HomePrivacy & Security

Privacy & Security

General note and mandatory information

Responsible entity

The company responsible for processing your data is G&H Bankensoftware AG, Hohenzollerndamm 150, 14199 Berlin. You can reach us by e-mail at kontakt@bancos.com and at the contact details given in the imprint.

Data protection officer

You can reach our data protection officer at: datenschutzbeauftragter@bancos.com or at our postal address with the addition “Data Protection”.

Collection and use of your data

In this data protection information we inform you

which data we process when you visit our website
which data we process from interested parties, customers and other business partners,
which data we process from applicants.

Your data protection rights

You have the following rights regarding the personal data concerning you:

Right to information according to Art. 15 DSGVO
Right to rectification according to Art. 16 DSGVO
Right to erasure according to Art. 17 DSGVO
Right to restriction of processing according to Art. 18 DSGVO
Right to data portability according to Art. 20 DSGVO

To assert your rights, please contact us at the above contact details of our data protection officer.

Right of objection

Insofar as we base our data processing on a legitimate interest pursuant to Art. 6 para. 1 p.1 lit. f) DSGVO, you have the right to lodge a justified objection to the processing of your personal data in question at any time. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (objection under Art. 21 (1) DSGVO).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Article 21 (2) DSGVO).

The objection is free of charge and can be made form-free, if possible to the e-mail address datenschutzbeauftragter@bancos.com.

Revocation of your consent

If data processing is based on your consent, you as the data subject have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can send your revocation to datenschutzbeauftragter@bancos.com or to the contact details above.

Right to submit a complaint to the responsible supervisory authority

In accordance with Art. 77 DSGVO, you can contact a data protection supervisory authority if you believe that we are not processing your data properly. The Berlin Commissioner for Data Protection and Freedom of Information (https://www.datenschutz-berlin.de/) is responsible for our company.

Obligation to provide data

The provision of personal data is always voluntary. However, their provision is required for certain processing operations, as otherwise we will not be able to process your request.

Consequently, if the provision of personal data is mandatory (e.g. for order processing or to provide certain functions of the website), no right of objection can be asserted.

Where possible, for example in contact or order forms, we use optional fields and mandatory fields. Mandatory fields are marked as such. Data from mandatory fields contain information that we absolutely need, for example, to process your inquiry, to create your account or to send you information. Which data this specifically concerns can be seen from the respective input forms.

Data processing when visiting our website

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.

Usage data

When you access and use our website for purely informational purposes, our system automatically collects data and information that your browser transmits to our server (usage data). Depending on the configuration of the browser or the calling computer, this may be the following data, for example:

Pages visited on our domain
Date and time of the server request
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
IP address
Amount of data transferred in each case

The data is temporarily stored in the log files on the web server. This data is not merged with other data sources.

The processing of this technically necessary information is carried out to provide the website and to ensure the security of our information technology systems. In these purposes also lies our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO (legitimate interest).

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of the data in log files, this is the case after one month at the latest, insofar as no retention for evidentiary purposes is required. In this case, the data is exempt from deletion in whole or in part until the incident has been clarified.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the website user to object.

Storage of data on your device

Our website uses cookies and cookie-like technologies, hereinafter referred to as “cookies”.

Some functions of our website cannot be offered without the use of cookies (technically necessary cookies, essential cookies). The legal basis for the use of technically necessary cookies (“essential”) is Section 25 (2) No. 2 TTDSG. Insofar as personal data is processed with these cookies, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest is to provide you with our website and offers as well as to set cookies according to your preferences.

In addition, we use cookies that are not technically necessary. The legal basis for the use of these cookies is Section 25 (1) TTDSG. Insofar as personal data is processed with these cookies, the legal basis is your consent pursuant to Art. 6 para. 1 lit. a) DSGVO.

To obtain your consent, we use the cookie consent banner service “CCM19” of Papoo Software & Media GmbH. For the purpose of obtaining and documenting your consent, CCM19 in turn sets cookies itself. These are technically necessary according to § 25 para. 2 no. 2 TTDSG, the data processing is based on our legitimate interests for the above purposes according to Art. 6 para. 1 lit. f) DSGVO.

By means of selection via the sliders in the Cookie Consent banner, you can decide for yourself which non-technical cookies you would like to allow. You can revoke your consent at any time. You can do this by making the appropriate settings in the Consent banner. You can access the Consent Banner via the CCM19 widget, which is located at the bottom left of all pages on our website.

