Your personal data in the application process
Information about data protection
We are pleased you have chosen to apply at our company. Transparent and trustworthy handling of your personal data is an important foundation for successful collaboration. We wish to inform you how we process your data and how you can exercise your rights according to the General Data Protection Regulation (GDPR). The information below offers an overview of the collection and processing of your personal data in connection with the application process. Please read this Data Protection Declaration carefully before submitting your application.
1. General information
a) Who is responsible for the data processing?
The controller as defined by Art. 4 (7) GDPR is:
disy Informationssysteme GmbH
Ludwig-Erhard-Allee 6, 76131 Karlsruhe
+49 (0)721 16006000
represented by: Claus Hofmann
b) How can you contact the data protection officer?
For questions about data protection you can contact our data security officer at the contact details above or by mail: firstname.lastname@example.org
2. What is personal data?
According to Art. 4 (1) GDPR, personal data is all data that refers to an identified or identifiable natural person.
3. Which data is used?
The following data and data categories are processed within the application process:
- Applicant master data (first name, last name, title, email address, telephone number, address, date of birth, citizenship)
- Qualifications data (cover letter, personal statement, resume, previous experience, professional qualifications and skills)
- Voluntary information, such as a photo, disability status or other information that you voluntarily share with us in your application or voluntarily upload
- Additional questions depending on the respective position (e.g. driver’s license, citizenship) • Communication between you and us as well as comments and evaluations concerning you that are created during your application process
- Other data / data categories, e.g. publicly accessible professional data such as profiles on professional social media networks like XING or LinkedIn
- Special categories of personal data: If you provide information in your application documents that falls into special categories of personal data as defined by Art. 9 (1) GDPR (e.g. information that implies your sexual orientation; information on your health; information that implies your ethnicity or religion), we will also process this data only within the legally permissible framework.
4. For what purposes do we process your data and on what legal basis?
a) Data processing for purposes of employment – Section 26 BDSG (German Data Protection Act)
Your personal data is used for purposes of selecting personnel to fill open positions, in other words for initiating a contract of employment. The necessity and the scope of data collection are determined according to the position to be filled, among other factors. More extensive data collection may be required if your desired position is associated with particularly confidential duties, entails significant responsibilities in the areas of human resources and/or finance, or requires certain physical and mental capabilities. The legal basis is Section 26 (1) German Data Protection Act (BDSG).
b) Consent – Art. 6 (1) (a) and Art. 9 (2) (a) GDPR, Section 26 (2) BDSG
If you have declared to us your consent for processing specific personal data, this consent then forms the legal basis for processing of this data.
In the following cases, we process your personal data on the basis of your consent:
- Inclusion in the candidate pool; in other words, we save your application documents after the current application process in order to consider you in subsequent application processes.
If we base data processing on your consent, you have the right to withdraw this consent at any time with future effect. Please inform us of this revocation by email to email@example.com. The legality of the processing of your data up to the time of revocation remains hereby unaffected.
c) Data processing based on a legitimate interest – Art. 6 (1) (f) GDPR
In certain cases, we process your data to safeguard a legitimate interest of ours or of third parties. A legitimate interest applies, for example, if your data is required for the establishment, exercise or defense of legal claims in connection with the application process (e.g. claims according to the General Equal Treatment Act). In the event of a legal dispute, we have a legitimate interest in processing the data for evidential purposes.
5. With whom is your data shared?
Your data is primarily processed by our Human Resources department. In some cases, other internal and external parties also participate in processing the data. Internal parties could be specialized areas or departments of our company.
Our external service provider is Prescreen International GmbH. Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna (hereafter “Prescreen”), operates the e-recruiting system Prescreen under the domain *.jobbase.io (hereafter “jobbase.io”), where companies can post job ads as well as receive and manage applications.
As part of these activities, Prescreen processes personal data solely on behalf of and for the purposes of disy Informationssysteme GmbH and is therefore considered a processor according to Art. 4 (8) GDPR.
Jobbase.io is the central platform for our applicant tracking. When using our online form, your personal data is entered directly into jobbase.io. When an application is submitted by post or email, your data may also be transferred to the e-recruiting system.
