In this section we inform you about the processing of your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Responsible for data processing is
Phone: +49 221 650 65-0
Fax: +49 221 650 65-110
Our data protection officer is
Mr. Stephan Geistmann
Phone: +49 221 650 65-0
Fax: +49 221 650 65-110
Your personal data
Personal data is all information that concerns you as a person. We process the personal data provided by you in the context of your application and transmitted to us, which usually includes
- First and last name, title and form of address
- Your contact details: Contact information such as address, telephone number, fax number, e-mail address, professional position if applicable
- Your application data, consisting of your cover letter, resume and the usual proofs and certificates.
We collect this personal data from you as the person concerned.
Purposes of processing
In order for us to involve you in application procedures for a specific position, we require standard and meaningful application documents that inform us about your personality profile and qualifications. We process your personal data to carry out the application process (Art. 6 I S. 1 lit. b) GDPR, § 26 BDSG). As a matter of principle, we only use your application documents to decide whether to fill the position for which you have expressly applied. For this purpose, we will forward your application documents to the employees involved in the application procedure.
If you submit an unsolicited application that does not relate to a specific position, we can use your application documents in the context of staffing decisions for all positions that come into consideration. For this purpose, we will include your application documents with colleagues from the department(s) in which you would like to work, and forward your documents to them.
Transmission of your data to third parties
To provide the best possible service, we work together with external service providers that we always select carefully and integrate in accordance with data protection laws, in particular
- of DATEV eG, Paumgartnerstraße 6 - 14, 90429 Nuremberg, which provides us with specific IT applications on the basis of an order processing agreement in accordance with Art. 28 GDPR;
- service providers in the field of marketing, to whom we transfer personal data, if at all, on the basis of an order processing agreement pursuant to Art. 28GDPR;
- postal service providers who deliver postal items to you, financial institutions for the processing of payments and court and authorities if this is necessary for our activities or if we are obliged to do so.
Your applicant data will not be transferred to a third country outside the EU or to an international organization.
Your data in safe hands
Your personal data is stored centrally on our local servers in our office in Cologne and - in backup - at DATEV eG in Nuremberg and thus exclusively in Germany.
We process your personal data on our servers primarily by means of the Microsoft software applications you are familiar with (Office applications). In addition, we use applications of the provider DATEV eG, Paumgartnerstr. 6 - 14, 90429 Nuremberg, in the field of electronic file management and electronic billing. DATEV carries out software maintenance and servicing services on our systems. In individual cases, it cannot be ruled out that DATEV may gain access to your personal data. DATEV acts strictly in accordance with our instructions as a processor in accordance with Art. 28 GDPR, whom we have carefully selected and contractually obliged to take the necessary data security measures.
We process your personal data in accordance with appropriate technical and organizational measures (Art. 32 GDPR); this must be emphasized:
- Access to all offices only by means of an individual electronic key card
- Password-protected account of each individual workstation computer and each mobile device used for business purposes
- Encrypted VPN connections
- Personalized access to DATEV file management only for authorized employees
- Seamless anonymization of documents to be translated by translation service providers or corresponding IT applications
- High security level in accordance with Art. 32 GDPR through DATEV (including comprehensive encryption with 2-factor authentication, information management system in accordance with ISO and certified data protection management system)
- Encrypted e-mail transmission (transport encryption with TLS) as well as, if desired, content encryption of our e-mail communication (for decryption, a password is required, which will be communicated to you by other means (SMS, telephone, fax, etc.) the first time you use it)
Deletion of your personal data
If the application procedure does not result in your employment, we will delete and destroy your applicant data as soon as a period of six months has elapsed after a final rejection by you or by our company.
Should an application procedure result in your employment, we will include your application documents in your personnel file in order to inform you about your personality profile and qualifications for the purpose of the employment relationship. In this case, your application documents will only be deleted and destroyed when your employment is terminated and a further three years have elapsed since the end of the year in which the employment ended.
After the end of the retention period we will delete your personal data unless there is a legitimate interest in archiving and your interest in deletion does not outweigh this interest.
As far as we process your personal data, you are entitled to various data protection claims against us. You have the right,
- to request information about the data stored about your person and its origin, the purpose of processing and the recipients or categories of recipients of the data (Art. 15 GDPR, § 34 BDSG)
- under certain conditions, to demand correction, blocking (restriction of processing) or deletion of your personal data from us (Art. 16 - 18 GDPR, § 35 BDSG)
- to request the transfer of your data to another responsible party (Art. 20 GDPR) and
- to complain to us or to a competent data protection authority about data processing (Art. 77 GDPR)
You may also object to the further processing of your data if we process your data on the basis of a legitimate interest (Art. 6 I 1 lit. f) GDPR). Insofar as we do not process your data for advertising purposes, this requires a reason arising from your particular situation. In the event of an objection, we will not process your personal data to which the objection relates any further from the time of receipt during the subsequent examination and will delete it after the examination has been completed - if the objection is justified (§ 36 BDSG, Art. 21 GDPR).
You can revoke any consent you have given us for data processing (Art. 6 I 1 lit. a) GDPR) at any time; we will not process your personal data further unless we have legal permission to do so.
A justified objection and a revocation have no influence on data processing operations that have already taken place.
We fulfil all rights to which you are entitled free of charge and without delay. For this and all other questions, please contact us directly or our data protection officer using the contact details given at the beginning.