Use of third-party providers/third-party requests

When using the website, certain data may be passed on to third parties. This works via so-called third-party requests. When activating the tools, data may be transmitted from you to these third parties. The following third-party requests are made when you visit our website:

Use of etracker

To analyze and optimize our website, we use the etracker service provided by etracker GmbH (Germany). The data generated by etracker is processed on our behalf by etracker exclusively in Germany. The data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, combination with other data or transfer to third parties takes place.

Further information on data protection at etracker can be found here:

https://www.etracker.com/datenschutz/

https://www.etracker.com/datenschutzerklaerung/

Use of Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Through this service, website tags can be managed via an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user’s IP address is transmitted to Google to establish the connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.

We use the Google Tag Manager on the basis of your consent pursuant to Art. 6 (1) lit. a DSGVO, which you can control via the cookie consent service we use (see “Storage of data on your device”).

Since there is a transfer of the IP address to Google in the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.

Use of Google Advertising and conversion tracking

On our websites, we integrate the “Google Ads” service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purposes and legal basis

We use the service on our websites to be able to measure how successful our advertisements placed via Google Advertising are. For this purpose, we track the interaction of website visitors with the advertisements and their subsequent use of our websites. This involves tracking the conversion of an advertisement into an action by the website visitor (conversion tracking) with the aim of controlling and optimizing our online marketing measures.

If an ad placed by us via “Google Ads” is displayed on other websites or if you click on it, these other websites will store a tracking cookie with a pseudonym assigned to us in your device based on your consent given there. If you subsequently visit our websites within the storage period of this cookie, this cookie will be read.

In addition, when you visit our websites, other pseudonymous cookies are stored in your device in order to track your page views and interactions with our websites.

In this way, Google can determine for us that you were shown an advertisement placed by us, whether you clicked on it and subsequently visited our websites, as well as how you subsequently used our websites, if applicable.

When using Google Ads, the following types of data in particular are collected and processed.

Data of the web page visit:

IP address
timestamp
Time zone

Data of the terminal device used for the web page visit:

Hardware characteristics of the device
Information about the operating system
Information about the web browser used
Language settings of the device
Pseudonymous recognition feature of the device

Data on the displayed advertisement:

Data on the website on which the ad was displayed
Click of the website visitor on the advertisement

Data on the usage behavior of our websites:

Web pages visited
Duration and number of visits
mouse movements
click path
Successful implementation of defined target action of the website visitor (conversion)

From this information, Google creates statistics for us, from which we can see how many users have responded to our advertisements and in what way. Based on these statistics, we can optimize the effectiveness of our advertising campaigns and control our advertising strategy.

The legal basis for the integration and use of the service is your consent, provided you have given this via our cookie consent service. The integration is technically carried out via the Google Tag Manager (see corresponding section above).

The use of cookies and similar technologies is based on Section 25 (1) TTDSG. The subsequent data processing is based on Art. 6 para. 1 p. 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. You can do this by making the appropriate settings in the consent banner. You can access the consent banner via the CCM19 widget, which is located at the bottom left of all pages on our website.

Data processing in third-party countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries without an adequate level of data protection, in particular in the USA.

If your data is transferred to third countries, there is a risk that authorities there may access your data for security and monitoring purposes without you being informed or being able to appeal.

To ensure an adequate level of data protection when transferring your data to third-party countries, standard data protection clauses are concluded by the European Commission in accordance with Art. 46 Para. 2 lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses alone are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to safeguard the transfer of data. Furthermore, it is regularly reviewed and evaluated whether these additional measures continue to ensure a sufficient level of data protection or whether further supplementary measures may need to be taken.

Storage duration

Through the integration of the service on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes.

Recipient

As part of the use of the service, the data collected via our websites will be transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,

Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In principle, we have no influence on further data processing by the third-party provider.

Further information on the handling of personal data by Google can be found at: https://www.google.com/policies/technologies/ads/, https://www.google.de/policies/privacy/.

Use of Microsoft Advertising and conversion tracking

On our websites, we integrate the “Microsoft Adversiting (Bing Ads)” service of Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Irland.

Purposes and legal basis

We use the service on our websites to be able to measure how successful our advertisements placed via Microsoft Advertising are. For this purpose, we track the interaction of website visitors with the advertisements and their subsequent use of our websites. This involves tracking the conversion of an advertisement into an action by the website visitor (conversion tracking) with the aim of controlling and optimizing our online marketing measures.

If an ad placed by us via “Microsoft Advertising” is displayed on other websites or if you click on it, these other websites will store a tracking cookie with a pseudonym assigned to us in your device based on your consent given there. If you subsequently visit our websites within the storage period of this cookie, this cookie will be read.

In addition, when you visit our websites, other pseudonymous cookies are stored in your device in order to track your page views and interactions with our websites.

