Privacy policy.

Introduction.

Thank you for your interest in our company and the online presence of Headmatch. With the following data protection declaration we would like to inform you about what types of your personal data (hereinafter also referred to briefly as "data") we process for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications as well as within external online presences, such as our social media profiles (collectively referred to as "Online Offer").

The terms used are not gender specific.

01. September 2021

Index.

  • Introduction
  • Responsible
  • Overview of processing operations
  • Relevant legal bases
  • Security
  • Transfer and disclosure of personal data
  • Use of cookies
  • Commercial and business services
  • Contact
  • Provision of the online offer and web hosting
  • Application procedure
  • Newsletter and broad communication
  • Online marketing
  • Valuation platforms
  • Presences on social networks
  • Plugins and embedded functions as well as content
  • Deletion of data

1. Responsible.

Headmatch GmbH & Co. KG
Georgenstraße 24
10117 Berlin
(in the following "Headmatch")

Headmatch Interim GmbH
Georgenstraße 24
10117 Berlin
(in the following "Headmatch Interim")

Persons authorised to represent: Patrick Jacobi, Roman Schapiro, Julien Walter
E-mail address: info@headmatch.de
Phone: +49 (0)30-325 320-0
Imprint: www.headmatch.de/imprint

The company data protection officer can be reached at the address above, to Mr. Ferdinand Walter, or to ferdinand.walter@headmatch.de.

2. Overview over Processing.

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed:

  • Inventory data (e.g. names, addresses).
  • Applicant data (e.g. personal information, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, CV, certificates and other information on their person or qualification provided by applicants with a view to a specific job or voluntarily provided by applicants).
  • Content data (e.g. text input, photographs, videos).
  • Contact details (e.g. e-mail, telephone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Location data (data that indicates the location of an end-user's terminal).
  • Contract data (e.g. subject matter of the contract, term, customer category).
  • Payment data (e.g. bank details, invoices, payment history).


    • Special categories of data:
  • Data showing racial and ethnic origin.


    • Categories of affected persons:
  • Applicants.
  • Business and contractual partners.
  • Interested parties.
  • Communication.
  • Customers.
  • Users (e.g. website visitors, users of online services).


    • Purposes of processing:
  • Visiting action evaluation.
  • Application procedure (justification and possible subsequent implementation as well as possible subsequent termination of the employment relationship).
  • Office and organizational procedures.
  • Cross-device tracking (cross-device processing of user data for marketing purposes).
  • Direct marketing (e.g. by e-mail or postal).
  • Feedback (e.g. collecting feedback via online form).
  • Interest-based and behavioral marketing.
  • Contact requests and communication.
  • Conversion measurement (measurement of the effectiveness of marketing measures).
  • Profiling.
  • Remarketing.
  • Range measurement (e.g. access statistics, detection of returning visitors).
  • Security.
  • Tracking (e.g. interest/behavioural profiling, use of cookies).
  • Contractual services and services.
  • Manage and respond to requests.
  • Target group ingesity (determination of target groups relevant for marketing purposes or other content output).


    • 3. Relevant legal basis.

    In the following, we provide the legal bases of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection requirements may apply in your or our country of residence and residence.

  • Consent (Art. 6 sec. 1 p. 1 lit. a GDPR) - The data subject has given his consent to the processing of the personal data concerning him or her for a specific purpose or several specific purposes.
  • Performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures, which take place at the request of the data subject.
  • Legal obligation (Art. 6 sec. 1 p. 1 lit. c. GDPR) - The processing is necessary for the fulfilment of a legal obligation to which the controller is subject.
  • Eligible interests (Art. 6 sec. 1 p. 1 lit. f. GDPR) - The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
  • Art. 9 GDPR (application procedure as a pre-contractual or contractual relationship) (insofar as special categories of personal data within the meaning of Article 9(1) GDPR (e.g. health data, such as severely disabled or ethnic origin) are requested from applicants in the context of the application process, so that the person responsible or the data subject can exercise the rights he or she may have under labour law and social security law in this respect. , their processing is carried out in accordance with Art. b. GDPR, in the case of the protection of vital interests of applicants or other persons in accordance with Article 9(2) lit. c. GDPR or for health or occupational health purposes, for the assessment of the worker's ability to work, for medical diagnostics, for care or treatment in the health or social sector or for the management of health or social care systems and services in accordance with Article 9(2) of the year. i.e. GDPR. In the case of a communication of specific categories of data based on voluntary consent, their processing shall be carried out on the basis of Article 9(2) lit. a. GDPR).


