Privacy policy
You can give your consent to entire categories or have further information displayed and thus select only certain cookies.
Data protection information of WMC Healthcare GmbH
We, WMC Healthcare GmbH (WMC), take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory provisions of the relevant data protection laws, in particular the European General Data Protection Regulation (GDPR) and this privacy policy. This privacy policy covers the use of WMC’s digital offerings, including our social media profiles via all Internet-enabled devices, as well as data processing in the context of job applications and in the employment relationship. The digital offerings may contain links to other websites and third-party services to which this privacy policy does not apply.
Contents
- Person responsible
- Purpose of the processing of personal data
Data processing for the provision of contractual services
Data processing for communication with you
Data processing in the context of events - YouTube
- Vimeo
Online presences in other social networks - Newsletter
- Cookies
Data processing for applications / in the employment relationship - Data processing under joint responsibility
Data processing for the performance or within the scope of a contract - Status information in the application process
- “Job subscription”
“Salary statistics” module)
“Easyfeedback” online surveys
Talent pool 10 - Other data processing based on your consent
Log files
Data processing to fulfill legal obligations - Recipients of personal data
Duration of data storage
Data security
Data subject rights
1. responsible person
The controller responsible for the processing of your personal data is
WMC Healthcare GmbH
Friedrichstraße 1a
80801 Munich
kontakt@wmc-healthcare.de
If you have any questions about data protection at our company, please write to us at the above postal address with the addition “Data protection” or at the e-mail address provided. You can contact our data protection officer, Mr. Malte Rheingans (https://cogito.consulting), by e-mail at wmc@cogito.consulting or by post at the above address with the addition “To the data protection officer”.
2. purpose of the processing of personal data
2.1 Data processing for the provision of contractual services
We process personal data in order to handle the contractual relationships and to be able to submit needs-based contractual offers. The data is collected in particular to conclude or execute a contract. We may require your correct name, address and payment details for your order. We ask for your e-mail address and telephone number so that we can communicate with you in the event of questions or problems regarding the service you have commissioned. The basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
2.2 Data processing for communication with you
In addition to the contract data, we process your communication data (name, address, telephone number, e-mail address) in order to process your request and/or to be able to contact you. Personal data that you provide to us by e-mail or via a contact form or another communication channel opened by us will only be processed for correspondence with you or only for the purpose for which you have provided us with the data. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested. You can withdraw your consent at any time with effect for the future. All you need to do is send us an informal email. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.3 Data processing in the context of events
We collect and process your personal data insofar as this is necessary for the organization and implementation of online or hybrid (online and onsite) events. If you participate in an event, we process in particular your name and address data as well as your e-mail address and, if applicable, your payment data in order to ensure that only registered participants have access to the event, to be able to communicate with you regarding your participation and, if necessary, to be able to invoice the participation fees. We process your e-mail address in order to send the registration confirmation and to inform you in advance about the event (dates, location, directions, program or an invitation to the event, etc.) or, if necessary, to inform you about other dates and events afterwards. If you have registered for an event, you may receive a registration confirmation with the relevant information (e.g. time, duration, etc.) and possibly an e-mail with further information (e.g. service provider, system requirements) before the event. It may also be necessary for you to download, install and/or run the software of a service provider. You will usually receive further information on this in the e-mail shortly before the event or on the website of the respective service provider. If an event consists of several sub-events, we may inform you about these via e-mail after the event. We reserve the right to record the events in image, video and/or sound in order to document them, to make them available if necessary, to evaluate content and processes in cooperation with the respective speakers and, if necessary, to further improve events. In particular, the speaker’s presentation (image and speech) as well as the participation and any interactions of the speaker and the participants may be recorded. Data processing for the purpose of organizing and holding events is carried out on the basis of Article 6 para. 1 sentence 1 lit. b) GDPR to fulfill the participation contract concluded between you and us for the event or, if applicable, already for (pre-)contractual measures. In all other cases, the processing is based on our legitimate interest in the documentation and/or evaluation and/or improvement of events (Art. 6 para. 1 lit. f GDPR).