In this way, Microsoft can determine for us that you were shown an advertisement placed by us, whether you clicked on it and subsequently visited our websites, as well as how you subsequently used our websites, if applicable.

When using Microsoft Advertising, the following types of data in particular are collected and processed.

Data of the web page visit:

IP address
timestamp
Time zone

Data of the terminal device used for the web page visit:

Hardware characteristics of the device
Information about the operating system
Information about the web browser used
Language settings of the device
Pseudonymous recognition feature of the device

Data on the displayed advertisement:

Data on the website on which the ad was displayed
Click of the website visitor on the advertisement

Data on the usage behavior of our websites:

Web pages visited
Duration and number of visits
mouse movements
click path
Successful implementation of defined target action of the website visitor (conversion)

From this information, Microsoft creates statistics for us, from which we can see how many users have responded to our advertisements and in what way. Based on these statistics, we can optimize the effectiveness of our advertising campaigns and control our advertising strategy.

The use of cookies and similar technologies is based on Section 25 (1) TTDSG. The subsequent data processing is based on Art. 6 para. 1 p. 1 lit. a GDPR.

Data processing in third-party countries

If your data is transferred to third countries, there is a risk that authorities there may access your data for security and monitoring purposes without you being informed or being able to appeal.

Storage duration

Through the integration of the service on our websites, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes.

Recipient

As part of the use of the service, the data collected via our websites will be transmitted to the following recipients:

Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,

Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

In principle, we have no influence on further data processing by the third-party provider.

Further information on the handling of personal data by Microsoft can be found at: https://privacy.microsoft.com/de-de/privacystatement

Use of LinkedIn Lead-Gen forms

We use the Marketing Solutions product of LinkedIn Corporation, 1000 W Maude, Sunnyvale, CA 94085, USA and its representative in the Union LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: LinkedIn).

In doing so, LinkedIn transmits personal data to us with the help of a form (so-called LinkedIn Lead Gen Forms). Lead Gen Forms are forms pre-filled with LinkedIn profile data that allow members to submit their data, which is publicly visible in the network, with just a few clicks. Requests generated through the forms are submitted to our CRM Zoho (see section “Processing of inquiries). These are usually:

First and last name
E-mail address
Company name

Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.

For more information on the collection and storage of data by LinkedIn, please visit http://www.linkedin.com/legal/privacy-policy.

In the event that cookies are set, we process the personal data in order to reach relevant target groups with appropriate advertising measures and to create analyses. The relevant legal basis for this processing is Art. 6 (1) lit. f of the GDPR. You can prevent the collection as well as the processing of your personal data by LinkedIn by preventing the storage of third-party cookies on your computer, using the “Do Not Track” function of a supporting browser, disabling the execution of script code in your browser or installing a script blocker such as NoScript (www.noscript.net) or Ghostery (www.ghostery.com) in your browser.

You can deactivate the use of your personal data by LinkedIn using the following link: LinkedIn Opt-Out.

Information for interested parties, customers and other business partners

Processing of inquiries

Interested parties, customers, suppliers and other business partners have the opportunity to contact us via the communication channels provided on our website (contact form, e-mail, telephone, fax). For efficient data processing, i.e. to support our sales and communication processes, we use a CRM solution and have integrated CRM services into our website. In particular, we process the following information:

Professional contact information (e.g. name, contact address, telephone number, e-mail address),
Payment data (information required to process payment transactions, including credit card information and card verification numbers).
Information that is permissibly collected from publicly available sources, information databases or credit reporting agencies,
other personal data that you provide to us and that arise in the course of contract processing (e.g. orders placed, inquiries made order details/history, project details, correspondence and other data about the cooperation.

Purposes and legal basis

We process the data provided by you for the purpose of initiating, establishing and processing contractual and delivery relationships.

The legal basis for processing the personal data of our B2B partners for the purpose of fulfilling our contractual obligations is Art. 6 (1) lit. f) DSGVO (legitimate interests). In the case of sole traders or other individuals, we rely on the legal basis pursuant to Art. 6 (1) b) DSGVO (performance of contract).

Where necessary, we process your data beyond the actual performance of the contract to protect legitimate interests, e.g. assertion of legal claims and defense in legal disputes. The legal basis in these cases is Art. 6 para. 1 lit. f DSGVO.

In addition, we process personal data for the fulfillment of statutory retention obligations (e.g. from commercial and tax law) pursuant to Art. 6 (1) lit. c DSGVO in conjunction with the respective legal standard.

We also process the aforementioned data to carry out direct marketing measures (see point Direct marketing).

