Data Protection

Information on data protection regarding our processing of applicant data according to articles (art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR)

1. Office responsible for data processing and contact data

2. Purposes and legal foundation upon which we process your data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and other applicable data protection provisions. Details are provided in the following. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, the declaration of consent and other information provided to you.

2.1 Purposes for the fulfilment of a contract or pre-contractual measures (art. 6 section 1 b of the GDPR)

Your personal data are processed in order to process your application for a specific vacancy or as unsolicited application and, in particular, for the following purposes in this context: examination and assessment of your suitability for the position to be filled, performance and behavioral assessment to the extent permitted by law, possibly for the registration and authentication of your application via our website, possibly for the preparation of the employment contract, verifiability of transactions, orders and other agreements as well as quality control by means of appropriate documentation, measures for the fulfilment of the general duties of care, statistical evaluations for corporate management, travel and event management, travel booking and travel expense accounting, permissions and credential management, cost recording and controlling, reporting, internal and external communication, accounting and tax assessment of operational services (e.g. canteen food), accounting via corporate credit card, occupational safety and health protection, contract-related communication (including arrangements of appointments) with you, assertion of legal claims and defense in the event of legal disputes; ensuring IT security (system or plausibility tests, among others) and general security, including building and plant security, securing and exercising domestic authority by means of appropriate measures, e.g. by means of video surveillance for the protection of third parties and of our employees as well as for the prevention of criminal offences and the preservation of evidence in case of criminal offences; guaranteeing the integrity, prevention and investigation of criminal offences; authenticity and availability of the data, control by supervisory bodies or supervisory authorities (e.g. auditing).

2.2. Purposes within the framework of a legitimate interest on our part or of third parties (art. 6 section 1 f of the GDPR)

Above and beyond the actual fulfilment of the (pre-) contract, we process your data whenever this is necessary to protect the legitimate interests of our own or of third parties. Your data are only processed if and insofar as no overriding interests on your part mitigate against a respective processing, in particular for the following purposes: measures for the further development of existing systems, processes and services; comparison with European and international anti-terrorist lists, insofar as this goes beyond the legal obligations; enrichment of our data, e.g. by using or researching publicly accessible data, to the extent necessary; benchmarking; development of scoring systems or automated decision-making processes; building and plant security (e.g. by means of access controls and video surveillance), insofar as this goes beyond the general duties of care; internal and external investigations, safety reviews;

2.3 Purposes within the frame of your consent (art. 6 section 1 a of the GDPR)

Your personal data can also be processed for certain purposes (e.g. for obtaining references from previous employers or for using your data for future vacancies) as a result of your consent. As a rule, you can revoke this consent at any time. You shall be informed separately about the consequences of revocation or refusal to provide consent in the respective text of the consent. Generally speaking, the revocation of a consent only applies for the future. Processing that takes place prior to the revocation shall not be affected by this and remains lawful.

2.4 Purposes relating to the adherence of statutory requirements (art. 6 section 1 c of the GDPR) or in the public interest (art. 6 section 1 e of the GDPR)

Just like everyone who takes an active part in economy, we are also subject to numerous legal obligations. These are primarily statutory requirements (e.g. Works Constitution Act, German Code of Social Law, commercial and tax laws), but also, if applicable, supervisory or other requirements set out by government authorities (e.g. employer´s liability insurance association). The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g. comparison with European and international anti- terror lists), the occupational health management, ensuring occupational safety, compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the enforcement of civil law claims.

3. The categories of data that we process as long as we do not receive data directly from you, and its origin

If necessary for the contractual relationship with you and the application submitted by you, we may process data which we lawfully receive from other offices or other third parties. In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as, for example, commercial and association registers, civil registers, the press, Inter- net and other media) if this is necessary and if we are allowed to process this data in accordance with the statutory provisions.

• Relevant personal data categories may in particular be:
  address and contact data (residential registration data and comparable data, such as e-mail address and telephone number);
• information about you on the internet or in social networks;
• video data.

4. Recipients or categories of recipients of your data

At our company, your data is received by those internal offices or organizational units that need your data to fulfil our contractual and statutory obligations (such as managers and supervisors looking for a new employee or persons involved in the decision on staffing, accounting department, company doctor, occupational safety, employee representative committee etc.) or that require your data within the framework of processing and implementing our legitimate interests. Your data is disclosed/passed on to external offices and persons solely

• for purposes where we are obliged or entitled to give information, notification or forward data (e.g. fiscal authorities) in order to meet statutory requirements or where the forwarding of data is in the public interest (see number 2.4);• to the extent that external service providers commissioned by us process data as contract processors or parties that assume certain functions (e.g. credit institutions, external data centers, travel agencies/travel management, printing plants or companies for data disposal, courier services, the post office, logistics);
• as a result of our legitimate interest or the legitimate interest of the third party within the framework of the purposes mentioned under number 2.2 (e.g. to government authorities, credit agencies, attorneys, courts of law, appraisers, companies belonging to company groups and bodies and supervisory authorities);
• if you have given us your consent to transmit the data to third parties.

We shall moreover refrain from transmitting your data to third parties if we have not informed you separately of this.

If we commission service providers, your data will be subject to the security standards stipulated by us in order to adequately protect your data. In all other cases, the recipients may only use the data for purposes for which the data has been transmitted to them.