Table of contents
- General information about data protection
- Information for applicants
- Information for business partners
1. General information about data protection
1.1 Information about the responsible party:
Im Neuen Feld 87
Protecting your personal data is particularly important to us. Your personal data is processed under the data protection regulations, in particular the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG - new).
The following information provides an overview of the nature, extent and purpose of the collection, processing and transmission of personal data and the security measures used to protect this data.
Personal data is individual information about personal or factual circumstances of an identified or identifiable natural person, such as your name, address, telephone number, date of birth, and email and IP address.
1.2 Legal bases for processing personal data
- Art. 6(1)(a) EU GDPR is the legal basis for the processing of personal data, provided we obtain the consent of the data subject. In accordance with Art. 7(3) EU GDPR, you can withdraw your consent to the processing of your personal data at any time for the future.
- Art. 6(1)(b) EU GDPR is the legal basis for the processing of personal data that is required for the performance of a contract or for the implementation of pre-contractual measures.
- Art. 6 (1)(c) EU GDPR is the legal basis when the processing of personal data is necessary to fulfil a legal obligation to which our company is subject.
- Art. 6 (1)(f) EU GDPR is the legal basis when the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. In this case you have the right to object under Art. 21 EU GDPR.
1.3 Data erasure and storage period
Personal data will be deleted as soon as the purpose of storage ceases to apply. Your personal data may be stored beyond this if our company has to abide by legally prescribed retention obligations.
1.4 Your rights
Upon written request, we will inform you in accordance with Art. 15 EU GDPR and our legal obligation under Art. 12 EU GDPR whether and which of your personal data is processed or stored by us. Furthermore, you have the right to rectification of incorrect data under Art. 16 EU GDPR, right to data portability under Art. 20 EU GDPR, right to erasure of your personal data under Art. 17 EU GDPR – provided that there are no legal retention obligations to the contrary – as well as the right to restriction of processing under Art. 18 EU GDPR. Furthermore, you have the right to lodge a complaint with the competent supervisory authority under Art. 77 EU GDPR.
You also have the right to object under Art. 21 EU GDPR.
Of course, you have the option to withdraw your consent at any time with future effect under Art. 7(3) EU GDPR. To do so, please contact us at the contact address provided below.
If you have any questions regarding the processing of your personal data, you can contact our data protection officer, who is also available in the event of requests for information, suggestions, or complaints.
Data protection officer at
Im Neuen Feld 87
2.1 Provision of the website
Use of hosting service providers
Our website is hosted on servers located in the EU by a hosting service provider on the basis of a data processing agreement in accordance with Art. 28 EU GDPR. As part of its services, the hosting service provider may have access to personal data of our users, in particular to technical data that is generated as part of the technical communication between you and our website (e.g. server log files). The provider may not use this data for their own purposes. The use of a hosting service provider is based on our legitimate interests in accordance with Art. 6(1)(f) EU GDPR in the provision of infrastructure and platform services, computing capacity, email dispatch and security services.
Server log files
When you visit our website or use its services, the device you use to access the site automatically transmits log data (connection data) to our server. The relevant information consists of
- type and version of the browser you are using,
- type and version of the operating system you are using,
- referrer URL of the page from which you arrived at our website,
- date and time at which you accessed our website,
- name of the sub-pages you accessed,
- IP address of your computer system,
- transmitted data volume.
The collected data is used exclusively for statistical evaluations for the purpose of operation, security and optimisation of the offer. For security reasons, however, we reserve the right to subsequently check the log data if there is a justified suspicion of illegal use based on concrete indications. The data will not be stored longer than necessary for this purpose. This collection is based on our legitimate interests in accordance with Art. 6(1)(f) EU GDPR.
Cookies are small text files that are automatically created by your browser and stored on your device when you visit our website. Cookies do not harm your computer and do not contain viruses. Most of the cookies we use are deleted at the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognise your computer the next time you visit us (so-called persistent cookies). Thanks to these files, it is possible, for example, to have information displayed on the page that is specifically tailored to your interests.
Usercentrics: As a cookie consent management platform, we use the consent management service of Usercentrics. The provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. The purpose of data processing is to comply with legal obligations and to store consent. The legal basis is Art. 6(1)(c) EU GDPR. The consent data (consent given and revocation of consent) is stored for three years. For more information on the processing of your data at Usercentrics, please see the data protection provisions at www.usercentrics.com/privacy-policy.
Security of your data
We use technical and organisational security measures to adequately protect the data you provide against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. For example, we use SSL encryption to transmit confidential content, such as inquiries that you send to us as the site operator. You can recognise an encrypted connection by the address line of the browser changing from 'http://' to 'https://' as well as by the padlock symbol in your browser address bar. If SSL encryption is activated, the data you transmit to us cannot be read by third parties. We keep improving our security measures in line with the state of the art.