If the processing is based on Art. 6 (1) f) DSGVO, you can object to the data processing (see right of objection). In such a case, communication with you cannot be continued. Your data will be deleted, provided that there are no legal retention obligations to the contrary.

Storage duration

We store the aforementioned personal data for as long as is necessary to process inquiries or to carry out the contractual relationship. The data will be deleted after the purpose has been fulfilled or earlier if you object to the processing or request us to delete the data. This does not apply to data that we are not yet allowed to delete due to legal obligations (e.g. documents that must be kept according to tax or commercial law) and data that is required to safeguard legitimate interests, for example to assert claims. This data is then blocked and is no longer available for further use.

Recipient

To provide our services, we use the service provider Zoho Corporation GmbH, Trinkausstr. 7, 40213 Düsseldorf, Germany (hereinafter “Zoho”). We base the use of the service provider on Art. 6 para. 1 lit f) DSGVO, our legitimate interest is to be supported efficiently and at the same time to reduce our own effort for the provision of IT systems. The data processing is generally carried out within the EU. We have concluded a data protection agreement with the service provider in accordance with Art. 28 DSGVO.

Online meetings and project work

For online meetings, video conferences, telephone conferences and location-independent project work (hereinafter “online meetings”) with customers, partners and other external persons, we use Microsoft Teams.

When using Microsoft Teams, various data are processed. The scope of the data also depends on the data you provide before or during participation in a digital meeting. The following personal data are subject to processing:

User details: e.g. display name, e-mail address, profile picture.
Meeting metadata: e.g., date, time, meeting ID, phone numbers, location
Text, audio and video data: you may have the option to use the chat function in a digital meeting. To this extent, the text entries you make are processed in order to display them in the digital meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can turn off or mute the camera or microphone yourself at any time via the Microsoft Teams applications.
As part of project work, it is possible to share project content in various file formats (e.g. Word, PDF) and make it visible to all members of the respective team.
As a matter of principle, there is no recording of digital meetings. If we want to record online meetings, we will transparently communicate this to you in advance and ask for your consent. You will also see the fact of the recording in the Teams app or in the web browser view.

Purposes and legal basis

Personal data is processed on the basis of legitimate interests (Art. 6 (1) p. 1 lit. f) DSGVO). Our legitimate interest here is to maintain location-independent communication. Furthermore, the legal basis for data processing when conducting digital meetings is Art. 6 para. 1 p. 1 lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships with end customers. Insofar as the processing is based on Art. 6 para. 1 lit. f) DSGVO, you may object to the data processing (see right to object). In such a case, communication with you cannot be continued. Your data will be deleted, provided that there are no legal retention obligations to the contrary.

Storage duration

Your data will be processed during the online meeting. Some data is already deleted after the end of the meeting. User details, meeting metadata and content such as meetings, chats, shared files are deleted by Microsoft after 30 days. Any legal retention obligations remain unaffected. You can find out here which data is processed by Microsoft Teams, for what purpose and for how long.

Recipient

Teams, as part of Microsoft 365, is provided by Microsoft Ireland Operations Limited, Microsoft Place, South County Business Park, Leopardstown, Dublin 18. We base the use of the service provider on Art. 6 (1) lit f) DSGVO, our legitimate interest is to be supported efficiently and at the same time to reduce our own effort for the provision of IT systems. We operate Microsoft 365 on a server within the EU. However, when using Microsoft services, it cannot be ruled out in individual cases that personal data may be transmitted to the USA and processed there by Microsoft.

In the event that data transfers do occur, we have concluded an order processing agreement with Microsoft Ireland Operations Limited based in Ireland pursuant to Art. 28 DSGVO. In the event that Microsoft Ireland Operations Limited forwards the data received to further service providers based in unsafe third countries (esp. Microsoft Corporation based in the USA), Microsoft Ireland Operations Limited will conclude the necessary standard contractual clauses pursuant to Art. 46 para. 2 lit. c) DSGVO with these service providers. These contracts are then considered an appropriate guarantee and thus the legal basis for the data transfer. Microsoft’s data protection information can be found here. Copies of the EU standard data protection clauses are available on the website of the European Commission.

Direct marketing

We offer to send product information and conduct marketing campaigns for our B2B customers. To receive our content or get access to our demos, you need to fill out a contact form. As mandatory information, we collect your name and business email address. Other information (e.g. phone number, data from communication) is optional. On the one hand, we use the collected data to send you the requested document by e-mail. In return for our free service, we may contact you by e-mail to provide you with information about our services.

