1. An overview of data protection
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory information
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Nimbus Group GmbH
Telephone: +49 (0) 711 63 30 14 0
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data protection officer
Statutory data protection officer
We have appointed a data protection officer for our company.
Our Data Protection Officer can be contacted as follows:
Häfele GmbH & Co KG
Data Protection Officer
72202 Nagold, Germany
4. Data collection on our website
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Registration with Facebook Connect
Instead of registering directly on our website, you may also register using Facebook Connect. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you decide to register with Facebook Connect and click on the "Login with Facebook" or "Connect with Facebook" buttons, you will be automatically redirected to the Facebook platform. There you can log in with your Facebook username and password. This will link your Facebook profile to our website or services. This link gives us access to your data stored on Facebook. Including especially your:
• Facebook name
• Facebook profile picture
• Facebook cover picture
• Email address provided to Facebook
• Facebook ID
• Facebook friends
• Facebook Likes
This data will be used to set up, provide, and personalize your account.
Our pages uses the Inbound-Marketing- & Sales-Software HubSpot.
It is operated by HubSpot, Inc.25 First Street, 2nd Floor Cambridge, MA 02141 USA.
5. Social media
Share content via plugins (Facebook, Google+1, Twitter, etc.)
The content on our pages can be shared on other social networks like Facebook, Twitter, or Google+. This page uses the eRecht24 Safe Sharing Tool. This tool establishes direct contact between the networks and users only after users click on one of these buttons.
This tool does not automatically transfer user data to the operators of these platforms. If users are logged into one or more of the social networks, the Like, +1, and Share buttons for Facebook, Google+1, Twitter, etc. will display an information window in which the user can edit the text before it is sent.
Our users can share the content of this page on social networks without their providers creating profiles of users' surfing behavior.
Facebook plugins (Like & Share buttons)
Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.
Our pages use Google+ functions. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Collection and disclosure of information: Using the Google +1 button allows you to publish information worldwide. By means of the Google+ button, you and other users can receive custom content from Google and our partners. Google stores both the fact that you have +1'd a piece of content and information about the page you were viewing when you clicked +1. Your +1 can be displayed together with your profile name and photo in Google services, for example in search results or in your Google profile, or in other places on websites and advertisements on the Internet.
Google records information about your +1 activities to improve Google services for you and others. To use the Google + button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name is used by all Google services. In some cases, this name may also replace a different name that you have used to share content via your Google account. The identity of your Google profile can be shown to users who know your email address or other information that can identify you.
Use of collected data: In addition to the uses mentioned above, the information you provide is used in accordance with the applicable Google data protection policies. Google may publish summary statistics about users' +1 activity or share it with users and partners, such as publishers, advertisers, or affiliate websites.
Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram.
Our pages use the buttons of the Tumblr service. It is operated by Tumblr, Inc., 35 East 21st St., 10th Floor, New York, NY 10010, USA.
These functions allow you to share a post or a page on Tumblr or to follow the provider on Tumblr. When you visit one of our websites using the Tumblr button, the browser establishes a direct connection to the Tumblr servers. We have no influence on the amount of data that Tumblr gathers and transmits with the plugin. Based on our current knowledge, we believe that the user's IP address and the URL of the respective website are transmitted.
Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.
Our website uses features provided by the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Each time one of our pages containing XING features is accessed, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored nor is usage behavior evaluated.
Our website contains functions of the Pinterest social network, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA.
When you visit a page containing the Pinterest social plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits this log data to Pinterest servers in the United States. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies.
More information about the purpose, scope and further processing and use of data by Pinterest, as well as your rights and options to protect your privacy, can be found in the privacy notices of Pinterest: https://about.pinterest.com/de/privacy-policy.
6. Analytics and advertising
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: (gaoptout: Disable Google Analytics).
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic data collection by Google Analytics
This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".
Matomo (formerly Piwik)
This website uses the open source web analytics service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before it is stored.
Matomo cookies remain on your device until you delete them.
The storage of Matomo cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
The information generated by the cookies about your use of this website will not be disclosed to third parties. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.