    • National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. This includes in particular the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 of the BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. In addition, state data protection laws of the individual federal states can be applied.

    4. Security Measures.

    We shall take appropriate technical and organisational measures to ensure a level of protection commensurate with the risk, taking into account the state of the art, the cost of implementation and the nature, the scope of the processing, as well as the different probability of occurrence and the extent of the threat to the rights and freedoms of natural persons.

    Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, entry, disclosure, securing availability and separation. In addition, we have established procedures that ensure the exercise of data subjects' rights, the erasure of data and reactions to the risk of the data. Furthermore, we take into account the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technical design and through data protection-friendly presets.

    SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can detect encrypted connections by the prefix https:// in the address bar of your browser.

    5. Transfer and revelation of personal data.

    In the context of our processing of personal data, the data may be transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. For example, the recipients of this data may be provided by payment institutions in the context of payment transactions, service providers or providers entrusted with IT tasks.

    6. Use of Cookies.

    Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user's computer. A cookie is primarily used to store the information about a user during or after his visit within an online offer. The stored information may include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was viewed. The term cookies also includes other technologies that perform the same functions as cookies (e.g. when user information is stored on the basis of pseudonymous online identifiers, also known as "user IDs")

    The following types of cookies and functions are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
  • Permanent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Similarly, the interests of users used for range measurement or marketing purposes may be stored in such a cookie.
  • First-Party-Cookies: First-party cookies are set by us.
  • Third-Party-Cookies : Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for reasons of security).
  • Statistics, marketing and personalization cookies: In addition, cookies are usually also used in the context of range measurement and when the interests of a user or his behaviour (e.g. viewing certain content, use of functions, etc.) are stored on individual websites in a user profile. Such profiles are used to display to users, for example, content that corresponds to their potential interests. This procedure is also referred to as "tracking", i.e. tracking the potential interests of users. Insofar as we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.


    • Notes on legal bases: On what legal basis we process your personal data with the help of cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed by cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary, in order to fulfil our contractual obligations.

    General notices on revocation and opposition (opt-out): Depending on whether the processing is based on consent or legal permission, you have the possibility at any time to revoke a given consent or to object to the processing of your data by cookie technologies (collectively, "opt-out"). You can first declare your objection by means of the settings of your browser, e.g. by disabling the use of cookies (whereby the functionality of our online offer may also be limited). An objection to the use of cookies for online marketing purposes can also be explained by means of a variety of services, especially in the case of tracking, through the websites http://optout.aboutads.info and http://www.youronlinechoices.com/. In addition, you can receive further notices of objection within the scope of the information on the service providers and cookies used.

    Processing of cookie data on the basis of consent: Before we process or have data processed in the context of the use of cookies, we ask the users for a revocable consent at any time. Until consent has been given, cookies that are necessary for the operation of our online offer will be used. Their use is based on our interest and the interest of the users in the expected functionality of our online offer.

  • Processed data types: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: users (e.g. website visitors, users of online services).
  • Legal bases: consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).


    • Services and service providers used:
  • Consent Manager Provider: Cookie Consent-Solution; service provider: consentmanager.de, Håltegelvägen 1b, 72348 Västerås, Sweden; Website: https://www.consentmanager.de/; Privacy Policy: https://www.consentmanager.de/privacy.php


    • 7. Commercial and business services.

    We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractors") within the framework of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. in order to answer enquiries.

    We process this data for the purpose of fulfilling our contractual obligations, for the protection of our rights and for the purposes of the administrative tasks associated with this information as well as the business organization. Within the scope of the applicable law, we only pass on the data of the contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or is carried out with the consent of the contractual partners. The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the framework of this data protection declaration.

