, which results from the purpose of the processing (Art. 6 para. 1 lit. f DSGVO).
We use an analysis tool (Matomo) to evaluate and analyse the use of our online services as well as for error and security analysis. In this process, content accessed, elements used, and the connection data transmitted in the course of page views are stored and evaluated in order to draw conclusions about user behaviour, optimise content and analyse errors. The data is not processed to clearly identify persons. In particular, no cookies are set and the IP address is mathematically rendered unrecognisable (masking) before storage, which means that identification of the user is no longer possible (anonymised).
It is not possible to use our online services without providing the necessary data.
The storage period of the data is 6 months.
The legal basis is our legitimate interest resulting from the stated purpose (Art. 6 para. 1 lit. f DSGVO).
If you contact us using the provided contact form, we store and process the contact data provided and the content data transmitted in connection with this in order to be able to answer the enquiry.
We carry out the processing in the context of pre-contractual measures if it is a corresponding enquiry (legal basis Art. 6 para. 1 lit. b DSGVO). Furthermore, we have a legitimate interest in answering enquiries to or about us and our services and to process data accordingly for this purpose (legal basis Art. 6 para. 1 lit. f DSGVO).
Interested persons can register for initiatives without obligation on our website. Initiatives are projects initiated by public or private initiators that are offered and carried out by one or more providers – usually in order to enable interested persons to benefit from advantages that are otherwise not readily available (e.g. through subsidies, group discounts, etc.). In addition, supplementary services can be offered by other providers within the framework of the initiatives, e.g. for financing, renting/leasing facilities or insuring against risks.
Within the framework of the initiatives, we act as an intermediary between the providers offering the respective service contents and the respective interested persons. In doing so, we pass on the necessary data to the providers so that they can contact the interested persons in order to submit offers or carry out further necessary coordination or planning. In addition, we inform interested persons about news on the initiatives with their consent. Interested persons can unsubscribe from the initiatives at any time and thus revoke their consent for the future.
Registration takes place with a double opt-in procedure (by means of confirmation of the e-mail address) in order to prevent misuse. Subsequent access to the registration information and information on the initiatives also takes place via an opt-in procedure.
Provided the interested person consents, their name will also be made known to other interested persons in the context of overviews. This consent can be revoked at any time with effect for the future and also ends if the interested person unsubscribes from the initiative.
The purpose of the processing is both the realisation of the activities within the framework of the contractual agreements and the communication, documentation, administration and accounting required for this purpose.
Technically necessary cookies are utilized as part of the registration process (user identification).
The provision of the data is necessary for the performance of our services as part of the referral. This is not possible without providing the required data.
Categories of data processed: Name, contact data, address data, data on the respective initiatives, organisational and processing data (correspondence, communication, appointments, notes, minutes, activities).
Recipients: Initiators as far as necessary for the realisation of the initiative; providers of services within the framework of the initiatives.
The legal basis is the fulfilment of the contract within the scope of our referral activities and pre-contractual measures in the case of enquiries by the interested person, Art. 6 para. 1 lit. b DSGVO as well as our legitimate interest (efficient realisation and administration), Art. 6 para. 1 lit. f DSGVO; consent, if we obtain one for certain processing purposes, Art. 6 para. 1 lit. a DSGVO.
We provide the option of registering/creating a user account for authentication on our website in order to provide protected content or downloads, in particular for our contractual and business partners as well as initiators of initiatives or their contact persons. An account is only set up on the basis of our invitation or upon request with our consent.
The following categories of data are collected in the context of setting up a user account and its use: User information, contact data, address data, password (encrypted), usage data, connection data (exclusively for security and verification purposes). Technically necessary cookies are also used as part of the processing.
Legal basis: Processing is carried out in the context of contractual measures (Art. 6 para. 1 lit. b DSGVO) or the legitimate interest resulting from the processing purposes and the interest in efficient and secure administration (Art. 6 para. 1 lit. f DSGVO).
We maintain an online presence on the platforms of social media providers for the purpose of communicating with customers, suppliers and those interested in our company as well as for public relations, presentation and information about our services.