If you do not agree with the storage and use of your data, you can disable this feature here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing your usage data. If you delete your cookies, this will mean that the opt-out cookie will also be deleted. You will then need to reactivate it when you return to our site if you wish your activity not to be tracked.
This website uses Google AdSense, a service for including advertisements from Google Inc. ("Google"). It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google AdSense uses so-called "cookies", which are text files stored in your computer that enable an analysis of the way you use the website. Google AdSense also uses so-called web beacons (invisible graphics). Through these web beacons, information such as the visitor traffic on these pages can be evaluated.
The information generated by cookies and web beacons relating to your use of this website (including your IP address), and delivery of advertising formats, is transmitted to a Google server in the US and stored there. This information can be passed on from Google to contracting parties of Google. However, Google will not merge your IP address with other data you have stored.
AdSense cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
You can prevent the installation of cookies by setting your browser software accordingly. Please be aware that in this case, you may not be able to make full use of all the features of this website. By using this website, you agree to the processing of data relating to you and collected by Google as described and for the purposes set out above.
Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.
You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").
These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider's website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.
You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will first need to log into Facebook.
If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
This website uses the services of Campaign Monitor for sending newsletters.
8. Plugins and tools
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.
If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.
On our pages, plugins of the SoundCloud social network (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, UK) may be integrated. The SoundCloud plugins can be recognized by the SoundCloud logo on our site.
If you do not want SoundCloud to associate your visit to our site with your SoundCloud account, please log out of your SoundCloud account.
Features of the Spotify music service are included on our pages. This service is provided by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. The Spotify plugins can be recognized by the green logo on our site. For an overview of the Spotify Plugins, see https://developer.spotify.com.
Thus, when you visit our pages about the plugin a direct connection can be established between your browser and the Spotify server. This enables Spotify to receive information that you have visited our site from your IP address. If you click the Spotify button while you are logged into your Spotify account, you can link the content of our pages to your Spotify profile. This means that Spotify can associate visits to our pages with your user account.
If you do not want Spotify to associate your visit to our site with your Spotify account, please log out of your Spotify account.
We are delighted that you wish to apply for a position at our company. We explain below how we process your personal data as part of an application and also provide you with other relevant information in this regard.
Who is responsible for processing your personal data?
The Nimbus Group GmbH, Sieglestr. 41, 70469 Stuttgart (hereinafter referred to as ‘we’) is responsible within the terms of the EU General Data Protection Regulation (GDPR).
Data protection officer
For all matters relating to the processing of your personal data and the exercising of your rights in accordance with the GDPR, please consult our data protection officer.
The Data Protection Officer of the Nimbus Group can be contacted as follows:
Häfele GmbH & Co KG
Data Protection Officer
72202 Nagold, Germany
For what purposes and on what legal basis do we process personal information?
We process your personal data for the purposes of managing your application for employment to the extent that this is necessary for making a decision relating to the establishment of an employment relationship with us. The legal basis for this is set out in § 26, Paragraph 1 in conjunction with Paragraph 8, p. 2, Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).
We can also process your personal data to the extent that this is necessary to mount a defence in respect of legal claims asserted against us as a result of the application process. The legal basis for this is set out in Article 6, Paragraph 1 (f), GDPR. The legitimate interest may, for example, be an obligation to furnish evidence in a case brought under the General Equality Act (Allgemeines Gleichbehandlungsgesetz or AGG).
In accordance with § 26, Paragraph 1, BDSG, if an employment relationship is established between you and us, we can continue to process the personal data we have already received from you for the purposes of the employment relationship if this is necessary for maintaining or terminating the employment relationship or for exercising the rights and duties of the group representing the employees’ interests arising from a particular law, wage agreement or works agreement (collective agreement).
What kind of personal data do we process?
We process data related to your application. This may be general data about you (such as name, address and contact details), information about your professional qualifications and education, details on continuing professional development or other information that you submit to us as part of your application. Furthermore, we can process career-related information that you have made publicly accessible, such as a profile on professional social media networks.
From which sources does personal data come, if we don’t gather it from you?
If we do not gather the data directly from you and you have an active profile on StepStone or you disclose an inactive or only partially active profile to us as part of the application process, we can also gather personal data from here.