2.4 LinkedIn
We operate a company page on the social network linkedin.com of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”) and may receive so-called page analytics from LinkedIn with regard to our LinkedIn page. For this operation of the LinkedIn company page, there may be joint responsibility with LinkedIn within the meaning of Art. 26 GDPR. For the nature and scope of the information provided to LinkedIn, the associated purposes of data processing by LinkedIn, its lawfulness and information on exercising your rights, please refer to LinkedIn’s privacy policy at the URL https://www.linkedin.com/legal/privacy-policy and the joint controllership agreement, which can be found at the URL https://legal.linkedin.com/pages-joint-controller-addendum. Page analytics (https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview) is aggregated data that allows us to gain insight into how people interact with our site. The generation and provision of these page analytics is the responsibility of LinkedIn, we have no influence on this. LinkedIn assumes all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). The purpose of the data processing of the data provided by LinkedIn by us is the statistical evaluation of the use of our company page. This enables us, for example, to determine the preferred visiting and posting times of our users and use them to optimize our posts and our company page. In addition, we process personal data made publicly available by you on LinkedIn (e.g. real names in the user profile) as well as data directly related to activities on our company page (e.g. contributions, posts, likes, tags), also for the purpose of communicating with you. The basis for the aforementioned data processing is Art. 6 para. 1 sentence 1 lit. a GDPR. If you have given your consent to LinkedIn, you can revoke this consent at any time with effect for the future. Please assert your rights to information, correction, deletion, restriction of processing and data portability of your stored Insights data against LinkedIn, as LinkedIn has assumed the corresponding obligations: LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland
Privacy Policy https://www.linkedin.com/legal/privacy-policy
Retargeting opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
2.5 YouTube
We may use videos or plugins from YouTube on some of our websites. The operator of YouTube is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. As soon as a YouTube video is started on our website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages have been visited. If users are logged into their YouTube account, they enable YouTube to assign their surfing behavior directly to their personal profile. Furthermore, YouTube can store various cookies on the data subject’s device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent fraud attempts. After starting a YouTube video, further data processing operations may be triggered over which we have no control. Among other things, a connection to the Google Marketing Platform network may be established and personal data may be processed in the USA in this context. Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de. We may request consent for the use or activation of the YouTube functionality. Important in connection with data processing in the USA: According to the European Court of Justice, the data protection standard in the USA is inadequate and there is a risk that your data will be processed by US authorities for control and monitoring purposes and possibly without legal remedies. Google is an active participant in the EU-US Data Privacy Framework, which aims to ensure the secure processing of personal data of EU citizens in the USA. You can find more information on this at https://www.dataprivacyframework.gov/participant/5780 If data subjects have consented to the use of YouTube by us and the associated data processing, the data processing and, if applicable, the storage of YouTube cookies is based on this consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 49 para. 1 sentence 1 lit. a GDPR. Art. 49 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 TDDDG. Data subjects can withdraw their consent at any time with effect for the future. The legality of the data processing already carried out on the basis of the consent remains unaffected by the revocation.