The interest of social media providers regularly lies in comprehensively using the users' data for the creation of user profiles and evaluations of usage behaviour. These are in turn used for market research and advertising purposes. For this purpose, cookies are regularly stored on the end devices of the users. In addition, user data can be assigned to their respective profiles if they are also members of the platform and are regularly logged in there. If users maintain a profile/account on social media, we recommend selecting the safest possible settings and using revocation options within the framework of the data protection settings available there. As far as known, we provide links to the individual providers.
We are controlling data protection jointly with the social media providers for as long as our content is used on the platforms, in particular for the collection of data. However, we do not have direct access to the providers' data. We point out that the exercise of the affected person rights (see above) is possible both towards the provider and towards us. It is much more efficient to exercise the affected person rights vis-à-vis the individual providers listed below. Further links to information from the providers can also be found with the details, in particular the privacy policies on the processing of data by them.
In particular, the following categories of data are processed: Name, contact data, authentication information, content data (video, audio, text), usage data (e.g. web pages visited, interest in content, access times), technically related meta and log data (e.g. device information, IP addresses).
The legal basis for the processing is Art. 6 (1) lit. f DSGVO, whereby the interest results from the stated purposes. If and insofar as a necessary consent is obtained for processing on the platforms, the legal basis is Art. 6 para. 1 lit. a DSGVO.
The data processed by us will be deleted after criteria for the general storage period. Regarding the storage period of the data on the respective social networks, we refer to the respective privacy policies.
Most social media providers or their parent companies are not based in the EU, but in a third country, usually the USA. As a precaution, we would like to point out that this may entail certain risks, especially in the enforcement of the rights of affected persons (deletion, information, correction, etc.), but also in the use of the data.
In the following, we provide information on processing that we carry out in the course of our activities and to which we also refer at the appropriate point.
For the purpose of general communication within the scope of our activities, we process the data required in connection with communication, e.g. when persons contact us (e.g. contact form, e-mail, telephone or also via social media), when information is provided to us at events, trade fairs or other opportunities to make contact (e.g. business card, entry in file of interested persons, verbal enquiry, etc.), or when we make contact for the purpose of initiating business, requesting information or for other operational reasons and also use publicly available information for this purpose.
Connection data and traffic data are stored in log files and possibly also history lists on end devices (e.g. telephones, e-mail transmission logs, etc.).
The master data required for communication is also stored in a central contact directory to ensure that it is up to date and to simplify processes, unless there are special reasons not to do so.
The provision of data is voluntary. Without provision, communication is not possible.
Affected persons: Employees; freelancers; customers, suppliers, service providers, interested persons, business partners, authorities or their contact persons; applicants.
Categories of data processed: Name, contact data, address data, content data, connection data, traffic data.
Recipients: We use processors (service providers, platform providers, service providers) as part of the processing.
The storage period of the data is determined by the general criteria (see above).
Data in the contact directory is checked regularly and on an ad hoc basis for up-to-dateness and relevance and deleted if necessary (e.g. termination of the contractual relationship, no feedback after contact requests).
Contract fulfilment and pre-contractual measures in the case of enquiries by the affected person, Art. 6 para. 1 lit. b DSGVO.
Our legitimate interest (results from the purposes), Art. 6 para. 1 lit. f DSGVO.
Consent, insofar as we obtain consent for certain processing purposes, Art. 6 para. 1 lit. a DSGVO.
For internal and external communication with participants (telephone calls, online meetings, web conferences, webinars, etc.), the necessary contact data, traffic data and content data are processed. For these purposes, we use service providers who, as telecommunication providers, are independent controlling parties within the scope of these services and are subject to telecommunications secrecy in accordance with § 3 TTDSG.
The video and audio contents are regularly not stored permanently. In the case of a webinar and insofar as all participants affected by a recording expressly consent, video and audio content may be recorded in individual cases. Names of participants, materials used and text content (chats and comments) are stored and processed according to their purposes for provision (e.g. logging, documentation).
Within the scope of use, cookies may also be used which are technically necessary for the realisation of the web conference (allocation and settings of the participants).
Categories of data processed: Name, contact details, user information, content data (video, audio, text, materials used), connection data, traffic data.
Recipients are the telecommunications service providers used. In addition, content data and contact data are disclosed to other participants in the course of planning and realisation, if and to the extent that they are provided voluntarily and are obviously intended for this purpose.