    We will inform the contracting parties before or within the scope of the data collection, e.g. in online forms, by means of special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

    We delete the data after expiry of statutory warranty and comparable obligations, i.e. basically after 4 years, unless you have given us your consent (according to Art. 6 sec. 1 p. 1 lit. a GDPR) for the permanent storage of your data as part of our offer for permanent career advice. Our permanent career advice aims to inform applicants about potentially suitable job offers and career opportunities in a targeted and permanent manner. A given consent can be revoked at any time and without giving reasons (e.g. via e-mail to info@headmatch.de).

    Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third parties or platforms apply in the relationship between the users and the providers.

    Consulting: We process the data of our clients, clients as well as interested parties and other clients or contractors (uniformly referred to as "clients") in order to be able to provide our consulting services to them. The processed data, the nature, scope, purpose and necessity of their processing are determined by the underlying contractual relationship and client relationship.

    If it is necessary for our contract performance, for the protection of vital interests or by law, or if the consent of the clients is available, we disclose or transmit the data of the clients to third parties or agents, such as authorities, subcontractors or in the field of IT, office or comparable services, in compliance with the professional requirements.

    Recruiting services: We process the data of the candidates and the personal data of potential employers or their employees within the scope of our services, which include in particular the search for potential candidates, the contact to them and their placement.

    We process the information and contact details provided by the candidates for the purposes of establishing, implementing and, if necessary, terminating a contract for the placement of a job. In addition, we can ask interested parties at a later date, in accordance with legal requirements, questions about the success of our mediation service.

    We process the data of the candidates as well as the employer in order to fulfil our contractual obligations in order to be able to process the requests for the mediation of positions to the satisfaction of the parties involved.

  • Processed data types: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. e-mail, telephone numbers), contract data (e.g. Subject matter, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), applicant data (e.g. personal information, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, CV, certificates as well as other information provided by applicants with regard to a specific job or voluntarily provided by applicants).
  • Persons concerned: interested parties, business and contractual partners, customers, applicants.
  • Processing purposes: contractual services and services, contact requests and communication, office and organisational procedures, management and response of enquiries, security measures.
  • Legal basis: performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR), legal obligation (Art. 6 sec. 1 lit. c. GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).


    • 8. Contact.

    When contacting us (e.g. via contact form, e-mail, telephone or via social media), the information of the requesting persons will be processed, insofar as this is necessary to answer the contact requests and any necessary measures requested.

    The answer to contact requests in the context of contractual or pre-contractual relationships is for the fulfilment of our contractual obligations or for the answer of (pre-)contractual enquiries and, moreover, on the basis of the legitimate interests in answering the enquiries.

  • Processed data types: inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos).
  • Affected persons: communication partners.
  • Processing purposes: contact requests and communication
  • Legal bases: performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR), Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).


    • 9. Provision of the online offer and webhosting.

    In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance.

    The data processed in the context of the provision of the hosting offer may include all information concerning the users of our online offer that is incurred in the context of use and communication. This regularly includes the IP address necessary to deliver the contents of online offers to browsers and all entries made within our online offer or from websites.

    E-mail sending and hosting: The web hosting services we use also include sending, receiving and storing e-mails. For these purposes, the addresses of the recipients as well as senders as well as other information concerning the sending of e-mails (e.g. the participating providers) as well as the contents of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that e-mails are not sent encrypted on the Internet. As a rule, e-mails are encrypted by transport, but (unless an end-to-end encryption method is used) are not encrypted on the servers from which they are sent and received. We therefore cannot accept any responsibility for the transmission of the e-mails between the sender and the receipt on our server.

    Collection of access data and log files: We ourselves (or our web hosting provider) collect data for every access to the server (so-called server log files). The server log files may include the address and name of the retrieved websites and files, the date and time of the retrieval, the amount of data transferred, the notification of successful retrieval, the browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

    The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability.

  • Processed data types: content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: users (e.g. website visitors, users of online services).
  • Purposes of processing: Contractual services and services.
  • Legal bases: Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).


    • Services and service providers used:
  • 1&1 IONOS: Hosting platform for e-commerce / websites; Service providers: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy.