Categories of recepients?
We can pass on your personal data to companies associated with us if this is permissible within the scope of the purposes and legal basis detailed under Section 3. Furthermore, personal data is processed on our behalf on the basis of contracts set out under Article 28, GDPR – especially by host providers or applicant management system providers.
Is there any intention to send the data to a third country?
There is no intention to send the data to a third country.
How long will your data be stored?
We store your personal data for as long as it is necessary to make a decision in relation to your application. If an employment relationship is not established between you and us, we can continue to store your data beyond this point if this is necessary in order to mount a defence against possible legal claims. Here, the application documents will be deleted two months after you have been informed of our decision not to employ you, unless they need to be stored for longer due to legal disputes.
What rights do you have?
By applying for a position at our company, depending on the individual situation, you have the following privacy rights. To exercise these rights, you can contact us or our data protection officer at any time using the contact details provided in Sections 1 and 2:
a. The right to information
You have the right to obtain information about the personal data processed by our company and request access to your personal data and/or copies of this data. This includes information about the purpose for which the data is used, the category of used data, its recipients and those who have a right to access it and, if possible, the planned duration of the data storage period or, if this is not possible, the criteria used for determining the duration.
b. The right to rectify and delete data and restrict the processing of data
You have the right to request that we immediately rectify any incorrect personal data that concerns you. In due consideration of the purposes for which the data is processed, you have the right to request the completion of incomplete personal data – also by means of a supplementary explanation.
c. The right to object
If personal data that concerns you is processed on the basis of Article 6, Paragraph 1 (f), GDPR, you have the right to raise an objection to the processing of this data at any time for reasons resulting from your particular situation. We will then no longer process this personal data unless we can provide compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
d. The right to withdraw
If the processing of your data is based on consent, you have the right to withdraw this consent at any time without affecting the legality of the data already consensually processed until the right to withdraw was exercised. You can contact us or our data protection officer to exercise this right at any time using the contact details provided above.
e. The right to delete data
You have the right to request that we immediately delete any personal data that concerns you. We are then legally bound to delete the personal data immediately, as long as one of the following reasons applies:
- The personal data is no longer needed for the purposes for which it was gathered or otherwise processed.
- You raise an objection to the processing of the data in accordance with Section 9 c above and there are no overriding legitimate reasons to process the data.
- The personal data has been unlawfully processed.
- It is necessary to delete the personal data to comply with a legal obligation in accordance with European Union law or the law of member states to which we are subject.
This does not apply if it is necessary to process the data for the following reasons:
- To comply with a legal obligation that requires the data to be processed in accordance with European Union law or the law of member states to which we are subject.
- To assert, exercise or defend legal claims.
f. The right to restrict the processing of data
You have the right to ask us to restrict the processing of data if one of the following conditions applies:
- The accuracy of the personal data is disputed by you – the restriction then applies for the length of time that allows us to verify the accuracy of the personal information.
- The data has been unlawfully processed and you decline the deletion of the personal data and instead request a restriction on the use of the personal data.
- We no longer need the data for the purposes of processing, although you need it to assert, exercise or defend legal claims.
- You have raised an objection to the processing of the data in accordance with Section 9 c above, while it remains uncertain whether our legitimate reasons outweigh yours.
- If the processing of personal data has been restricted for reasons set out in this subsection (f), then – apart from storing it – this personal data may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity or for reasons related to an important matter in the public interest of the European Union or a member state.
If you have placed a restriction on the processing of your personal data, we will inform you before the restriction is lifted.
g. The right to appeal
Without prejudice to any other administrative or judicial legal remedy, you have the right to appeal to a regulatory authority, especially in the member state where you reside or work or in the location of the alleged transgression, if you consider that the processing of your personal data is in contravention of the GDPR.
The requirement to provide personal data
There is neither a legal nor contractual requirement to provide personal data, nor are you obliged to provide any such personal data. However, it is necessary to provide personal data in order to enter into an employment contract with us. This means that we will be unable to establish an employment relationship with you if you fail to provide us with personal data when applying for a position.