Privacy Policy forapplications

Introduction

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).
The terms used are not gender-specific.

Person responsible

A.H. Talentsucher GmbH
Merlinweg 5
81827 Munich

Persons authorised to represent the company:
Managing Director Anja Hauschild

E-mail address: anja.hauschild@ah-talentsucher.de
Phone: 0170 5511924

Contact data protection officer

anja.hauschild@ah-talentsucher.de

Overview of processing

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Inventory data (e.g. names, addresses)
  • Applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, CV, certificates and other personal or qualification information provided by applicants with regard to a specific position or voluntarily)
  • Content data (e.g. text entries, photographs, videos)
  • Contact details (e.g. e-mail, telephone numbers)
  • Meta/communication data (e.g. device information, IP addresses)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Contract data (e.g. subject matter of the contract, term, customer category)
  • Payment data (e.g. bank details, invoices, payment history)

Categories of affected persons

  • Applicants
  • Business and contractual partners
  • Interested parties
  • Communication partner
  • Users (e.g. website visitors, users of online services)

Purposes of the processing

  • Office and organisational procedures
  • Contact enquiries and communication
  • Contractual benefits and service
  • Managing and responding to enquiries

Relevant legal bases

In the following, we inform you of the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations in your or our country of residence and domicile may apply.

  • Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany:

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. The data protection laws of the individual federal states may also apply.

Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Transfer and disclosure of personal data

As part of our processing of personal data, data may be transmitted to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Commercial and business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships and associated measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer enquiries. We process this data to fulfil our contractual obligations, to safeguard our rights and for the purposes of the administrative tasks associated with this information as well as for business organisation. We only pass on the data of contractual partners to third parties within the framework of applicable law insofar as this is necessary for the aforementioned purposes or to fulfil legal obligations or with the consent of the contractual partner.

contractual partners (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, ft he of this privacy policy. We inform the contractual partners which data is required ft he aforementioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons (e.g. for tax purposes, generally 10 years). We delete data disclosed to us by the contractual partner ft he of an order in accordance with the specifications ft he order, generally after the end ft he order. Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices ft he respective third-party providers or platforms apply in the relationship between the users and the providers.

Recruiting services: We process the data of job candidates and the personal data of potential employers or their employees ft he of our services, which include in particular the search for potential job candidates, contacting them and placing them. We process the information and contact details provided by job candidates ft he purposes of establishing, implementing and, if necessary, terminating a contract for job placement. In addition, we can ask interested parties questions about the success of our placement service at a later date in accordance with legal requirements. We process the data of job candidates and employers to fulfil our contractual obligations in ft heo be able to process the job placement requests submitted to us ft he satisfaction ft he parties involved. We may record the placement processes in ft heo be able to prove the existence ft he contractual relationship and the consent ft he interested parties in accordance with the statutory accountability obligations (Art. 5 para. 2 GDPR). This information is stored for a period of three to four years if we need to prove the original enquiry (e.g. in ft heo be able to prove authorisation to contact the job candidates).

Processed data types: Inventory data (e.g. names, addresses), Payment data (e.g. bank details, invoices, payment history), Contact data (e.g. e-mail, telephone numbers), Contract data (e.g. subject matter ft he contract, duration, customer category), Applicant data (e.g. personal details, postal and contact addresses, documents pertaining ft he application and the information contained therein, such as cover letter, CV, certificates and other information with regard to a specific position or voluntarily provided by applicants). Personal details, postal and contact addresses, the documents belonging ft he application and the information contained therein, such as cover letter, CV, certificates and other personal or qualification information provided by applicants with regard to a specific position or voluntarily).

  • Persons concerned: Interested parties, business and contractual partners, applicants.
  • Purposes of processing: Contractual services and service, contact requests and communication, office and organisational procedures, administration and answering enquiries.
  • Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. B. GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. C. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. F. GDPR).

Contact us

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the data ft he enquiring persons are processed insofar as this is necessary to answer the contact enquiries and any requested measures. The response to contact enquiries in the context of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to responding to (pre-)contractual enquiries and otherwise on the basis of legitimate interests in responding to the enquiries.

  • Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos).
  • Affected persons: Communication partner.
  • Purposes of processing: Contact enquiries and communication.
  • Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Provision of the online offer and web hosting

In order to provide our online offering securely and efficiently, we utilise the services of one or more web hosting providers from whose servers (or servers managed by them) the online offering can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services. The data processed as part of the provision of the hosting service may include all information relating to the users of our online service that is generated during use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.

E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of recognising SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received (unless an end-to-end encryption method is used). We can therefore accept no responsibility for the transmission path of e-mails between the sender and receipt on our server.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks) and to ensure the utilisation of the servers and their stability.

  • Processed data types: Content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Contractual services and service.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Services used and service providers:

Wix: Hosting platform for websites; Service provider: Wix.com ltd, Tel Aviv, 500 Terry A.Francois Boulevard, San Francisco, California 94158, USA; Website: https://www.wix.com; Privacy Policy: https://de.wix.com/about/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnbGAAS&status=Active.

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other authorisations cease to apply (e.g. if the purpose for processing this data no longer applies or it is not required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person. Further information on the deletion of personal data can also be found in the individual data protection notices of this privacy policy.

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Rights of the data

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw your consent at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to obtain information about this data and further information and a copy of
    the data in accordance with the legal requirements.
  • Right to rectification: In accordance with the statutory provisions, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
  • Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements.
  • Complaint to the supervisory authority: You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
CDM Plattform Login
CDM Plattform Login
Scroll to Top