2.6 Vimeo
On some of our websites, we may use videos or plugins from the provider Vimeo LLC, headquartered at 555 West 18th Street, New York, New York 10011 (“Vimdeo”). As soon as a Vimeo video is started on our website, a connection to the Vimeo servers is established. The Vimeo server is informed which of our pages have been visited. If users are logged into their Vimeo account, they enable Vimeo LLC to assign their surfing behavior directly to their personal profile. Furthermore, Vimeo can store various cookies on the data subject’s end device after starting a video. With the help of these cookies, Vimeo can obtain information about visitors to our website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. After the start of a Vimeo video, further data processing operations may be triggered over which we have no control. As part of the processing, the above-mentioned personal data may be transferred to the USA in pseudonymized form. Important in connection with data processing in the USA: According to the European Court of Justice, the data protection standard in the USA is inadequate and there is a risk that your data will be processed by US authorities for control and monitoring purposes and possibly without the possibility of legal recourse. Vimeo is an active participant in the EU-US Data Privacy Framework, which aims to ensure the secure processing of personal data of EU citizens in the USA. You can find more information on this at https://www.dataprivacyframework.gov. If data subjects have consented to the use of Vimeo by us and the associated data processing, the data processing and, if applicable, the storage of Vimeo cookies is based on this consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 49 para. 1 sentence 1 lit. a GDPR. Art. 49 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 TDDDG. Data subjects can withdraw their consent at any time with effect for the future. The legality of the data processing already carried out on the basis of the consent remains unaffected by the revocation.
2.7 Online presence in other social networks
We have set up online presences in various social networks in order to communicate with you, interested parties and customers and to provide information about our services and current offers. In addition to our interaction with you, the social networks process data from visitors to their websites for the purpose of market research and advertising, i.e. a user profile may be created by the respective operator of the social network from the respective visit or usage behavior and the preferences and interests of a visitor derived from this. Such user profiles can be used, among other things, to display advertisements customized to the respective user profile within the respective social network and possibly on other websites. Cookies (see above) may be stored on visitors’ devices, which can be used to collect data on user behavior. This data can also be collected across multiple browsers and/or end devices used by a user, especially if they are logged in as a member of the respective social network. Even if a visitor does not have a profile with the respective social network, it cannot be ruled out that personal data relating to this visitor will be stored when they visit the respective website. Requests for information regarding the data stored via our online presences in social networks or the exercise of other data subject rights in this regard (see below) can be addressed to the provider of the respective service. Only the providers of the social networks have access to the respective data stored there and can provide the relevant information, etc. With regard to the purpose and scope of data processing by the various social networks, we also refer to their respective data protection notices and the respective contact options: New Work SE (XING)
Dammtorstraße 29-32
20354 Hamburg, Germany
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung The processing of data in the context of our online presence in social networks is carried out, insofar as we are responsible under data protection law, on the basis of our legitimate interest in effective information and direct communication with interested parties and customers of our company. The basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our interest lies in the provision of content and communication with users of the respective social networks and in improving the reach and effectiveness of our posts.
2.8 Newsletter
With your consent, you can subscribe to our newsletter, with which we inform you about current news concerning us. If you would like to receive the newsletter, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send you an e-mail with a confirmation link (double opt-in) to the e-mail address you have provided. If you do not confirm your registration, your information will be blocked and automatically deleted after one month. The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. We do not collect any other data in this context. We use this data exclusively for sending the requested newsletter. The data processing takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.9 Cookies
We use so-called cookies, among other things to be able to offer you website-specific services. Cookies are small text files that are stored on a visitor’s computer and contain data about the respective user in order to give them access to various functions. Both session cookies and persistent cookies are used on our website. A session cookie is temporarily stored on the computer you are using while you navigate through the website. A session cookie is deleted as soon as you close your Internet browser or as soon as your session has expired after a certain period of time. A persistent cookie remains on your computer until it is deleted. Storing a cookie ensures that you do not have to repeatedly enter your personal settings and preferences each time you visit. This saves you time and makes using our website more convenient for you. We may work with third parties on some of our websites and therefore cookies from partner companies may also be stored when you visit such a website (third-party cookies). We may inform you about the use of such cookies and the scope of the data collected in each case. We use necessary cookies that are required to enable the provision of the services owed by us or to ensure the functionality of our services. The legal basis for setting these cookies is Section 25 (2) No. 2 TDDDG. For example, we set the JSESSIONID cookie on the careers page as a technically necessary session cookie. This stores a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. This session cookie is deleted when you log out or close the browser. Any processing of personal data carried out in this context is then based on Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, or Art. 6 para. 1 sentence 1 lit. f GDPR, which permits data processing to safeguard the legitimate interests of the controller, unless the interests or fundamental rights and freedoms of the data subject outweigh the controller’s interest in data processing. Our interest then lies in ensuring the provision of the functions of our services. We may obtain your consent for the use of other, non-essential cookies. Cookies are then set on the basis of your consent in accordance with Section 25 (1) TDDDG, any processing of personal data carried out in this context in accordance with Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent at any time.