The storage period of the data is determined by the general criteria (see above). Traffic data is deleted by the respective telecommunication providers after the communication has ended, unless it is required for billing purposes or the users have given their consent to storage.
Legal basis: Contract performance and pre-contractual measures in the case of enquiries by the affected person, Art. 6 para. 1 lit. b DSGVO; our legitimate interest (results from the purposes), Art. 6 para. 1 lit. f DSGVO. Consent, if we obtain one for certain processing purposes (e.g. a recording), Art. 6 para. 1 lit. a DSGVO.
Within the framework of the conclusion of contracts as well as for the provision of services and the execution of contracts, including the initiation, negotiation, and execution of contracts, we process data of customers, clients, business partners and interested persons or the corresponding contact persons (affected persons). The purpose of the processing is both the provision of services within the framework of the contractual agreements and the communication, documentation, administration and invoicing required for this.
The provision of the data is necessary for the conclusion of the contract and its realisation. The provision of services is not possible without the provision of the required data.
Categories of data processed: Name, contact data, address data, contract data, payment transaction data, organisational and processing data for the execution of the contract (correspondence, communication, appointments, notes, minutes, activities).
Recipients: We use various service providers as well as subcontractors within the scope of the provision of services, to whom the data required in each case for the performance of services is passed on or disclosed.
In addition, third parties may also be considered as recipients within the scope of the execution of the contract, which may result from the respective service content of the contract (e.g. in the case of referral, order).
The legal basis is the performance of the contract and pre-contractual measures in the case of enquiries by the affected person, Art. 6 para. 1 lit. b DSGVO, as well as our legitimate interest (efficient performance of the contract and administration), Art. 6 para. 1 lit. f DSGVO. If we obtain consent for certain processing purposes, this is the legal basis, Art. 6 para. 1 lit. a DSGVO.
To meet operational needs, we process personal data in the context of the procurement of goods, services, and other benefits, such as licences, insurance, or memberships, including information procurement, communication, benchmarking and contract execution. For this purpose, we also make use of publicly available data.
Affected persons: Freelancers; suppliers, service providers, interested persons, business partners or their contact persons.
Categories of data processed: Name, contact data, address data, contract data, payment transaction data, organisational and processing data for the execution of the contract (correspondence, communication, appointments, notes, minutes, activities).
Recipients: We also use various service providers as part of the procurement process, to whom the respective required data is passed on or disclosed.
The legal basis is the fulfilment of the contract, Art. 6 para. 1 lit. b DSGVO as well as our legitimate interest (safeguarding business interests), Art. 6 para. 1 lit. f DSGVO.
We carry out personalised direct marketing measures and use the personal data voluntarily provided to us for this purpose in order to provide information about news and things worth knowing from our field of activity and also about our services and products. In doing so, we also observe the special conditions under competition law.
Direct marketing measures by post in the form of information letters or brochures to potential interested persons are in our legitimate interest in advertising and marketing.
Direct marketing in electronic form (e.g. e-mail, text message, fax), such as newsletters, only takes place with expressed consent, which we regularly obtain with the so-called double opt-in procedure on our website or other websites.
We only carry out direct telephone marketing if we have been given appropriate consent to do so or if we can assume that consent has been given in the cases specified by law.
The procedures for consent and its revocation as well as any objections issued are logged, as are the measures carried out. The log data contains the necessary information for identification and time details of the process and is only used for verification purposes. Cookies may also be used in this context, which are necessary for the recording.
Categories of data processed: As far as necessary for the individual measures and provided voluntarily: Name, address data, contact data; usage data for logging.
Recipients are the order processors used in the context of the realisation (service providers, platform providers, service providers, newsletter dispatch).
Legal basis: Consent, Art. 6 para. 1 lit. a DSGVO and our legitimate interest (advertising and marketing), Art. 6 para. 1 lit. f DSGVO.
We process personal data for the planning, organisation, and realisation of events (trade fairs, company presentations to present the company, training courses, etc.). The purpose can be public relations and the acquisition of interested persons, customers, business partners and employees, but also the fulfilment of a contract, further training or other company purposes.
