Handling applicant data
We offer you the opportunity to apply for a position with us (e.g. by email, post or online application form). We have set out information for you here about the scope, purpose and use of the personal data concerning you collected during the application process. We can confirm that your data are collected, processed and used in accordance with the applicable data protection laws and all other legal provisions and are treated as strictly confidential.
Scope and purpose of the data collection
If you apply for a position with us, we process your related personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 of the German Data Protection Act (BDSG) under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation) and – if you have given your consent – Art. 6(1)(a) GDPR. Consent may be withdrawn at any time. Your personal data are only passed on to people within our company who are involved in processing your application.
If the application is successful, the data submitted by you are stored in our data processing systems on the basis of Section 26 BDSG and Art. 6(1)(b) GDPR for the purpose of carrying out the employment relationship.
Data retention period
If we are unable to offer you a position, you reject a job offer or you withdraw your application, we reserve the right to retain the data submitted by you for up to six months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interest (Art. 6(1)(f) GDPR). The data are then erased and the physical application documents destroyed. The data are retained in particular for evidentiary purposes in the event of a legal dispute. If it is evident that the data will be required after the six-month period has expired (e.g. due to an imminent or pending legal dispute), they are only erased when the purpose of further retention no longer applies.
The data may also be retained for a longer period if you have given the relevant consent (Art. 6(1)(a) GDPR) or there are statutory retention obligations that prevent the erasure.
Admission to the applicant pool
If we do not make you a job offer, you may be able to join our applicant pool. If you are admitted to the pool, all documents and information from the application are transferred to the applicant pool so that you can be contacted in the event of a suitable vacancy.
Admission to the applicant pool is based exclusively on your express consent (Art. 6(1)(a) GDPR). Your consent is voluntary and has no relation to the ongoing application process. The data subject may withdraw their consent at any time. In this case, the data from the applicant pool are irrevocably erased unless there are statutory grounds for retaining them.
The data from the applicant pool are irrevocably erased within two years of consent being granted.
Our social media presence
Data processing by social networks
We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.
Social networks such as LinkedIn, Twitter, etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presence triggers numerous processing operations with data protection relevance. Specifically:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, however, your personal data can also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, these data are collected using cookies stored on your device or by recording your IP address, for example.
Using the data thus collected, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown targeted advertising within and outside of the respective social media presence. If you have an account with the respective social network, the targeted advertising can be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details on this, please refer to the terms of use and privacy provisions of the respective social media portals.
Legal basis
Our social media profiles are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may have differing legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6(1)(a) GDPR).
Controller and enforcement of rights
If you visit one of our social media profiles (e.g. on Facebook), we act as joint controller together with the operator of the social media platform in respect of the data processing operations triggered during this visit. In principle, you can enforce your rights (access, rectification, erasure, restriction of processing, data portability and complaint) vis-à-vis us and the operator of the respective social media portal (e.g. Facebook).
Please note that, despite joint controllership with the social media operators, we do not have complete influence over the data processing operations of the social media portals. Our options depend significantly on the corporate policy of the respective provider.
Storage period
The data collected directly by us via the social media presence are erased from our systems once you request their erasure, you withdraw your consent to their storage or the purpose for the data storage expires. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – especially retention periods – remain unaffected.
We have no influence over the length of time for which your data are stored by operators of the social networks for their own purposes. For details on this, please refer directly to the operators of the social networks (e.g. the information in their privacy policy, see below).
Individual social networks
Twitter
We use the Twitter short messaging service. This is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can adjust your Twitter privacy settings yourself in your user account. For this, please click on the following link and log in: https://twitter.com/personalization.
Data are transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses. Details are available here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
For details, please refer to the Twitter Privacy Policy: https://twitter.com/d[SU1] e/privacy.
XING
We have a profile on XING. This service is provided by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how it handles your personal data, please refer to the XING Privacy Policy (available in German only): https://privacy.xing.com/de/datenschutzerklaerung.
LinkedIn
We have a profile on LinkedIn. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data are transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses. Details are available here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on how LinkedIn handles your personal data, please refer to its Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
YouTube
We have a profile on YouTube. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how it handles your personal data, please refer to the YouTube Privacy Policy: https://policies.google.com/privacy?hl=de.