Data protection

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

alphacoders GmbH
Managing Director: Johannes Liebnau
Am Sandtorkai 48
20457 Hamburg, Germany
Email: johannes.liebnau@alphacoders.de
Phone: +49 (0) 40 82211904 000

We have appointed a data protection officer:

Dr. Christian Rauda
Specialist lawyer for copyright and media law
Specialized lawyer for information technology law
Specialized lawyer for commercial legal protection

GRAEF Rechtsanwälte Digital PartG mbB
Jungfrauenthal 8
20149 Hamburg
Tel. +49.40.80 6000 9-0
Fax +49.40.80 6000 9-10
E-Mail data.security.officer@alphacoders.de
Website www.graef.eu  

I. General information on data processing

1. Scope of processing of personal data

In principle, we only collect and use personal data of our users insofar as this is necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law. If we disclose data to other persons and companies (contract processors or third parties) as part of our processing, transmit them to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties,

If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in the context of the use of third-party services or disclosure or transmission of data to third parties, this will only take place if it happens to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. I.e., processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (so-called "adequacy decision") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

2. Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests prevail

3. Data deletion and storage duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

II. Provision of the website and creation of log files

1. Description and scope of data processing

When you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected for a limited time:

  1. Information about the browser type and the version used
  2. The user's operating system
  3. The user's internet service provider
  4. The user's IP address
  5. Date and time of access
  6. Websites from which the user's system reached our website

The data is stored in the log files of our system. This data is only required to analyze any malfunctions and is deleted within seven days at the latest. The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit.f GDPR. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session. The storage in log files takes place in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context and no conclusions about your person are drawn. Our legitimate interest in data processing according to Art. 6 Para. 1 lit.f GDPR also lies in these purposes. The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no option for the user to object.

III. Use of cookies

a) Description and scope of data processing

Our website uses so-called session or flash cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be clearly identified when the website is called up again. The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after changing pages. In addition, if you allow this, we also use so-called persistent cookies, which are used beyond the session ("cross-session cookies"). These cookies in particular are used to make the website user-friendly, more effective and safer. The user data collected by technically necessary cookies are not used to determine your identity.

The processing of personal data is required in accordance with Article 6 (1) (f) GDPR to safeguard our legitimate interests. Cookies are stored on the user's computer and transmitted to our site from there. As a user, you therefore have full control over the use of cookies and these cookies are deleted when the browser is closed. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated, it is possible that not all functions of the website can be used.

IV. Web analysis and other Google services, as well as lead generation

a) Google Analytics

We use Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”), on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Paragraph 1 lit. f. GDPR) . Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there. We have concluded a joint responsibility agreement with Google within the meaning of Art. 26 DSGVO (cf. https://support.google.com/analytics/answer/9012600?).

Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet. In doing so, pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases.

The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by downloading and installing the browser plug-in available at the following link: http: // tools .google.com / dlpage / gaoptout? hl = de .

You can find more information on the use of data by Google, setting and objection options on the Google website: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when you use websites or apps of our partners "), http://www.google.com/policies/technologies/ads (" Use of data for advertising purposes "), http://www.google.de/settings/ads (" Manage information that Google uses, to show you advertisements ").

b) Google Re / Marketing Services

On the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR), we use the marketing and remarketing services (“Google Marketing Services” for short ”) From Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“ Google ”). We have concluded a joint responsibility agreement with Google within the meaning of Art. 26 DSGVO (cf. https://support.google.com/analytics/answer/9012600?).

If Google processes data in the USA, this is done on the basis of EU standard contractual clauses, which provide sufficient guarantees within the meaning of Article 46 (1), (2) (c) of the GDPR.

The Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner in order to only present users with advertisements that potentially correspond to their interests. If, for example, a user is shown advertisements for products that he was interested in on other websites, this is called "remarketing". For these purposes, when our and other websites on which Google Marketing Services are active are accessed, Google immediately executes a code from Google and so-called (re) marketing tags (invisible graphics or code, also known as "web Beacons "called) integrated into the website. With their help, an individual cookie, ie a small file, is saved on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he is interested in and which offers he has clicked, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform you as part of Google Analytics, that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only transferred in full to a Google server in the USA and shortened there in exceptional cases. The IP address is not merged with the user's data within other Google offers. The aforementioned information can also be combined with information from other sources by Google. If the user then visits other websites, they can be shown advertisements tailored to their interests. The aforementioned information can also be combined by Google with information from other sources. If the user then visits other websites, the advertisements tailored to him can be displayed according to his interests. The aforementioned information can also be combined by Google with information from other sources. If the user then visits other websites, the advertisements tailored to him can be displayed according to his interests.

The user data is processed pseudonymously as part of the Google Marketing Services. This means that Google does not store and process the name or email address of the user, for example, but rather processes the relevant cookie-related data within pseudonymous user profiles. In other words, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google's servers in the USA.

The Google marketing services we use include the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies cannot therefore be tracked via the websites of AdWords customers. The information obtained with the help of the cookie or Adwords pixel is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

We can incorporate third-party advertisements based on the Google “AdSense” marketing service. AdSense uses cookies that enable Google and its partner websites to display ads based on users' visits to this website or other websites on the Internet. We can also use "Google Tag Manager" and "Google Phone Tracking" to integrate and manage Google analysis and marketing services on our website.

You can find more information on the use of data by Google for marketing purposes on the overview page: https://www.google.com/policies/technologies/ads , Google's data protection declaration is available at https://www.google.com/policies/privacy retrievable.

If you would like to object to interest-based advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences .

c) Lead generation tools

We also use the services of so-called lead generation tools. Lead generation (prospect acquisition) is a marketing term. A lead is a qualified prospect who, on the one hand, is interested in a company or a product and, on the other hand, gives the advertiser his address and similar contact details (lead = data record) for further dialog building and is therefore very likely to become a customer . Generating high quality leads is a fundamental task in acquiring new customers. Address data of potential interested parties can be generated online and offline for specific target groups and our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR lies in these purposes.

We use the Leadfeeder service. This uses Google Analytics data to recognize company visitors. Leadfeeder is integrated in our CRM system & email marketing tool. This is a service provided by Liidio Oy, Mikonkatu 17 C, Helsinki 00100, Finland. Leadfeeder's privacy policy can be found at https://www.leadfeeder.com/privacy/ .

We use the service "LinkedIn Lead Generation" as a further lead generation tool. LinkedIn uses forms to generate leads and functions and content of the LinkedIn service, offered by LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be integrated. If the users are members of the LinkedIn platform, LinkedIn can assign the above-mentioned content and functions to the profiles of the users there.

If LinkedIn processes data in the USA, this is done on the basis of EU standard contractual clauses, which provide sufficient guarantees within the meaning of Article 46 (1), (2) (c) of the GDPR.


In this context, we also use lead generation tools from LinkedIn.

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out . LinkedIn's privacy policy can be found at https://www.linkedin.com/legal/privacy-policy or https://business.linkedin.com/de-de/marketing-solutions/native-advertising/lead-gen -ads .

These tools are used for marketing purposes. Our legitimate interest in data processing according to Art. 6 Para. 1 lit.f GDPR also lies in these purposes.

V. Contact form, data protection in the application process

You can contact us via our contact form on our website, by e-mail, telephone or letter. In this case, the information you provide in your inquiry, including the contact data you provide there, will be stored by us solely for the purpose of processing the inquiry and in the event of follow-up questions. In this context, the data will not be passed on to third parties.

The legal basis for the processing of the data is Art. 6 para. 1 lit. f DSGVO. Our interest in answering your inquiry outweighs your interest; furthermore, since you are writing to us, an answer is also in your interest and you are aware that we need to process your data to answer your inquiry.