To implement our marketing campaigns, we use Zoho Campaigns from the service provider Zoho. With the help of Zoho Campaigns, we are able to analyze our email and newsletter campaigns. For example, we can see whether an email message was opened and which links, if any, were clicked.

We use the double-opt-in method for registering to receive our e-mails. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the e-mails.

Purposes and legal basis

We process the personal data provided by you for marketing purposes. The processing is based on your consent pursuant to Art. 6 para. 1 lit. a) DSGVO. When you first contact us, we obtain your consent for the intended use of your electronic contact data for advertising purposes and for measuring success, inform you of your right of revocation and document your consent in our CRM system (IP address, times of registration and confirmation). The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The data processing is based on our legitimate interest pursuant to Art. 6 para. 1 p.1 lit. f) DSGVO.

Storage duration

You can revoke the receipt of the newsletter at any time. You can declare the revocation by clicking on the unsubscribe link provided in every newsletter e-mail, by sending an e-mail to datenschutzbeauftragter@bancos.com or by sending a message to the contact details provided in the imprint.

With your revocation, the data used for the purpose of sending the mailing will generally be deleted. However, we may store unsubscribed email addresses for up to three years based on legitimate interests before deleting them. Our interest is to be able to prove consent that was previously given. The processing of this data is limited to the purpose of a possible defense against claims.

Please note that the data used for the mailings (name, e-mail address) may be further processed by us for other purposes, provided that there is a legal basis pursuant to Art. 6 (1) DSGVO. The processing of the data will then be limited to the relevant purposes and your e-mail address will be blocked for promotional mailings.

Recipient

We use the service provider Zoho to provide our services. For information on the service provider, see subitem “processing of inquiries”.

Information for applicants

Applicants can apply for advertised vacancies or send us a speculative application using the online application form or by e-mail or postal mail.

Applications via online application form

Information on data processing when using our online application form can be found here.

Applications by e-mail or postal mail

In order to carry out the application process, we process all personal data that you provide to us through your application. In addition, we process content data resulting from communication with you and the selection process. If you provide us with these, special categories of personal data (e.g. health data) may also be processed by us. If you have published data in professional networks (e.g. XING, LinkedIn), we may include these in our selection decisions.

Transport encryption (TLS) is implemented for e-mail communication, provided your mail provider supports this.

Applications that you send to us by e-mail or post are entered into our recruiting system and processed there.

You provide us with your personal data voluntarily as part of the application process. However, the provision of personal data is necessary for the processing of your application and, if applicable, for the establishment of an employment relationship with us. Without the provision of the data, we cannot process your application.

Purposes and legal basis

The legal basis for the processing of data in the application procedure and, if applicable, for the purpose of establishing an employment relationship is Art. 88 DSGVO in conjunction with. Art. 6 para. 1 lit b) DSGVO . as well as for the case that special categories of personal data are processed § 22 para. 1 lit b BDSG. Furthermore, we may process personal data about you to the extent necessary to defend asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 lit. f) DSGVO (legitimate interest). The legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). If you have given your consent to longer data storage (inclusion in our talent pool), Section 26 BDSG in conjunction with. Art. 7 DSGVO is the legal basis. Insofar as you have published data in professional networks, we rely on Art. 6 para. 1 lit. f) DSGVO, our legitimate interest is to receive a clear short profile from you.

Storage duration

We store your personal data for as long as is necessary to make a decision about your application. If an employment relationship between you and us does not materialize, your data will be deleted after six months following the end of the application process. If you assert legal claims against us, the data will be retained for the purpose of providing evidence beyond the six months until the matter has been concluded.

If no employment relationship is established, but you have given us permission to continue storing your data (talent pool), we will store your data until you revoke your permission, but for no longer than 12 months.

Recipient

To provide our services, we use the service provider Personio SE & Co. KG, Seidlstraße 3, 80335 Munich. We base the use of the service provider on Art. 6 para. 1 lit f) DSGVO, our legitimate interest is to be supported efficiently and at the same time to reduce our own effort for the provision of IT systems. The data processing is generally carried out within the EU. We have concluded a data protection agreement with the service provider in accordance with Art. 28 DSGVO.

Recipients of data

We use carefully selected and qualified service providers to fulfill our tasks. If there is processing on behalf, we have concluded a data protection contract with the service providers in accordance with Art. 28 DSGVO or Art. 46 DSGVO. The following entities are recipients of the data:

Telecommunications (TC) and IT system service providers for operating TC and IT systems
IT service providers for the provision of software solutions/platforms
Service providers for hosting and maintaining the website
Public authorities and institutions, e.g. tax authorities, courts of law
Auditors, tax consultants, assessors