General Information
The following information provides a brief overview of what happens to your personal data when you visit this website. Personal data refers to any information that can be used to personally identify you. For detailed information on data protection, please refer to our Privacy Policy listed below.
How do we collect your data?
Your data is collected, on the one hand, when you provide it to us. This may include, for example, data you enter into a contact form.
Other data is collected automatically or with your consent when you visit the website via our IT systems. This primarily consists of technical data (e.g., internet browser, operating system, or time of page view). This data is collected automatically as soon as you access this website.
What do we use your data for?
Some of the data is collected to ensure the website functions properly. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated through the website, the data provided will also be processed for contract offers, orders, or other order inquiries.
What rights do you have regarding your data?
You have the right at any time to obtain, free of charge, information about the source, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to the processing of your data, you may revoke this consent at any time with future effect. In addition, you have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You may contact us at any time regarding this matter or any other questions about data protection.
Hosting
We host the content of our website with the following provider:
Mittwald
The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter “Mittwald”).
For details, please refer to Mittwald’s privacy policy: https://www.mittwald.de/datenschutz.
The use of Mittwald is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data Processing
We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
General Information and Mandatory Disclosures
Privacy Policy
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this Privacy Policy.
When you use this website, various types of personal data are collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.
Please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.
Information about the data controller
The entity responsible for data processing on this website is:
dialog EDV Systementwicklung GmbH
Am Tiergarten 62
30559 Hannover
Management: Andreas Ludewig, Oliver Sörensen
Phone: +49 511 985 940 10
Email: info@dialog-edv.de
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).
Retention period
Unless a more specific retention period is stated in this Privacy Policy, we will retain your personal data until the purpose for which it was collected no longer applies. If you submit a valid request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these grounds no longer apply.
General Information on the Legal Basis for Data Processing on This Website
If you have consented to the processing of your data, we process your personal data on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, provided that special categories of data as defined in Article 9(1) of the GDPR are being processed. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing is additionally based on Section 25(1) of the German Telemedia Act (TDDG). Consent may be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data if it is necessary to comply with a legal obligation on the basis of Article 6(1)(c) of the GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. The relevant legal bases in each individual case are described in the following sections of this Privacy Policy.
Data Protection Officer
We have appointed a Data Protection Officer.
KIJUda
Marvin Strohmeier
Zum Weidental 1
37136 Seulingen
Phone: +49 5507 99 89 0 20
Email: datenschutz@kijuda.com
Website: https://www.kijuda.com/
Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.
Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)( E OR F OF THE GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE SPECIFIC LEGAL BASIS ON WHICH PROCESSING IS BASED IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING, TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to file a complaint with the competent supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place where the alleged violation occurred. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
In Lower Saxony, the competent supervisory authority is:
The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hanover
Phone: 05 11/120-45 00
Fax: 05 11/120-45 99
Email: poststelle@lfd.niedersachsen.de
Website: www.lfd.niedersachsen.de
A list of other supervisory authorities and their contact information can be found at the following link:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to data portability
You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, either directly or through a third party, in a commonly used, machine-readable format. If you request that the data be transferred directly to another controller, this will only be done to the extent that it is technically feasible.
Access, Correction, and Deletion
In accordance with applicable legal provisions, you have the right at any time to request, free of charge, information about your stored personal data, its source and recipients, and the purpose of the data processing, as well as the right to have this data corrected or deleted, if applicable. You may contact us at any time regarding this matter or any other questions about personal data.
Right to restriction of processing
You have the right to request that the processing of your personal data be restricted. You may contact us at any time to do so. The right to restrict processing applies in the following cases:
- If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data was or is unlawful, you may request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
- If you have lodged an objection pursuant to Article 21(1) of the GDPR, a balancing of your interests against ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data may - apart from storage - be processed only with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the lock icon in your browser bar.
When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.
Objection to promotional emails
We hereby object to the use of contact information published in accordance with legal disclosure requirements for the purpose of sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited transmission of advertising information, such as via spam emails.
Cookies
Our website uses so-called “cookies.” Cookies are small data packets that do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for processing payment services).
Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are necessary for the execution of the electronic communication process, for providing certain functions you have requested (e.g., the shopping cart function), or for optimizing the website (e.g., cookies for measuring website traffic) (necessary cookies), are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent may be revoked at any time.
You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to exclude the acceptance of cookies for specific cases or in general, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
If additional cookies and services are used on this website, you can find this information in this privacy policy.
CCM19
Our website uses CCM19 to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies, and to document this in compliance with data protection regulations. The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn (hereinafter “CCM19”).
When you visit our website, a connection is established with CCM19’s servers to obtain your consents and other declarations regarding cookie usage. CCM19 then stores a cookie in your browser to associate the consents you have granted or their revocation with your account. The data collected in this manner is stored until you request its deletion, delete the CCM19 cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.
CCM19 is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.
Data Processing
We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
This data is not combined with other data sources.
The collection of this data is based on Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website—for this purpose, the server log files must be collected.
Contact Form
If you submit inquiries to us via the contact form, we will store the information you provide in the form, including the contact details you enter there, for the purpose of processing your inquiry and in case of follow-up questions. We will not disclose this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if such consent was requested; consent may be revoked at any time.
The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
Inquiries by email, phone, or fax
If you contact us by email, phone, or fax, your inquiry - including all personal data contained therein (name, inquiry) - will be stored and processed by us for the purpose of handling your request. We will not disclose this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if such consent was requested; consent may be revoked at any time.
The data you send to us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It serves solely to manage and execute the tools integrated through it. However, Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.
Matomo
This website uses the open-source web analytics service Matomo.