If you contact us (e.g. via contact form, email, telephone, social media), your personal data will be stored and processed by us for the purpose of handling the request and any associated follow-up questions in accordance with Art. 6(1)(b) EU GDPR (in the context of pre-contractual/contractual measures) or in accordance with Art. 6(1)(f) EU GDPR (general inquiries). We do not disclose this data without your respective consent.
The data you provide will remain with us until you request that we delete it, object to its storage, or the purpose for storing the data no longer applies (i.e. after we have completed processing your inquiry), provided that this is not in conflict with any statutory retention obligations.
2.3 Analysis tools
The analysis measures listed below and used by us are carried out on the basis of Art. 6(1)(a) EU GDPR (consent). By using these analysis measures we want to ensure the appropriate design and ongoing optimisation of our website. We use the analysis tools to record website use in a pseudonymised manner and evaluate this for the purpose of optimising our offer.
You can revoke your consent at any time with future effect.
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. Google Analytics uses so-called cookies. These are text files that are stored on your computer. They make it possible to analyse your use of the website. User and event data are automatically deleted after 14 months.
- IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other states party to the agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google uses this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
- Browser plug-in / prevention of data collection
- Data processing agreement
We have entered into a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Ads / Remarketing / Conversion Tracking / Double Click Ad
To measure conversion rates, this website uses Facebook's visitor activity pixel. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement, the collected data will also be transferred to the USA and other third countries.
In this way, the behaviour of page visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
The collected data is anonymous for us as the operator of this website. We cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, which means that it may be possible to connect this data with the respective user profile and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data use policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the website operator.
The use of the Facebook pixel is based on Art. 6(1)(f) EU GDPR. The website operator has a legitimate interest in effective advertising measures including social media. Appropriate consent is obtained for the processing of your data (e.g. consent to store cookies). This processing is carried out exclusively on the basis of Art. 6(1)(a) EU GDPR; consent can be withdrawn at any time.
You can also deactivate the "Custom Audiences" remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.
If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: https://www.youronlinechoices.com/uk/your-ad-choices.
2.4 Third-party content and services
Based on our legitimate interest under Art. 6(1)(f) EU GDPR, content, services, and products of other providers that complement our offer are integrated within our online offer. Using the services mentioned below helps us to ensure an appropriate design and the continuous optimisation of our website.If we require your consent for the use of these services, the legal basis is Art. 6(1)(a) EU GDPR. You can revoke your consent at any time with effect for the future.
Google Tag Manager
Our website uses Google Tag Manager. Google Tag Manager is a solution from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland with which we can manage website tags via an interface. The tool itself (which implements the tags) is a cookie-less domain that does not collect any personal data. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a user has deactivated cookies at the domain or cookie level, activation remains in place for all tracking tags implemented with Google Tag Manager. The tags used are individually named below. You can customise the settings for these tags in the privacy settings, for example, by deactivating cookies for these elements.
We use the map service Google Maps on our website to display maps. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. In the process, information about the use of our website is communicated to Google's server. Google Maps is used in the interest of providing an attractive presentation of our online offers and making it easy to find the locations we list on the website.
Links to third-party websites
2.5 Social Media
We maintain publicly accessible online presences in social networks to communicate with customers and interested parties that are active on these platforms as well as to present our services.
The processing of the user's personal data is based on our legitimate interest to provide users with effective information and communicate with users under Art. 6(1)(f) EU GDPR. If users are asked for their consent to data processing by the respective providers of the platforms or if users voluntarily send information to our online presences, the legal basis of the processing is Art. 6(1)(a) EU GDPR in conjunction with Art. 7 EU GDPR. If this information contains contract-relevant content, Art. 6(1)(b) EU GDPR serves as the legal basis.
For a detailed description of how the respective providers process your personal data and your opt-out options, please refer to the information of the providers at the links below.
Regarding requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to users' data and can take appropriate measures and provide information directly. If you still need help, do not hesitate to contact us.
- Facebook: Facebook Ireland Ltd., Grand Canal Square, Grand Canal Harbour, Dublin 2 and
Facebook Inc., 1601 Willow Road, Menlo Park, California 94025.
- Instagram: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
- LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.
- kununu: kununu GmbH, Neutorgasse 4-8, Top 3.02, A – 1010 Wien.
- YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
- Xing: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
2.6 Facebook Fan Page
If you interact with our Facebook fan page (comment, like posts or send us a message) your data will be stored by us.
