Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Dear applicant,    


we want you to feel comfortable about the protection of your personal  data in the course of your work and application. We take the protection of your  personal data very seriously. Compliance with German and European data  protection regulations is a matter of course for us. As a result, the  protection of your personal data is our top priority. In accordance with the  requirements of the General Data Protection Regulation (GDPR) and the Federal  Data Protection Act (BDSG), we hereby inform you about the processing of  personal data collected about you and your rights.  

    

As an employee, you should be aware that we as an employer process some of your personal data and are in most cases legally or contractually obliged to do so. With the following information, we would like to inform you about how we handle your personal data in detail:

  • Name and contact details of the controller

Responsible for the processing of your personal data within the scope of the employment relationship is the

Ecovacs Europe GmbH

Holzstraße 2

40221 Düsseldorf

Deutschland

Contact:

Phone: +49 (0) 211 5380 4300

Fax: +49 (0) 211 5380 4301

E-Mail: info@ecovacs-europe.com

  • Contact details of the data protection officer

The designated data protection officer is

DataCo GmbH

Dachauer Str. 65

80335 München

datenschutz@dataguard.de

Tel.: +49 (0) 89 7400 45840

www.dataguard.de

  • Processing of personal data

 Evidence of school,  university and professional qualifications, e.g. certificates 

 


b. Data processing purposes

Within the framework of the employment relationship, your personal data will be processed for the following purposes:

  • Implementation  of pre-contractual measures (initiation of the employment relationship) 
  • Establishment, implementation and termination of the employment relationship
  • Accounting for your expenses and remuneration (in particular the preparation of expense calculations and pay slips)
  • Documentation of your employment relationship (especially in our personnel file)
  • Communication (telephone, e-mail, video conferences)
  • Fulfilment of our employment contract, legal, collective agreement. Wage tax or social security obligations
  • Assertion, exercise or defence of legal claims arising from the employment relationship
  • Archiving for the protection of our legal claims and compliance with statutory retention obligations even after the end of the employment relationship
  • Data destruction and deletion after the purpose of archiving no longer applies.  

c. Legal basis of data processing

Processing on the basis of consent - Art. 6 (1) (1) lit. a GDPR in conjunction with Art. 7 GDPR, Art. 88 (1) GDPR in conjunction with § Section 26 (2) BDSG

If you consented to the processing, your data will be processed in accordance with Art. 6 (1) (1) lit. a GDPR in conjunction with Art. 7 GDPR, Art. 88 (1) GDPR in conjunction with § Section 26 (2) BDSG. Example for this is often consent to the publication of names and/or photos on the Internet/Intranet/flyers/etc. 

Establishment, implementation and termination of the employment relationship, Art. 88 (1) GDPR in conjunction with Section 26 (1) BDSG, Art. 6 (1) (1) lit. b GDPR

We process your data for the purpose of establishing, implementing and terminating the employment relationship.  Required for the employment relationship are usually name and address for the employment contract. 

Legal obligations - Art. 6 (1) (1) lit. c GDPR

Where necessary, we are legally obliged to process your personal data. The legal basis for data processing in this case is Art. 6 (1) (1) lit. c GDPR. Our legal obligations arise in particular from the following regulations:

  • Section 312 of the Social Code III (SGB III) - Certificate of employment vis-à-vis the Federal Employment Agency
  • Section 28a of the Social Code IV (SGB IV) - Duty to register with the authorities
  • Section 198 Social Code V (SGB V) - Obligation to register with authorities for employees subject to compulsory insurance 
  • Section 16(2) Working Hours Act (ArbZG) - Recording of working hours
  • Sections 49, 50(2) Youth Employment Protection Act (JArbSchG) - information and submission of records to authorities
  • Section 17 Minimum Wage Act (MiLoG) - Recording of working hours
  • Section 27 Maternity Act (MuSchG) - Obligation to notify and keep records to supervisory authorities
  • Section 17c Temporary Employment Act (AÜG) - preparation and keeping available of documents 
  • [please specify any other legal obligations to which you are subject].