If the e-mail contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) lit. b DSGVO.

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

VI. Data protection in the application process

In the context of an application procedure or a contact confirmation, after receipt of your application or activation of your contact data via our candidate portal, we process the data that you have provided to us or communicated to one of our consultants m/f and that are necessary for us for the purpose of conducting an application procedure with one of our customers or contacting you with the aim of opening an application procedure with one of our customers.

The following categories of data are processed:

  • Master data (surname, first name, name affixes and date of birth).
  • contact data (address, e-mail, telephone number)
  • any other information provided by you independently
  • documents sent to us and their content (e.g. letter of application, curriculum vitae, certificates, proof of activities, references, residence permit, work permit).

In addition, for the purpose of contacting you or after receipt of your application for the purpose of carrying out the application process, we process such personal data that we have obtained in a permissible manner from publicly accessible sources or personal contacts (e.g., from a joint communication in a career-oriented social network such as XING or LinkedIn).

If you voluntarily provide us with special categories of personal data within the meaning of Art. 9 DSGVO in the context of your application or contact (e.g. provide information about an existing severe disability or attach a photo to your application that reveals, for example, glasses and thus a visual impairment), this is done on the basis of your consent that we may process the corresponding data after receipt of your application for the purpose of carrying out the application process. You can revoke your consent at any time without giving reasons. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

To enable more comprehensive job offers and consulting, you may consent to the processing of your personal data in the applicant database of the Career Team Group by CTG Consulting GmbH, alphacoders GmbH, CareerTeam GmbH, Foxio Consulting GmbH, Numeris Consulting GmbH, PALTRON GmbH and Sinceritas GmbH. We expressly point out that your consent is voluntary and has no effect on your chances in the application process. You may revoke your consent at any time vis-à-vis us or one of our group companies without stating reasons. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

In the event of a rejection or if you are no longer interested in a specific job offer, you can consent to your data being stored in our CareerTeam Group applicant database for a longer period of time in order to provide you with other job offers that may be of interest to you. You may revoke your consent at any time to us or to our group companies CTG Consulting GmbH, alphacoders GmbH, CareerTeam GmbH, Foxio Consulting GmbH, Numeris Consulting GmbH, PALTRON GmbH and Sinceritas GmbH  without giving reasons. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients of your personal data are only those persons who require your data for the decision on the establishment of an employment relationship as well as the subsequent implementation of the decision made or - in the case of contacting you - to inquire about your interest in career prospects and job offers with our customers. Contact is established with the greatest possible confidentiality, usually by telephone or e-mail, using the contact details provided by you.

We only pass on your data to the customer once you have informed us in a personal meeting or telephone call of your express interest in the advertised position of the customer. You will be informed of the transfer of your data verbally or / and in most cases also in writing by e-mail. No other persons will have access to your data.

The legal basis for data processing is Art. 6 para 1 b) DSGVO in conjunction with Art. 88 DSGVO and § 26 BDSG and, in the case of processing sensitive data in accordance with Art. 9 DSGVO and/or in the case of processing within the group of companies, your consent Art. 6 para 1 lit a) DSGVO.

In principle, your personal data will only be processed within the EU. In the case of international customers, it may also be necessary to transfer your applicant data to customers in third countries. However, we will inform you about the potential recipient and the third country before the transfer.

No automated individual case decisions or profiling measures take place.

We process your personal data only until the purpose of the processing no longer applies; unless this conflicts with legal obligations (e.g., obligations to provide proof and to retain data due to tax and labor protection laws and contractual obligations with our customers).

If our efforts result in you establishing an employment relationship with one of our customers, we will store your data for as long as we need it in each case for the lawful and proper establishment, implementation and termination of the employment relationship during the probationary period and for the processing of our related business activities with the respective customer. Afterwards, we delete your data, provided that there are no legal obligations to the contrary (e.g. obligations to provide proof and to retain data due to tax and labor protection laws and contractual obligations with our customers).