    • 10. Application procedure.

    The application process requires that applicants provide us with the data required for their assessment and selection. The information required is determined by the job description or, in the case of online forms, from the information provided there.

    In principle, the necessary information, information about the person, such as the name, address, a contact option and the proof of the qualifications required for a job. In response to inquiries, we are also happy to provide you with information.

    If provided, applicants can submit their applications to us using an online form. The data is transmitted to us in encrypted form according to the state of the art. Applicants can also send us their applications via e-mail. However, please note that e-mails are not sent encrypted on the Internet. Typically, e-mail is encrypted by transport, but not on the servers from which it is sent and received. We therefore cannot accept any responsibility for the transmission of the application between the sender and the receipt on our server.

    For the purposes of searching for applicants, submitting applications and selecting applicants, we may use third-party services in compliance with legal requirements, applicant management and recruitment software and platforms and services.

  • Types of data processed: applicant data (e.g. personal information, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, CV, certificates and other information on their person or qualification provided by applicants with a view to a specific job or voluntarily provided by applicants).
  • Persons concerned: Applicants.
  • Purposes of processing: application procedure (justification and possible subsequent implementation as well as possible subsequent termination of the employment relationship).
  • Legal bases: Art. 9 GDPR (application procedure as a pre-contractual or contractual relationship) (insofar as special categories of personal data within the meaning of Article 9(1) GDPR (e.g. health data, such as severely disabled or ethnic origin) are requested from applicants in the context of the application process, so that the person responsible or the data subject can exercise the rights he or she may have under labour law and social security law in this respect. , their processing is carried out in accordance with Art. b. GDPR, in the case of the protection of vital interests of applicants or other persons in accordance with Article 9(2) lit. c. GDPR or for health or occupational health purposes, for the assessment of the worker's ability to work, for medical diagnostics, for care or treatment in the health or social sector or for the management of health or social care systems and services in accordance with Article 9(2) of the year. i.e. GDPR. In the case of a communication of specific categories of data based on voluntary consent, their processing shall be carried out on the basis of Article 9(2) lit. a. GDPR).)


    • Services and service providers used:
  • Indeed: recruiting platform and services; Service provider: Indeed Ireland Operations Limited, 24 St. Stephen's Green, Dublin 2, Ireland; Website: https://de.indeed.com/; Privacy Policy: https://de.indeed.com/legal
  • LinkedIn: Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com/; Privacy Policy: https://www.linkedin.com/legal/privacy-policy
  • Stepstone: Recruiting platform and services; Service provider: StepStone Deutschland GmbH, Völklinger Straße 1, 40219 Düsseldorf, Germany; Website: https://www.stepstone.de; Privacy
  • Xing: Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.com; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.


    • 10.1 Application for a job offer.

    Headmatch and Headmatch Interim lists numerous job offers for other companies as part of their personnel service on their website. Applicants have the opportunity to apply for these vacancies via an online form, e-mail or telephone. The privacy policy set out in this Privacy Policy under item 10 applies.

    Deletion of data: The data provided by the applicants can be further processed by us in the event of a successful application for the purposes of recruitment. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. Applicants' data will also be deleted if an application is withdrawn, which candidates are entitled to do at any time. Subject to a justified revocation of the candidates, the cancellation shall take place at the latest after the expiry of a period of six months, so that we can answer any follow-up questions regarding the application and comply with our obligations to provide proof under the rules on equal treatment of candidates. Invoices for possible travel expenses are archived in accordance with the tax regulations.

    Optionally, applicants have the option to grant us permission to permanently store and include their data in our applicant pool as part of our permanent career advice. For more information, see point 10.2.

    10.2 Application for a permanent career advice.

    Headmatch and Headmatch Interim offers applicants the possibility of permanent career counselling. This includes in particular information about potentially attractive and suitable job offers and, in addition, telephone or personal advice on individual career goals.

    Deletion of data: When applying for a job advertisement, the default retention period is six months. If applicants are interested in an exchange of potentially interesting job offers, applicants can optionally grant permission for permanent storage (Art. 6 sec. 1 p. 1 lit. a GDPR). In this case, the data will be stored in the applicant pool for permanent career counselling until revocation. Applicants have the option of revoking their consent at any time (e.g. by e-mail to info@headmatch.de) and without giving reasons.