The legality of the data processing already carried out on the basis of your consent remains unaffected by the revocation.
2.10 Data processing for applications / in the employment relationship
You can send us applications for positions in our company via our websites and the contact details provided there. If you submit personal data to us in this way or in any other way when applying, we will process your data to review, process and respond to your application and, if necessary, to prepare the employment relationship. In addition, we may also carry out the processing activities listed under this section in an employment relationship. In all other respects, the other explanations in this data protection notice also apply with regard to data processing for applications and/or in the employment relationship.
2.10.1 Data processing under joint responsibility
The companies of the Vivecti Group also process personal data in the context of applications and employees under joint responsibility within the meaning of Art. 26 GDPR: WMC HEALTHCARE GmbH, miralytik healthcare consulting GmbH, Vivecti Group GmbH, Prospitalia GmbH, Pro Care Management GmbH, Prospitalia h-trak GmbH and PS Healthcare Services GmbH (together the “Parties”) have concluded contracts in accordance with Art. 26 GDPR with regard to the processing of personal employee data. We also use external personnel offices to carry out an application, which then place job advertisements together with us, accept applications, select applicants and, if necessary, draw attention to suitable job advertisements. This and the respective personnel office, which is jointly responsible with us for the processing in these cases in accordance with Art. 26 GDPR, are identified in the respective job advertisement. It is agreed in the joint controllership contracts that the parties will jointly process the personal data of persons who apply to the respective companies in order to enable optimal personnel planning, i.e. for the purpose of initiating the employment relationship and fulfilling any legal obligations in the context of employment relationships. In addition, it was agreed that each party is responsible for the data processing it carries out, i.e. it independently assumes all rights and obligations arising therefrom, including the processing of data subjects’ rights. Nevertheless, data subjects can contact either party at any time with their concerns and claims.
2.10.2 Data processing for the performance or within the framework of a contract
We process personal data in order to handle any contractual relationships and, if necessary, to be able to submit contract offers tailored to your needs, in particular any data that we receive from you as part of the employment contract or the application process. Master data (name and address, personnel number), CVs, references, employment details (job description, probationary period, start and end dates), school education and qualifications and training, contact details (telephone, fax, e-mail) and, where applicable, other data such as bank details, date and place of birth, gender, age, religious denomination, nationality, Health insurance or pension scheme, pension insurance provider, social security number, tax number, any allowances, tax identification number and tax class, which are necessary for processing payroll accounting and calculating social security contributions, as well as information that you have voluntarily provided to us as part of the application process. We request information on marital status and parenthood in order to calculate social security contributions and to determine whether a supplementary contribution to long-term care insurance is payable in accordance with Section 55 (3) of the German Social Security Code (Sozialgesetzbuch XI). If it is necessary to check the legality of the employment, we ask for a work permit or authorization. Insofar as special categories of personal data are processed in accordance with Art. 9 para. 1 GDPR, this serves the exercise of rights or the fulfillment of legal obligations under employment law, social security law and social protection law (e.g. disclosure of health data to the health insurance company, recording of severe disability due to additional leave and determination of the severely disabled levy, employment prohibitions) within the scope of the employment relationship. In addition, the processing of health data may be necessary for the assessment of fitness for work in accordance with Art. 9 Para. 2 h) in conjunction with Section 22 Para. 1 b) BDSG (new). For this purpose, we also request information after recruitment as to whether a severe disability exists in order to be able to safeguard corresponding rights under the German Social Security Code IX and to calculate any compensatory levy in accordance with Section 77 of the German Social Security Code IX. An answer to this question is only required after a period of employment of six months, before that the answer is voluntary. As part of the employment relationship, we process other personal data, including data on sick leave, absences (vacation, special leave, sabbatical, etc.) or working hours, the implementation of further training measures, the preparation of references and employee appraisals, time recording, processing of sick notes, processing of reportable accidents at work, implementation of company reintegration management, recording and operation of the company IT structure, commissioning of personnel service providers for employee recruitment, notifications to insurance companies for the company pension scheme, ensuring legal requirements for maternity protection. We may keep a personnel file in which we store all key information required for the employment relationship. If you would like to view the contents of your personnel file, please contact the HR department.