Processing on the basis of legitimate interest - Art. 6 (1) (1) lit. f GDPR

Insofar as the processing is carried out to protect a legitimate interest of us or a third party and your interests or fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 (1) (1) lit. f GDPR serves us as the legal basis for the data processing. Our legitimate interest results in particular from the following reasons:

  • assertion, exercise or defence of legal claims
  • in the context of personnel, IT or other matters 

Processing of special categories of personal data for the exercise of rights pursuant to Art. 6 (1) (1) c GDPR, Art. 9 (2) lit. b GDPR, Art. 88 (1) GDPR in conjunction with Section 26 (3) BDSG.

Insofar as the processing of special categories of personal data is necessary so that we can fulfil the rights and obligations arising from labour law, social security law and social protection, your data will be processed in accordance with Art. 9 (2) lit. b GDPR, Art. 88 (1) GDPR in conjunction with Section 26 (3) BDSG.

Processing of special categories of personal data on the basis of your consent pursuant to Art. 9 (2) lit. a GDPR

If you have consented to the processing of special categories of personal data, such as health data, religious affiliation or nationality, your data will be processed in accordance with Art. 9 (2) lit. a GDPR.

Processing of special categories of personal data that have been made public - Art. 9 (2) lit e GDPR 

Insofar as special categories of personal data are processed which you have obviously made public, your data will be processed in accordance with Art. 9 (2) lit. e GDPR.

 

Processing for the purpose of asserting, exercising or defending legal claims or in the case of acts of the courts - Art. 9 (1) lit. f GDPR

Where necessary, your data will be processed for the purpose of asserting, exercising or defending legal claims or in the case of acts of the courts. 

Processing of special categories of personal data for the purposes of preventive health care, occupational medicine or assessment of the employee's ability to work - Art. 9 (2) lit. h GDPR

Insofar as special categories of personal data are processed for the purposes of preventive health care, occupational medicine or for the assessment of the employee's ability to work, your data will be processed in accordance with Art. 9 (2) lit. h GDPR.

  • Recipients or categories of recipients of the personal data

In the course of processing your personal data, we may disclose your personal data to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law. External recipients of your personal data are in particular:

  • Banks
  • Authorities (e.g. tax offices, Federal Employment Agency, job centres, pension insurance institutions, courts)
  • Health insurance companies
  • Affiliated companies
  • Payroll offices
  • Tax consultants
  • Attorneys
  • Processors such as agencies and software providers for video streaming or video conferencing

The transfer of data to the above-mentioned recipients takes place for accounting purposes, for the fulfilment of our contractual, legal, collective bargaining or social security obligations and for the assertion of legal claims. The data will also be transferred to the following order processors: the data controller, the data processor, the data processor of the data subject, the data processor of the data subject, the data processor of the data subject, the data processor of the data subject. 

 In addition, your data will be transferred to the following processors: 

- Personio

  • Transfer of personal data to a third country

Your personal data will not be transferred to third countries outside the European Union or the European Economic Area and this is not planned.

In principle, the personal data collected and generated during the provision of relevant products and services are stored on our servers in the European Union. As the providers of our software solutions, among others, offer their products and/or services on a global basis based on available resources and servers, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. In particular, personal data will be transferred to the third country China und the US within the meaning of Art. 15 (2) GDPR. In order to ensure the necessary level of protection in the event of data transfer to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognised as providing an adequate level of data protection. In order to ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by our service providers is carried out on the basis of appropriate guarantees pursuant to Art. 46 et seq. GDPR, in particular by concluding so-called standard contractual clauses pursuant to Art. 46 (2) lit. c GDPR.

  • Duration of the storage of personal data

We will delete your personal data as soon as the purposes for storing it mentioned in section 3 no longer apply, you object to the use of your personal data (see section 9) or you withdraw your consent. However, your personal data may also be stored beyond this, in particular in the following cases:

 

  • if there are still outstanding obligations from the contractual relationship
  • if a deletion conflicts with contractual, legal (in particular from HGB, StGB and AO) or statutory retention periods 
  • for the assertion, exercise or defence of legal claims 
  • if this is required under European or national law to fulfil a legal obligation to which we are subject.