Under data protection law, operating a fan page is a joint responsibility in accordance with Art. 26 EU GDPR between Facebook Ireland Ltd. and our company. Accordingly, we have entered into an agreement with Facebook Ireland which sets out the respective obligations under EU GDPR: https://www.facebook.com/legal/terms/page_controller_addendum.
The legal bases for the processing of the data are:
- If you "like" or comment on a post of ours or upload content to our Facebook page, Art. 6(1)(a) EU GDPR is the legal basis. In accordance with Art. 7(3) EU GDPR, you can withdraw your consent to the processing of your personal data with future effect at any time by deleting the comment or content.
- If you send us a contract-relevant inquiry, Art. 6(1)(b) EU GDPR is the legal basis.
Facebook provides fan page operators with statistics and insights into the types of actions of our fan page visitors ("Page insights"). We have no influence on this data collection by Facebook. According to Facebook, this data is only provided to us anonymised, so that the user cannot be identified from the information.
Personal data will be deleted as soon as the purpose of storage ceases to apply. Storage may take place beyond this if our company is subject to legally prescribed retention obligations.
We generally address persons of legal age with our online offer. Personal information of persons who have not yet reached the age of 16 may only be made available to us with the express consent of the legal guardian (Art. 8 EU GDPR). Processing without the consent of the legal guardian is not permitted. We therefore reserve the right to delete all data relating to minors if we do not have the consent of a legal guardian.
3. Information for applicants
3.1 Purpose and legal basis for collection and processing
Your data will be processed by us for the purpose of processing your application in accordance with Art. 88 EU GDPR in conjunction with Art. 26 BDSG-new. If special categories of personal data within the meaning of Art. 9(1) EU GDPR are voluntarily disclosed during the application process, their processing is additionally carried out in accordance with Art. 9(2)(b) EU GDPR.
3.2 Recipients of your data
Recipients of your data are the parties involved in the human resources process (including human resources, managers and department heads) of the responsible party. Your data will be treated as strictly confidential and will not be passed on to third parties without your respective consent. There are no plans to transfer your data to third countries or international organisations.
3.3 Storing your data
Your application data will be deleted 180 days after the position has been filled. If you are also interested in future advertised positions, we require your written consent to store your application documents for a longer period of time. Under Art. 7(3) EU GDPR, you can withdraw this consent for the future at any time. To do so, please send an email with the corresponding note to the contact address given above.
4. Information for business partners
.4.1 Purpose and legal basis for collection and processing
Primarily, data processing is used to establish, implement, and terminate the contractual relationship. The primary legal basis for this is Art. 6(1)(b) EU GDPR. Without using your data in this way, it is not possible to create a business relationship between you and us.
We also process your data on the basis of Art. 6(1)(f) EU GDPR to protect our legitimate interests or those of third parties (e.g. authorities). This may be necessary, for example, to maintain IT security and IT operations or for purposes of corporate management, internal communication and other administrative purposes. You may object to this processing by stating specific reasons in accordance with Art. 21 EU GDPR.
In addition, we process your data to fulfil legal obligations such as regulatory requirements, commercial and tax retention obligations or documentation obligations. The legal basis for this is Art. 6(1)(c) EU GDPR in conjunction with the nationally applicable laws.
In individual cases, we may also process your data on the basis of your separate consent granted to us in accordance with Art. 6(1)(a), 7 EU GDPR (e.g. as part of the registration for our newsletter or the publication of photos and videos). You are always free to decide whether you wish to give your consent. Once you have given your consent, you can withdraw it at any time with effect for the future. To do so, use the link provided in the respective action or send corresponding requests to the contact address given above.
If we process your personal data for a purpose not mentioned above, we will inform you in advance.
4.2 Recipients of your data
Within our company, your personal data is only received by those persons who need it to fulfil our contractual and legal obligations. In addition, we sometimes use different service providers to fulfil these obligations and so it may be necessary to disclose your personal data to other recipients outside the company, insofar as this is necessary to fulfil our contractual and legal obligations. These third parties may be, for example, authorities, financial institutions, suppliers etc.
We sometimes use external service providers for the technical processing of your data. We may transfer and process the data outside the country in which you reside / have your company headquarters or in one of the countries in which we operate. These may also be located outside the European Economic Area (EEA). If we transfer personal data to service providers or companies outside the EEA, your data is only transferred if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding corporate data protection regulations or EU standard contractual clauses) are in place. You can also request detailed information using the contact information above.
4.3 Storing your data
We only store your personal data for as long as it is required for the above-mentioned purposes. After termination of the contractual relationship, your personal data will be stored for the time period we are legally obliged to do so. This regularly results from legal record keeping and retention obligations, which are regulated, among other things, in the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). These obligations result in storage periods of up to ten years. In addition, personal data may be retained for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years).