Insofar as we process the aforementioned personal data for the establishment, execution and termination of an employment contract or application process or for the purpose of personnel administration, planning and/or development as well as for administrative and organizational purposes, the basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, i.e. in particular for the purpose of initiating or implementing the employment relationship. In the other cases explained above, data processing is carried out for the purpose of fulfilling an existing legal obligation in this context pursuant to Art. 6 para. 1 lit. c GDPR (if applicable, Art. 9 para. 2 lit. b GDPR in conjunction with Art. 6 para. 1 sentence 1 lit. c GDPR).
2.10.3 Status information in the application process
If you apply to us via a job board (e.g. Hellowork, Stepstone), the data you submit will be automatically transferred to our recruiting system. With some of these job boards, you have the option of tracking the status of your application in your account with the respective job board. For this purpose, our service provider, softgarden e-recruiting GmbH, transmits the status of your application (receipt, processing of the application, rejection) to the job exchange on our behalf. The transmission of the status in your account with the job exchange takes place with a time delay (up to four weeks) so that we can inform you personally in advance about the status of your application. The legal basis for data transmission is Art. 6 para. 1 lit. b GDPR (initiation of an employment relationship). Further information on data processing can be found in the data protection information of the respective job board you have applied through.
2.10.4 “Job subscription” subscription
To be informed about new vacancies, you can subscribe to the job newsletter or view suitable vacancies on our career board (RSS feed). You can define your subscription in more detail by specifying the desired job and location. Your e-mail address is also required for the subscription. The legal basis for this processing is your consent to receive the newsletter in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter (opt-out).
2.10.5 Salary statistics module “Salary statistics”)
Our processor softgarden will give you the opportunity to provide feedback on your salary expectations and salaries offered to you at various stages of the application process. The information provided will be processed anonymously and without linking it to your name and contact details. softgarden processes this data anonymously for its own purposes (statistics, analysis, studies) and is responsible for this processing within the meaning of Art. 4 No. 7 GDPR.
The processing only takes place with your consent through participation and on a purely voluntary basis. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.
2.10.6 “Easyfeedback” online surveys
At the end of the application process, softgarden may send you an invitation to a survey via a link. The survey takes place via a service provided by easyfeedback GmbH in order to query the application experience. softgarden conducts this survey as the controller within the meaning of Art. 4 No. 7 GDPR and processes the collected data anonymously for its own purposes (statistics, analysis, studies) and for the further development of softgarden products. The collection of survey data is secured by SSL encryption as standard and softgarden does not establish any personal reference in the course of the evaluation. The survey can be canceled at any time. The data processed up to the time of termination can be used for the purposes mentioned.
Your participation in the survey is purely voluntary and by participating you declare your consent, without which your participation is not possible, Art. 6 para. 1 lit. a) GDPR. The data is processed anonymously by softgarden for evaluation purposes. You can find more information about easyfeedback’s data protection in the following information: https://easy-feedback.de/privacy/datenschutzerklaerung.
2.10.7 Talent pool
As part of your application or via the “Get in touch” button, you have the opportunity to recommend yourself for our talent pool. The processing is necessary in order to be automatically considered for further job advertisements, i.e. for similar or otherwise suitable positions.