    10.3 Initiative application.

    We offer candidates the opportunity to apply on their own initiative via e-mail or telephone, or preferably via an online form on our website. The privacy policy set out in this Privacy Policy under item 10 applies.

    Deletion of data: The data provided by the applicants on their own initiative can be further processed by us in the event of a successful application for the purposes of recruitment. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. Applicants' data will also be deleted if an application is withdrawn, which candidates are entitled to do at any time. Subject to a justified revocation of the candidates, the cancellation shall take place at the latest after the expiry of a period of six months, so that we can answer any follow-up questions regarding the application and comply with our obligations to provide proof #under the rules on equal treatment of candidates. Invoices for possible travel expenses are archived in accordance with the tax regulations.

    Optionally, applicants have the option to grant us permission to permanently store and include their data in our applicant pool as part of our permanent career advice. For more information, see point 10.2.

    10.4 Application for a Position at the Headmatch GmbH & Co. KG / Headmatch Interim GmbH.

    For internal recruitment, we offer the possibility to apply directly for a position at Headmatch or Headmatch Interim on our website. Applicants have the opportunity to apply for these vacancies via an online form, e-mail or telephone. The privacy policy set out in this Privacy Policy under item 11 applies.

    Deletion of data: The data provided by the applicants can be further processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. Applicants' data will also be deleted if an application is withdrawn, which candidates are entitled to do at any time. Subject to a justified revocation of the candidates, the cancellation shall take place at the latest after the expiry of a period of six months, so that we can answer any follow-up questions regarding the application and comply with our obligations to provide proof under the rules on equal treatment of candidates. Invoices for possible travel expenses are archived in accordance with the tax regulations.

    Optionally, applicants have the option to grant us permission to permanently store and include their data in our applicant pool as part of our permanent career advice. For more information, see point 10.2.

    11. Newsletter and wide communication.

    We only send newsletters, e-mails and other electronic notifications (hereinafter "Newsletter") with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. For the rest, our newsletters contain information about our services and us.

    In order to subscribe to our newsletters, it is always sufficient if you provide your e-mail address. However, we may ask you to provide a name for personal address in the newsletter, or other information if required for the purposes of the newsletter.

    Double-opt-in procedure: The registration for our newsletter is basically done in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can log in with foreign e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation time as well as the IP address. The changes to your data stored by the shipping service provider will also be logged.

    Deletion and restriction of processing: We may store the e-mail addresses that have been processed for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense of claims. An individual request for cancellation is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a block list (so-called "blacklist") for this purpose alone.

    The registration procedure is logged on the basis of our legitimate interests for the purpose of proving its proper conduct. Insofar as we commission a service provider to send e-mails, this is based on our legitimate interests in an efficient and secure shipping system.

    Information on legal bases: The sending of the newsletters is based on the consent of the recipients or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of existing customer advertising. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to prove that it was conducted in accordance with the law.

    Content: Monthly updates on top candidates ("Kandiflash") and job profiles ("Stellenflash"), birthday congratulations, information about us, our achievements, promotions and offers.

    Success measurement: The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from our server when opening the newsletter from our server or, if we use a shipping service provider, from its server. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, are collected first.

    This information is used to improve the technical aspects of our newsletter on the basis of the technical data or the target groups and their reading behaviour on the basis of their polling locations (which can be determined by means of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor, if used, that of the shipping service provider to observe individual users. Rather, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

    The evaluation of the newsletter and the measurement of success are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purposes of the use of a user-friendly and secure newsletter system, which serves both our business interests and meets the expectations of the users.

    A separate revocation of the success measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled or must be contradicted.

  • Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times).
  • Affected persons: communication partners
  • Processing purposes: Direct marketing (e.g. by e-mail or postal).
  • Legal basis: consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).
  • Possibility of appeal (Opt-Out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consents or object to further receipt. You can either find a link to cancel the newsletter at the end of each newsletter or otherwise use one of the above-mentioned contact options, preferably e-mail.