Matomo enables us to collect and analyze data about how visitors use our website. This allows us, among other things, to determine when specific pages were viewed and which region the visitors are from. In addition, we collect various log files (e.g., IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g., clicks, purchases, etc.).
The use of this analytics tool is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
IP Anonymization
We use IP anonymization when analyzing data with Matomo. This involves truncating your IP address before analysis, so that it can no longer be uniquely linked to you.
Cookie-free analysis
We have configured Matomo so that it does not store any cookies in your browser.
Hosting
We host Matomo exclusively on our own servers, ensuring that all analytics data remains with us and is not shared with third parties.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display ads in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As the website operator, we can evaluate this data quantitatively by, for example, analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.
Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Conversion-Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Conversion Tracking, Google and we can determine whether the user has performed certain actions. For example, we can evaluate which buttons on our website are clicked and how often, and which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
For more information on Google Conversion Tracking, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.
Newsletter information
If you would like to subscribe to the newsletter offered on the website, we require your email address as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No other data is collected, or is collected only on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties.
The processing of the data entered in the newsletter registration form is based solely on your consent (Art. 6(1)(a) GDPR). You may revoke your consent to the storage of your data and email address, as well as their use for sending the newsletter, at any time, for example via the “Unsubscribe” link in the newsletter. The lawfulness of data processing operations that have already taken place remains unaffected by the revocation.
The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list after you unsubscribe or once the purpose for which it was collected no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR.
Data that we have stored for other purposes remains unaffected by this.
After you unsubscribe from the newsletter mailing list, your email address may be stored in a blacklist by us or the newsletter service provider, if necessary, to prevent future mailings. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our interest in complying with legal requirements regarding the sending of newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage on the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.
Sending newsletters to existing customers
If you order goods or services from us and provide your email address in the process, we may subsequently use that email address to send you newsletters, provided we inform you of this in advance. In such cases, the newsletter will only contain direct marketing for our own similar goods or services. You may unsubscribe from this newsletter at any time. A link for this purpose is included in every newsletter. The legal basis for sending the newsletter in this case is Article 6(1)(f) of the GDPR in conjunction with Section 7(3) of the UWG.
After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist to prevent future mailings to you. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). Storage on the blacklist is not time-limited. You may object to the storage provided that your interests outweigh our legitimate interest.
YouTube with enhanced privacy settings
This website embeds videos from YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit a page on this website that includes YouTube, a connection is established with YouTube’s servers. In doing so, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used to personalize your browsing experience on YouTube. Ads displayed in enhanced privacy mode are also not personalized. No cookies are set in enhanced privacy mode. Instead, however, so-called local storage elements are stored in the user’s browser; these contain personal data similar to cookies and can be used for recognition purposes. Details on enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780.
In some cases, playing a YouTube video may trigger further data processing operations over which we have no control.
We use YouTube to ensure an appealing presentation of our online content. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
For more information about data protection on YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Fonts [loaded via YouTube and Google Maps]
This site uses so-called Google Fonts, provided by Google, to ensure consistent font display. When you visit a page, your browser loads the necessary fonts into its cache to display text and fonts correctly.
To do this, the browser you are using must connect to Google’s servers. As a result, Google becomes aware that this website has been accessed via your IP address. The use of Google Fonts is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the consistent display of fonts on its website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
If your browser does not support Google Fonts, a standard font from your computer will be used.
For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and Google's Privacy Policy: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.
Handling of Applicant Data
We offer you the opportunity to apply for a position with us (e.g., by email, mail, or via our online application form). Below, we provide information about the scope, purpose, and use of the personal data collected from you during the application process. We assure you that the collection, processing, and use of your data are carried out in accordance with applicable data protection laws and all other legal provisions, and that your data will be treated as strictly confidential.
Scope and Purpose of Data Collection
When you submit an application to us, we process your associated personal data (e.g., contact and communication details, application documents, notes taken during interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general contract initiation), and—provided you have given your consent—Article 6(1)(a) of the GDPR. Consent may be revoked at any time. Your personal data will be shared within our company exclusively with those individuals involved in processing your application.
If your application is successful, the data you have submitted will be stored in our data processing systems pursuant to Section 26 of the German Federal Data Protection Act (BDSG) and Article 6(1)(b) of the General Data Protection Regulation (GDPR) for the purpose of establishing the employment relationship.
As part of the application process, we may also conduct an online search regarding you. This primarily includes Google searches, LinkedIn, and Xing. The legal basis for this type of processing is our legitimate interest in obtaining an overall impression of publicly available information about you in accordance with Article 6(1)(f) of the GDPR.
Data Retention Period
If we are unable to offer you a position, you decline a job offer, or you withdraw your application, we reserve the right to retain the data you have provided for up to 6 months from the conclusion of the application process (rejection or withdrawal of the application) based on our legitimate interests (Art. 6(1)(f) GDPR). The data will then be deleted and the physical application documents destroyed. The retention serves, in particular, as evidence in the event of a legal dispute. If it becomes apparent that the data will be required after the 6-month period has expired (e.g., due to an impending or pending legal dispute), deletion will not take place until the purpose for continued retention no longer applies.
Data may also be retained for a longer period if you have provided your consent (Art. 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.
Inclusion in the Candidate Pool
If we do not offer you a position, there may be an option to include you in our candidate pool. If you are included, all documents and information from your application will be transferred to the candidate pool so that we can contact you if suitable vacancies arise.
Inclusion in the applicant pool is based exclusively on your explicit consent (Art. 6(1)(a) GDPR). Providing consent is voluntary and is unrelated to the ongoing application process. The data subject may withdraw their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal grounds for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after consent is given.