The following storage periods in particular result for us from statutory provisions:

  • §§ 199 German Civil Code (BGB) -30 years (documents relating to liability cases).
  • § 18a Occupational Pensions Act (BetrAVG) - 30 years (documents relating to occupational pensions.
  • Section 147 (1), (3) of the German Fiscal Code (AO) - up to 10 years (documents relevant to taxation, travel plans for business trips) 
  • Section 257, subsection 1, no. 1, subsection 4, Commercial Code (HGB) - 10 years (payroll records) 
  • Section 41, subsection 1, Income Tax Act (EStG) - 6 years (salary accounts, travel expense reimbursements)
  • Section 28f Social Security Code IV (SGB IV) - 5 years (remuneration records with reference to social security) 
  • Section 13 First Ordinance on the Implementation of the Home Work Act (HAGDV 1)) - 3 years (home work remuneration records) 
  • Section 7 (2) Temporary Employment Act (AÜG) - 3 years (temporary employment - business records of the hiring agency)
  • Section 16 (2) Working Hours Act (ArbZG) - 2 years (working time records)
  • Section 50 (2) Youth Employment Protection Act (JArbSchG) - 2 years (records)
  • Section 17 (1) Minimum Wage Act (MiLoG) - 2 years (working time in the case of minimum wages under the Minimum Wage Act)
  • Section 27 (5) Maternity Act - 2 years (maternity protection records)

  

Your data will be stored on a restricted basis if the storage is solely for the purpose of fulfilling a retention obligation. 


  • Data Subject Rights

You have the following rights under the GDPR:

  • If your personal data is processed, you have the right to obtain information from the controller about the data stored about you (Article 15 GDPR).
  • If inaccurate personal data is processed, you have the right to rectification (Article 16 GDPR).
  • If the legal requirements are met, you may request the erasure or restriction of processing (Art. 17 and 18 GDPR).
  • If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have the right to data portability (Art. 20 GDPR).
  • If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. 
  • Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information. You can reach this authority at

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf

Telefon: 0211/38424-0

Fax: 0211/38424-999

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) GDPR (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller) and Art. 6 (1) (f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data), Art. 21 (1) GDPR. This also applies to profiling based on this provision within the meaning of Art. 4 (4) GDPR.   

 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

 

The objection can be made without any formalities.

  • Right to withdraw consent

If you consented to the processing by the data controller, you can withdraw your consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until the withdrawal is not affected by this.

  • Obligation to provide the data

You are obliged to provide your data. This obligation arises from ... (law, e.g., § 14 UstG, § 6 IfSG or contract).

If you do not provide the required data

  • the contract with you cannot be concluded

The decision-making process is automated. 




  • Sources of the data

We use data that you provide to us for the purpose of the employment relationship. 

This includes, but is not limited to, information about your identification (such as your name and contact details), your qualifications (educational, academic and professional), your position and attendance with us, to document your employment (such as your personnel file), to account for your expenses and pay (such as your bank details, expense claims and payslips) and to comply with reporting obligations in connection with the employment (such as your health insurance, national insurance number and tax identification number).

Other sources: 

We also receive some data from other sources as required by law. Example: By providing your tax identification number, we retrieve your current wage and church tax characteristics from the tax authorities.



    
Legal entities in Europe
    
Zoom; Slack

                  


   
 
This information must be provided before the intended further processing.
 
The purpose of a processing operation regularly results from the information in the processing directory and from the data collection form.
 
This information obligation applies to cases where the public sector body subsequently intends to further process the data for a purpose other than that stated at the time of collection. It does not apply if the data are transferred to a third party for the same purpose as stated at the time of collection.
 
    If the data are transferred to a  third party or another data controller at the latter's request, the recipient  may be obliged to provide information.

           

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.