If you register for the talent pool via the “Get in touch” button, the following information will be requested:
- Salutation, academic title (optional)
- First name, last name, e-mail address
- Job fields of interest
- Current career level
- Preferred location(s)
- XING profile or curriculum vitae
Inclusion in the talent pool is purely voluntary with your consent and by using an opt-in link. The legal basis is Art. 6 para. 1 lit. a) GDPR.
2.11 Data processing for the protection of legitimate interests
We also process your data if it is necessary to protect our legitimate interests or those of third parties. This may be the case in particular to ensure IT security and IT operations, especially in the case of support requests, to be able to trace and prove facts in the event of legal disputes, for market and opinion surveys, to statistically evaluate the use of our website and, if necessary, in the context of photo or video recordings made at an event in order to provide effective publicity about it on the Internet, in particular on websites and in social media channels and/or in press publications. The basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in the data processing listed above.
2.12 Other data processing based on your consent
We may also ask you for your consent to process personal data. Any granting of consent and the relevant data processing takes place on a voluntary basis and you will not suffer any disadvantages if you do not give your consent. The data processing then takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. All you need to do is send us an informal message. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.13 Log files
Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data: Browser type and browser version, operating system used, referrer URL, time of server request, shortened IP address. This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use. The basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.14 Data processing for the fulfillment of legal obligations
In addition, we process your data to fulfill legal obligations (e.g. regulatory requirements, commercial and tax law retention and verification obligations). The basis for data processing is Art. 6 para. 1 sentence 1 lit. c GDPR, which permits processing to fulfill a legal obligation.
3. recipient of the personal data
Your personal data will only be passed on or otherwise transmitted to third parties if this is necessary for the purpose of processing the contract or if you have given your prior consent or if there is a legal basis for the transfer. As part of the execution of the contract, your data will be passed on to the body that requires it to fulfill our contractual and legal obligations. In addition, it is in the legitimate interest of internal departments and specialist managers to inspect the data, for example from the application process, insofar as knowledge of the data is necessary and permissible for the selection of applicants, steps or measures under the employment contract or internal administrative purposes of the company. For this purpose, your data may be forwarded by e-mail or within the management system. The legal basis for this processing is then Art. 6 para. 1 sentence 1 lit. f) and, if applicable, Art. 6 para. 1 sentence 1 a) GDPR. Service providers who support us in the provision of our services are our IT service provider, our hosting service provider, sales and marketing partners, software (SaaS) providers and other IT service providers, in particular service providers for software and hardware maintenance, and email service providers. For the efficient implementation of application procedures, we use an applicant management system from softgarden e-Recruiting GmbH, which operates the applicant management system as a processor within the meaning of Art. 4 No. 8 GDPR.
4. duration of data storage
In principle, we delete your data as soon as it is no longer required for the respective purpose, unless temporary storage is still necessary. Your data will be stored for the duration of the application process and in accordance with the legitimate retention periods after completion of the application process. In the event of a rejection, the data will be stored for 6 months. After the retention period has expired, the data will be completely anonymized. The processing of anonymized data records is not subject to the material scope of the data protection regulations, so that anonymized data can be processed for statistical and analytical purposes, for the creation of market studies or for product development.
5. data security
Your personal data is transmitted securely through encryption. We use the SSL (Secure Socket Layer) coding system. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. We also use technical and organizational measures to protect our websites and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons.
6. rights of data subjects
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time using the contact details provided in section 1 if you have further questions on the subject of personal data. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, commonly used and machine-readable format. If you have given us your consent to process personal data for specific purposes, you can withdraw your consent at any time with effect for the future. If we process your data to protect legitimate interests, you can object to this processing on grounds relating to your particular situation. If we cannot demonstrate compelling legitimate grounds for further processing which override your interests, rights and freedoms, or if we process your data for the purpose of direct marketing, we will no longer process your data. You also have the option of contacting a data protection supervisory authority (right to lodge a complaint).