Recipients: We use service providers within the scope of order processing for carrying out events. Personal data is only transferred to third parties if and insofar as they are obviously intended to or can generally be expected to be transmitted and this is necessary in the context of the service provision, i.e., in particular in the context of reservations for event venues, transport companies, hotels, etc. The data is only transferred to third parties if and insofar as this is necessary in the context of the service provision.
Affected persons: Participants; business partners, customers, interested persons or their contact persons; employees
Categories of data processed: Name, contact details, address details, relevant information for the event implementation.
The legal basis is the provision of services within the framework of contractual relationships (Art. 6 para. 1 lit. b DSGVO) or within the framework of the employment relationship, § 26 BDSG; in addition, we have a legitimate interest (results from the above purposes), Art. 6 para. 1 lit. f DSGVO.
Insofar as we obtain consent for further purposes, this is the legal basis (Art. 6 para. 1 lit. a DSGVO).
In order to fulfil our legal and contractual obligations within the scope of accounting duties, controlling requirements and payment transactions, we process the data required for this purpose. This includes, in particular, the preparation and recording of all relevant accounting transactions, control and verification of payment transactions, preparation of evaluations and preparation of financial statements, payment of liabilities; management and control of accounts, credit cards and payment service providers.
Affected persons: Employees; freelancers; customers, suppliers, service providers, interested persons, business partners or their contact persons; applicants (if reimbursements).
The categories of data processed are contact data, payment transaction data, accounting data, travel expenses, contract data, time recording data, etc.
Recipients: We also use service providers as order processors for the processing of accounting tasks. In addition, a transfer or disclosure to third parties may take place if it is necessary for the implementation of the processing or for corresponding control purposes to ensure proper processing (e.g. tax office, tax advisors, authorities, auditors, lawyers).
In the case of payment transactions, the data required for this specific purpose is passed on to the respective payment service provider (banks, payment service providers, etc.).
Legal basis: Legal regulations to comply with accounting and financial statement obligations, to ensure proper business operations and to ensure the continued existence of the company, Art. 6 para. 1 lit. c DSGVO.
Processing in the context of the fulfilment of contractual relationships, Art. 6 para. 1 lit. b DSGVO.
Our legitimate interest (safeguarding operational interests), Art. 6 para. 1 lit. f DSGVO.
At events, trade fairs and other public occasions, we take film and/or photo recordings (recordings) of participating or present persons (persons concerned) for the purpose of public relations, company presentation and documentation. These recordings may be published on our homepage, social media channels, newsletters and in print media or also passed on to the press for the aforementioned purposes, provided that this can usually be expected, or consent has been given. We also refer to this accordingly on invitations and at the events.
The request of persons not to be recorded will be considered if they express this or clearly indicate it. To this end, the cameraman or photographer can be approached or clear signals can be given – even after any recordings have been made.
Recordings will be deleted or processed for deletion if they are obviously or presumably not desired by the persons concerned, for example unflattering pose or facial expression, situation, possible misinterpretation of the situation, risk of discrimination, privacy or intimate sphere may be affected.
The storage period depends on the purpose of the recording. This can vary, as there may be a great interest in certain recordings for archival purposes.
We may also commission service providers to make the recordings or purchase them from them.
We have a legitimate interest in processing the film and photo recordings for public relations, documentation and illustration of the activities mentioned. (Legal basis Art. 6 para. 1 lit. f DSGVO). Insofar as consent is given, the legal basis is Art. 6 para. 1 lit. a DSGVO.
If recordings allow conclusions to be drawn about special categories of personal data, the recordings are only used if the affected person has made the circumstances public themself (e.g. by wearing badges, etc.), Art. 9(2)(e) DSGVO.
Affected persons may object to the use of the recordings in accordance with Art. 21 DSGVO (see above right to object).
Data carriers and documents (paper, film, electronic, magnetic, optical data carriers, etc.) with non-public content that are no longer used or required are collected, kept locked, and destroyed at least according to security level 3 in accordance with the type of material as per DIN 66399. All personal data including special categories of all persons concerned are destroyed. Trustworthy and qualified service providers are used for professional destruction within the framework of order processing.
Legal basis: Fulfilment of a legal obligation, Art. 6 para. 1 lit. c) in conjunction with. Art. 17 DSGVO.
