Your personal data in the application process


Information about the processing of your personal data as an applicant at Disy Informationssysteme GmbH

We hereby inform you about the processing of your personal data by Disy Informationsysteme GmbH and your entitled rights.


1. Who is responsible for the data processing and how do I contact the data security officer?

Responsible for the data processing according to Art. 4 no.7 General Data Protection Regulation (GDPR) is:

Disy Informationssysteme GmbH
Ludwig-Erhard-Allee 6
76131 Karlsruhe
Telefon: +49 721 16006 – 000
Telefax: +49 721 16006 – 05
E-Mail: info@disy.net

represented by: Claus Hofmann

You can contact our data security officer at the contact details above or by mail to datenschutz@disy.net.


2. For what purposes and on what legal basis is the data being processed?

The collection of this data takes place,

  • to identify you as an applicant;
  • to contact you;
  • to carry out the application process.

The data processing takes place on your request and serves according to Art. 6 para. 1 s.1 lit.b GDPR in conjunction with Art. 88 GDPR in conjunction with § 26 Bundesdatenschutzgesetz (BDSG) as well as all other relevant laws such as the Allgemeines Gleichbehandlungsgesetz (AGG), the appropriate processing of your application documents. Beyond that a consent according to Art. 6 para.1 s.1 lit.a, 7 GDPR in conjunction with Art. 88 GDPR in conjunction with § 26 para.2 BDSG can constitute a legal basis.

In the case of the processing of special categories of personal data pursuant to Art. 9 GDPR, this serves to exercise rights or to fulfil legal obligations arising from labour law, social security law or social protection. The legal basis here is Art. 9 para.2 lit.b GDPR in conjunction with Art. 88 GDPR in conjunction with § 26 para.3 BDSG.

Consent to the processing of special categories of personal data is possible on the basis of Art. 9 para.2 lit a, Art. 6 para.1 s.1 lit.a, 7 GDPR in conjunction with Art. 88 GDPR in conjunction with § 26 para.3, para.2 BDSG.

According to Art. 6 para.1 s.1 lit.f. GDPR, we have a legitimate interest in identifying you as an applicant.


3. Who receives my data?

Insofar as this is necessary for the handling of the application procedure with you, your personal data will be passed on within our company to persons and, if applicable, departments for examination; this includes, in particular, the personnel department and the specialist department.

We have commissioned third parties to support us in fulfilling our tasks. This includes, for example: IT service providers, job portals, Social-Media. The forwarded data may only be used by the third party for the agreed purposes. If an order processing exists, the contractors shall act on our behalf and in accordance with our instructions.

No further data will be passed on to third parties.


3.1 PreScreen

We use Prescreen International GmbH as an external service provider. Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna (hereinafter "Prescreen"), operates the e-recruiting system Prescreen under the domain * .jobbase.io (hereinafter "jobbase.io"), on which the company places job advertisements and applications receive and manage. In the context of these activities, Prescreen processes personal data only on behalf and for the purposes of disy Informationssysteme GmbH and is therefore a so-called processor within the meaning of Art. 4 No. 8 GDPR. Jobbase.io is the central platform for our applicant management. When you use our online form, your personal data is recorded directly in jobbase.io. Your data can also be transferred to the e-recruiting system in the case of a post or e-mail application.


4. Which data protection rights can I assert as an affected person?

You have the right:

  • in accordance with Art. 7 para.3 GDPR to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent for the future; if you wish to withdraw your consent , simply send an e-mail to datenschutz@disy.net. In the event of a withdrawal of consent, we may no longer be able to provide the agreed services or not to the desired extent;
  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right of rectification, deletion, limitation of processing or opposition, the existence of a right of adjustment, deletion, restriction of processing or objection, the right to complain, the source of your data, if they were not collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information on their details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or completion of personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us, except where the processing targets the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense against legal claims is required;
  • to request the restriction of the processing of your personal data pursuant to Art. 18 GDPR if the conditions set out in Art. 18 GDPR are met, and
  • in accordance with Art. 20 GDPR to receive your personal data that you have provided to us in a structured, standard and machine-readable format or to request the transfer to another person in charge.