    • Services and service providers used:
  • Newsletter2Go: email marketing platform; Service provider: Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany; Website: https://www.newsletter2go.com; Privacy Policy: https://www.newsletter2go.de/datenschutz/.


    • Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and using it for purposes other than sending newsletters. Newsletter2Go is a German certified provider selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act.
    For more information, please visit: https://www.newsletter2go.de/informationen-newsletter-empfaenger/

    12. Onlinemarketing.

    We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on potential interests of users and the measurement of their effectiveness.

    For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar methods are used by which the information relevant to the presentation of the aforementioned contents about the user is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, these can also be processed.

    The IP addresses of the users are also stored. However, we use available IP masking methods (i.e., pseudonymization by shortening the IP address) to protect users. As a general rule, the online marketing process does not store clear user data (such as e-mail addresses or names), but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

    The information in the profiles is usually stored in cookies or by similar procedures. These cookies can generally also be read out later on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing process provider.

    Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing procedures we use and the network connects the profiles of the users in the aforementioned information. We kindly ask you to note that users can make additional agreements with the providers, e.g. by consent in the context of registration.

    In principle, we only have access to aggregated information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract with us. Conversion measurement is used solely to analyze the success of our marketing efforts.

    Notes on legal basis: If we ask the users for their consent to the use of the third-party providers, the legal basis for the processing of data is the consent. Otherwise, the data of the users will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

    Facebook pixel: With the help of the Facebook pixel, Facebook is able to determine the visitors of our online offer as the target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we serve only to those users on Facebook and within the services of the partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that are apparent from the websites visited) that we transmit to Facebook (so-called "Audience"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads meet the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook ads for statistical and market research purposes by seeing if users have been redirected to our website after clicking on a Facebook ad (so-called "conversion measurement").

  • Processed data types: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end-user's terminal).
  • Affected persons: users (e.g. website visitors, users of online services), interested parties.
  • Purposes of processing: Tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, visit action evaluation, interest-based and behavioral marketing, profiling (creating user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (e.g. access statistics, detection of returning visitors), targeting (determination of target groups relevant for marketing purposes or other output of content), cross-device tracking
  • Security measures: IP masking (pseudonymization of ip address).
  • Legal basis: consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).
  • Possibility of opposition (opt-out): We refer to the data protection notices of the respective providers and the possible objections to the providers (so-called "opt-out"). Unless an explicit opt-out option has been specified, you may switch off cookies in your browser settings. However, this may limit the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary to specific areas: a) Europe: https://www.youronlinechoices.eu. (b) Canada: https://www.youradchoices.ca/choices. (c) USA: https://www.aboutads.info/choices. (d) Cross-territorial: http://optout.aboutads.info.


    • Services and service providers used:
  • Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags via a single interface (including Google Analytics and other Google marketing services in our online offering). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users' personal data, reference is made to the following information on the Google services. Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield:https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
  • Google Analytics: Online marketing and web analytics; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements: https://adssettings.google.com/authenticated.
  • Google Ads and Conversion Measurement: We use the online marketing method "Google Ads" to place ads on the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a suspected interest in the ads. We also measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a so-called "conversion tracking tag". However, we do not receive any information that can be used to identify users. Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield:https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
  • Facebook Pixel: Facebook pixels; Service providers: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-out: https://www.facebook.com/settings?tab=ads.


    • 13. Evaluation Platforms.

    We participate in evaluation procedures to evaluate, optimize and promote our services. If users evaluate us or otherwise provide feedback through the review platforms or procedures involved, the General Terms and Conditions of Use and the providers' privacy policy shall also apply. As a rule, the evaluation also requires registration with the respective providers.

    In order to ensure that the evaluating persons have actually used our services, we transmit with the consent of the customer the necessary data with regard to the customer and the service used to the respective rating platform (including name, e-mail address and order number or article number). This data is used solely to verify the authenticity of the user.