If it is necessary to assert, exercise or defend legal claims or to collect debts, we process the necessary data and information from the parties involved and the persons required in the context of the facts. In this context, personal data may also be processed for this purpose if they were originally collected for another purpose (Art. 6 (4) DSGVO).
Affected persons can be: Employees; customers, interested persons, suppliers, service providers, business partners, authorities or their contact persons/representatives/authorised representatives; witnesses and experts; other claimants or opponents.
Categories of data processed: as far as necessary, personal master data; address data, contact data; required content data, recordings, documents and information.
Special categories of personal data: if and to the extent necessary (Art. 9 para. 2 lit. f DSGVO; § 24 para. 2 BDSG).
Recipients in connection with the processing may be different authorities, courts, claimants, companies or also service providers (e.g. lawyers, appraisers, debt collection companies, etc.) depending on the nature of the facts.
The legal basis is Art. 6 para. 1 lit. f DSGVO; § 24 para. 1 no. 2 BDSG. Our legitimate interest lies in the assertion, exercise or defence of legal claims. With regard to any necessary processing of special categories of personal data, Art. 9 para. 2 lit. f DSGVO; § 24 para. 2 BDSG applies.
We process data from applicants for the purpose of carrying out the application process. The data is generally collected directly from the applicants as part of the application process through the application documents, interviews, any aptitude tests, and questionnaires. However, we also use job exchanges and employment agencies.
We also use permissibly collected data made available by affected persons on publicly accessible sources for professional self-presentation and professional exchange, in particular on platforms such as XING or LinkedIn.
The data will only be used to fill the specific job or activity for which the person concerned has applied. We will only consider the application for other jobs or activities and pass on the data to other affiliated companies if we have been given the corresponding consent. If necessary, we will ask the affected persons to give their consent. This consent can be revoked at any time with effect for the future. If it is not given, this will not affect the application process in any way.
Recipients: The data is processed within the company by the departments and persons required during the application process (e.g. management, HR department, specialist department, if applicable works council, if applicable representation of severely disabled persons). In some cases, we involve service providers in the application process. If applicants' data is processed by them (e.g. personnel consultants), this takes place within the framework of commissioned processing.
Categories of data processed: Personal data, contact data, address data, application documents, information voluntarily provided by the affected person.
Obligation to provide data: The provision of data is voluntary. Failure to provide the data required to assess aptitude, ability and professional performance with regard to the vacant position may result in an application not being considered for the vacant position.
Storage period: if no employment relationship is established, application documents are deleted 6 months after completion of the application process. If a corresponding consent for a longer storage period has been granted, the deletion will take place at the latest after the expiry of this period.
If an employment relationship is established, the data is transferred to the personnel file. We provide separate information on processing within the scope of the employment relationship.
The legal basis for the required processing of applications in the context of a possible establishment of an employment relationship is Section 26 BDSG; Article 6 (1) lit. b DSGVO.
If and insofar as consent is given for disclosure or longer storage, the legal basis is Art. 6 Para. 1 lit. a DSGVO; Section 26 Para. 2 BDSG.
In order to draw the attention of potentially interested persons (affected persons) to our company and, if applicable, to motivate them to apply for jobs with us, we process data of individuals that they have made available on publicly accessible sources for professional self-presentation and professional exchange, in particular on platforms such as XING or LinkedIn.
If, when reviewing this data, people appear to be particularly suitable and it is apparent that the person may wish to be contacted for relevant offers, we will contact the person.
In doing so, we process the following categories of data if and insofar as they are provided by the affected person on the aforementioned platforms:
The data is only processed within the company by the departments and persons required for the processing (e.g. management, HR department, specialist department). Only if we involve third parties in the processing and data of affected persons is processed by them (e.g. personnel consultants) is this done within the framework of a contract for commissioned processing.
The legal basis for the processing is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the recruitment of suitable employees for the company.
With regard to the terms used 'personal data', 'processing', 'controller', 'affected person', 'third party' and other legal definitions, we refer to the provisions of Regulation (EU) 2016/679 (DSGVO) as well as the Federal Data Protection Act (BDSG), in particular Art. 4 DSGVO.
For the term 'affected person' we also use 'person concerned' or in connection with services also 'user'.
The transfer of personal data to a third country or to international organisations is subject to special conditions. Insofar as such a transfer comes into consideration for individual processing operations, we point this out and explain the conditions under which the transfer takes place (e.g. adequacy decision, standard contractual clauses, etc.).