6. For how long is your data stored?
a) We store your personal data for as long as necessary for making the decision concerning your application. If you are not hired for the position in question, we may continue to store your data to the extent necessary for defending against possible legal claims. Your data will normally be deleted within three months after the end of the application process.
b) If you are not hired but you have granted us consent to save your data (“candidate pool”), we will store your data until revocation of your consent or for a maximum of two additional years. Where specifically justified, we may also store your data for a longer time period for the purpose of defending against possible legal claims.
c) If you retract your application before the end of the application process (in other words, if you delete your data and your account), the stored data will be restricted for the period of the continued application process and permanently deleted once three months have elapsed after the end of the application process.
d) If you are no longer using your candidate profile and have not granted consent for continued data storage in the candidate pool, the data will be deleted within three months after the end of the application process.
e) You can delete your candidate profile and your application documents, submit a deletion request or request a restriction of processing at any time.
7. What rights do you have in connection with the processing of your data?
a) You can request information on whether we are storing personal data concerning you. Upon your request, we will inform you of what data is involved, the purposes for which the data is processed, who the data is shared with, for how long the data will be stored and what other rights you have in relation to this data.
b) You also have the right to rectification or erasure of your data. You can also request that we make all personal data that you have shared with us available to you, another person or a company of your choice in a structured, commonly used and machine-readable format.
c) You also have the right not to be subjected to a decision based solely on automated processing (including profiling) that produces legal effects concerning you. Within the context of the application process, we do not use any exclusively automated processes for making decisions.
d) You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6 (1) (e) GDPR (data processing for reasons of public interest) or on Art. 6 (1) (f) GDPR (data processing for safeguarding of a legitimate interest), including profiling based on those provisions. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise or defense of legal claims.
e) You also have the right to lodge a complaint with the competent supervisory authority.
f) To exercise your rights, you can contact us by email firstname.lastname@example.org. We will process your requests as quickly as possible according to the statutory requirements and inform you of the measures we have taken or will take.
8. Are you obligated to provide your personal data?
The provision of personal data is required neither by law nor by contract, nor are you obligated to provide the personal data. However, the provision of personal data is required for conducting the application process. In other words: if you do not provide us with any personal data along with an application, we cannot conduct the application process.
9. What happens if you interrupt your online application?
You can interrupt the creation of your online application at any time and continue it later. The platform utilizes technically necessary cookies for this purpose. Data is transmitted to jobbase.io during the application process. In other words: data you have provided for creation of a user account and any uploaded documents are entered into jobbase.io. The data remains here if you interrupt and/or do not conclude an application. In this case, your application is marked as incomplete, but the data remains visible to our company, to a limited extent.
You can view, edit or update the data you have provided within the context of the online application at any time in your candidate profile.
If you make no further changes in your candidate profile, such as concluding an ongoing application, starting a new application or changing the data of an existing application, your data will be deleted within three months after completion of the last active application process.
You can submit a request for erasure of your candidate profile and your application documents at any time. After the request for erasure has been submitted, you will be informed of the exact erasure date, and your data will be automatically deleted according to the conditions established in this Data Protection Declaration.
10. Supplement to the Data Protection Declaration by Prescreen
disy Informationssysteme GmbH is not responsible for the data processing described below; the controller in this case is Prescreen:
Prescreen International GmbH
Mariahilfer Straße 17
If you have questions for Prescreen International GmbH concerning data protection law, please contact email@example.com.
a) Automated collection of usage data
When accessing the domain jobbase.io, your web browser automatically sends certain usage data for technical reasons. This information is stored separately from other data in log files. Prescreen collects the following information:
- Date and time as well as duration of the access
- Browser type/version
- Operating system
- URL of the previously visited web page
- Quantity of data transmitted
- A GeoIP lookup is performed based on your IP address (Internet Protocol address)
- Names of the accessed files
- http status code (e.g. “request successful”)
- URL of the accessed web page
- Access type (GET, POST)
This data is technically required in order to offer the functions of the e-recruiting system and to ensure the stability and security of the system. It is stored by Prescreen for a period of 12 months. Data that must be further retained for evidential purposes is excepted from the erasure until final clarification of the respective case. The legal basis for processing of the data is Art. 6 (1) (f) GDPR.
These serve for making the online application more user-friendly and efficient. The cookies are technically required in order to make this website available to you. It would not be possible to operate the website without using the cookies. There is therefore no option to refuse use of the cookies.
The legal basis for processing of the data is Art. 6 (1) (f) GDPR.
The following cookies are used by Prescreen:
|Provider||Cookie||Purpose||Duration of storage|
|Prescreen||PHPSESSID||This cookie serves identify the user during the use of Prescreen. The cookie is absolutely necessary for correct functionality of the website. The cookie is valid only until closing of the browser.||Until the browser window is closed (session cookie).|
|Prescreen||REMEMBERME||This cookie serves to restore an expired session. The cookie is absolutely necessary for correct functionality of the website.||The cookie is valid for 2 weeks.|