    Review widget: We include so-called "review widgets" in our online offer. A widget is a feature and content element integrated into our online offering that displays variable information. It can be represented e.g. in the form of a seal or comparable element, partly also called "badge". Although the corresponding content of the widget is displayed within our online offer, it is retrieved at this moment from the servers of the respective widget provider. Only in this way can the current content always be shown, especially the current evaluation. For this purpose, a data connection must be established from the website accessed within our online offer to the server of the widget provider and the widget provider receives certain technical data (access data, including IP address) that are necessary for the content of the widget to be delivered to the user's browser.

    In addition, the widgets provider receives information that users have visited our online offer. This information may be stored in a cookie and used by the widgets provider to identify which online offers participating in the evaluation process have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes.

  • Processed data types: contractual data (e.g. subject matter of the contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: customers, users (e.g. website visitors, users of online services).
  • Processing purposes: feedback (e.g. collecting feedback via online form), range measurement (e.g. access statistics, detection of returning visitors), visit action evaluation, interest-based and behavioural marketing, profiling (creating user profiles).
  • Legal bases: consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).


    • Services and service providers used:
  • kununu: reviews and widget; Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.kununu.com/de; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.


    • 14. Presences on Social media.

    We maintain online presences within social networks in order to communicate with the active users there or to offer information about us there.

    We would like to point out that users' data can be processed outside the European Union. This can create risks for users, as this could, for example, make it more difficult to enforce users' rights. With regard to U.S. providers that are certified under the Privacy Shield or offer similar guarantees of a secure level of privacy, we would like to point out that they are committed to complying with EU data protection standards.

    Furthermore, users' data within social networks are usually processed for market research and advertising purposes. For example, user profiles can be created based on the user behaviour and the resulting interests of the users. The user profiles can in turn be used to display advertisements inside and outside the networks, for example, which presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the user's usage behaviour and the interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

    For a detailed description of the respective processing methods and the opt-out, we refer to the data protection declarations and information of the operators of the respective networks.

    We would also like to point out that these can be asserted most effectively by the providers in the case of requests for information and the assertion of data subjects' rights. Only the providers have access to the data of the users and can take direct action and provide information. If you still need help, you can contact us.

  • Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: users (e.g. website visitors, users of online services).
  • Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, range measurement (e.g. access statistics, detection of returning visitors).
  • Legal bases: Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).


    • Services and service providers used:
  • Instagram: social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: http://instagram.com/about/legal/privacy.
  • Facebook: social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-out: Ad settings: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on the joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, privacy notice for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
  • LinkedIn: social network; Service providers: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Twitter: social network; Service providers: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/de/privacy, (Settings) https://twitter.com/personalization; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
  • YouTube: social network; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out: https://adssettings.google.com/authenticated.
  • Xing: social network; Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.


    • 15. Plugins and embedded functions as well as content.

    We incorporate functional and content elements from the servers of their respective providers (hereinafter referred to as "Third Parties") in our online offering. These may include graphics, videos, social media buttons, and posts (hereinafter referred to as "Content").

    The integration always presupposes that the third parties of this content process the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content or functions. We make every effort to use only those content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and may include, among other things, technical information about the browser and operating system, websites to be referenced, the time of visit as well as other information on the use of our online offer, as well as to be linked to such information from other sources.

    Notes on legal bases: If we ask the users for their consent to the use of the third-party providers, the legal basis for the processing of data is the consent. Otherwise, the data of the users will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: users (e.g. website visitors, users of online services).
  • Purposes of processing: provision of our online offer and user-friendliness, contractual services and service.
  • Legal basis: Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).


    • Services and service providers used:
  • Google Maps: We include the maps of the Google Maps service provided by Google. The processed data may include in particular IP addresses and location data of the users, which are not collected without their consent (usually carried out within the framework of the settings of their mobile devices). Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://maps.google.de; Privacy Policy: https://policies.google.com/privacy; Privacy Shield:https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active; Opt-out: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements: https://adssettings.google.com/authenticated.


    • 16. Deletion of data.

    The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permission is omitted (e.g. if the purpose of the processing of this data has ceased or they are not necessary for the purpose).

    Unless the data is deleted because it is necessary for other and legally permissible purposes, their processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

    Further information on the deletion of personal data can also be made within the framework of the individual data protection notices of this data protection declaration.