5. Can I object to the processing of my personal data?

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para.1 s.1 lit.e or lit.f GDPR in accordance with Art. 21 GDPR. We will then no longer process your data unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

If you wish to exercise your right of objection, simply send an e-mail to datenschutz@disy.net. In the event of an objection, we may not be able to provide the agreed services anymore or not to the desired extent.


5. With whom is your data shared?

Your data is primarily processed by our Human Resources department. In some cases, other internal and external parties also participate in processing the data. Internal parties could be specialized areas or departments of our company.

Our external service provider is Prescreen International GmbH. Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna (hereafter “Prescreen”), operates the e-recruiting system Prescreen under the domain *.jobbase.io (hereafter “jobbase.io”), where companies can post job ads as well as receive and manage applications.

As part of these activities, Prescreen processes personal data solely on behalf of and for the purposes of disy Informationssysteme GmbH and is therefore considered a processor according to Art. 4 (8) GDPR.

Jobbase.io is the central platform for our applicant tracking. When using our online form, your personal data is entered directly into jobbase.io. When an application is submitted by post or email, your data may also be transferred to the e-recruiting system.


6. Do I have the possibility of complaint?

If you are of the opinion that the processing of your personal data by us is unlawful or if necessary for other reasons violates data protection law, you can complain to a supervisory authority. You may apply to a supervisory authority in the Member State in which you reside, your place of work or the place of suspected infringement.


7. How long will my personal information be stored?

Your personal data collected for the application process will be deleted after four months of sending a cancellation, unless we have given you the consent that we may keep your data longer, for example, for inclusion in a pool of applicants. Under certain circumstances, personal data may need to be stored for a period of time as we defend ourselves against asserted claims.


8. Will my personal information be transmitted to a third party country?

A transfer to a third party state will not take place.


9. Am I obliged to provide my data?

Should you, however, send us your application, you will initially provide us with your data on a voluntary basis. As part of the application process, it is also necessary for you to provide us with your data to ensure that the process is carried out correctly. Data processing for the purpose of initiating an employment relationship is legally regulated in § 26 para.1 s.1 BDSG in conjunction with § 26 para.8 s.2 BDSG. If you do not provide us with the data, we will unfortunately not be able to consider your application any further.


10. Do automated individual decisions or profiling measures take place?

There are no automated case-by-case decisions or profiling measures to fulfill the contractual obligations.


11. Supplement to the Data Protection Declaration by Prescreen

Disy Informationssysteme GmbH is not responsible for the data processing described below; the controller in this case is Prescreen:

Prescreen International GmbH
Mariahilfer Straße 17
A-1060 Vienna

If you have questions for Prescreen International GmbH concerning data protection law, please contact datenschutz@prescreen.io.

a) Automated collection of usage data

When accessing the domain jobbase.io, your web browser automatically sends certain usage data for technical reasons. This information is stored separately from other data in log files. Prescreen collects the following information: 

  • Date and time as well as duration of the access
  • Browser type/version
  • Operating system
  • URL of the previously visited web page
  • Quantity of data transmitted
  • A GeoIP lookup is performed based on your IP address (Internet Protocol address)
  • Names of the accessed files
  • http status code (e.g. “request successful”)
  • URL of the accessed web page
  • Access type (GET, POST)

This data is technically required in order to offer the functions of the e-recruiting system and to ensure the stability and security of the system. It is stored by Prescreen for a period of 12 months. Data that must be further retained for evidential purposes is excepted from the erasure until final clarification of the respective case. The legal basis for processing of the data is Art. 6 (1) (f) GDPR.


b) Cookies Prescreen uses cookies.

These serve for making the online application more user-friendly and efficient. The cookies are technically required in order to make this website available to you. It would not be possible to operate the website without using the cookies. There is therefore no option to refuse use of the cookies.

The legal basis for processing of the data is Art. 6 (1) (f) GDPR.

The following cookies are used by Prescreen:

Provider Cookie Purpose Duration of storage
Prescreen PHPSESSID This cookie serves identify the user during the use of Prescreen. The cookie is absolutely necessary for correct functionality of the website. The cookie is valid only until closing of the browser. Until the browser window is closed (session cookie).
Prescreen REMEMBERME This cookie serves to restore an expired session. The cookie is absolutely necessary for correct functionality of the website. The cookie is valid for 2 weeks.