We provide further information here for transparency and comprehensibility regarding the details of the data categories processed in the context of the processing operations. They should help to better understand and classify the data categories. However, not all data categories are necessarily processed by us.
Name (first name, surname), name affixes, title, designations.
Name, postal address. In the case of contact persons in organisations (companies, authorities, etc.) also details of the organisation, area/department and activity/function.
Name, telephone numbers, e-mail address, addresses for digital communication services (messenger, social media, etc.). In the case of contact persons in organisations (companies, authorities, etc.) also details of the organisation, area/department and activity/function.
Personal master data
Name (first name, surname), name affixes, title, designations, birth name if applicable, date and place of birth, gender.
Personal identification data
Identification no., tax no., social security no., copy of ID card.
Pictures, photographs and video recordings.
Data that can be expected as content during the respective processing, especially those provided by affected persons. These are mostly files or data transmissions of text (e.g. chat), images, video, possibly music, but also protocols/notes of conversations.
Note: Permanent storage of recordings of conversations only takes place with the consent of the person concerned.
Information on registered or known users of digital services: name, authentication or identifier, email, voluntary information (profile picture, phone, interests, preferences/settings for use, etc.).
Data required for the use/utilisation and, if applicable, billing of services, telemedia and telecommunications services: Identification features of the user, start, end and scope of the respective use; services used
Information on properties and on the use of other data, e.g. name of the author of documents, time of creation, modification or access/use of data, devices used, etc.
Technical data for retrieval, connection and communication when using networks and services (intranet, internet):
Telecommunications service used, number/identifier of the connections involved (caller and called party), authorisation identifiers, card number if applicable, location data (for mobile phones), start and end of the respective connection (date and time), the data volumes transmitted.
Contents of contracts and information on the performance of contracts as well as all data and information on their conclusion, performance, execution and termination.
Payment transaction data
Information on money and payment transactions such as time, amount, currency, purpose, recipient, ordering party, account information, credit card data, payment service provider.
Personal data, contact data, contract data, account details
Special categories: Health data
Personnel master data
Name, address data, contact data, date of birth, place of birth, gender, marital status, nationality, details of dependants / partners if applicable, tax details
Special categories: Religious affiliation
Identification and verification documents
Information on identity card, passport, residence and work permits, driver's licence/driving permit, other qualification and training certificates
Curriculum vitae, qualifications, certificates, assessments, references, information on knowledge and skills, documentation of interview and discussion content and any aptitude tests.
Cookies are small files in which information can be stored that is saved by a website on the user's end device. This information is transferred to the website when it is requested again. Cookies are therefore very useful when it comes to the control and functions of websites, as it is possible to recognise the user session, e.g. to be able to assign login data or language settings, but also to clearly assign a shopping cart in a web shop to a user. However, depending on how they are used, cookies also enable the observation of user behaviour ('tracking'), especially if so-called third-party cookies are used, which also enable tracking across different websites.
Cookies have a defined lifetime after which they are automatically deleted (persistent cookies) or they are deleted when the browser is closed (session cookies).
We point out when and which cookies are used for certain processing.
Cookies can be assigned to the following categories in particular, depending on their purpose.
Necessary (essential) functions
These cookies are technically necessary to enable the control and essential functions of the website. The most important functions are settings made by the user, authentication (login) and the session status (session cookie), but also a shopping cart in online shops.
Statistics and analysis
These cookies enable the evaluation of the use of a website. This makes it possible to track how websites are used and where users come from (previously visited pages, length of stay, etc.). The analyses of the data provide information about user behaviour and are used to improve the content as well as to optimise advertising campaigns.
Marketing cookies are used to measure reach and to display optimised advertising and content to users based on their behaviour and interests. Third-party cookies from partners and service providers are also used for this purpose, which make it possible to generate interest-profiles based on the information stored in this cookie when another website is called up, in order to display relevant advertisements or offers based on this. The way they work is based on recognising browsers and devices individually. Conclusions about a specific person cannot be ruled out, even if the profile generation is usually pseudonymised.
Essential cookies do not require explicit consent for use, provided they are technically necessary and there is a legal basis for their use.