If, on the other hand, our efforts do not lead to the establishment of an employment relationship but to a rejection (either by you or by us or our customer), we will store your data for as long as is necessary for the defense against any claims resulting from the rejection of the application, but generally only for six months from the rejection issued.

VII. Online presence in social media and integration of third-party services

We maintain an online presence within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. Unless otherwise stated in our data protection declaration, we process the data of the users as long as they communicate with us within the social networks and platforms, e.g. write articles on our online presence or send us messages. We set within our online offer on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f.

This always presupposes that the third-party providers of this content perceive the IP address of the users, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website.

Use of Facebook social plugins

On the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Paragraph 1 lit. operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook"). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the terms “like”, “like” or a “thumbs up” sign ) or are marked with the addition "Facebook Social Plugin". The list and the appearance of the Facebook social plugins can be viewed here:https://developers.facebook.com/docs/plugins/ .

Meta Platforms Ireland Ltd. processes personal data when using Facebook products, even of persons who are not logged into any of the Facebook or Instagram services. The data may be transferred to countries outside the European Union (USA); however, this is done on the basis of EU standard contractual clauses, thus providing sufficient guarantees within the meaning of Art. 46 (1), (2) c) DSGVO.  Which personal data these are in detail, how, for which purposes and on which legal basis these are processed, Facebook describes in its data policy (https://help.instagram.com/519522125107875?helpref=page_content)

When a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection with the Facebook servers. The content of the plug-in is transmitted directly from Facebook to the user's device, which integrates it into the online offer. In doing so, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, for example by pressing the Like button or making a comment, the relevant information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out his IP address and save it. According to Facebook, only an anonymized IP address is saved in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/ .

If a user is a Facebook member and does not want Facebook to collect data about him through this online offer and link it to his member data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and contradictions to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info / choices / or the EU page http://www.youronlinechoices.com/ . The settings are platform-independent, ie they are adopted for all devices such as desktop computers or mobile devices.

Twitter

Functions and contents of the Twitter service, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be integrated into our online offer. This can include, for example, content such as images, videos or texts and buttons with which users can express their liking for the content, subscribe to the authors of the content or our contributions. If the users are members of the Twitter platform, Twitter can assign the above-mentioned content and functions to the profiles of the users there. Data protection declaration from Twitter: https://twitter.com/de/privacy . TIf Twitter processes data in the USA, this is done on the basis of EU standard contractual clauses, which provide sufficient guarantees within the meaning of Article 46 (1), (2) c) of the GDPR. Data protection declaration: https://twitter.com/de/privacy , Opt-Out: https://twitter.com/personalization .

Google Plus

Functions and contents of the Google Plus service, provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, ("Google") can be integrated and used within our online offer. For more information on the use of data by Google for marketing purposes, please visit the overview page: https://www.google.com/policies/technologies/ads , Google's privacy policy is available at https://www.google.com/policies/privacy . If Google processes data in the USA, this is done on the basis of EU standard contractual clauses, which provide sufficient guarantees within the meaning of Article 46 (1), (2) (c) of the GDPR.

Xing

Functions and contents of the Xing service, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be integrated into our online offer. This can include, for example, content such as images, videos or texts and buttons with which users can express their favor with regard to the content, subscribe to the authors of the content or our contributions. If the users are members of the Xing platform, Xing can assign the above-mentioned content and functions to the profiles of the users there. Xing's privacy policy: https://www.xing.com/app/share?op=data_protection .

LinkedIn

Functions and contents of the LinkedIn service, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, can be integrated into our online offer. This can include, for example, content such as images, videos or texts and buttons with which users can express their satisfaction with the content, subscribe to the authors of the content or our contributions. If the users are members of the LinkedIn platform, LinkedIn can assign the above-mentioned content and functions to the profiles of the users there. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy. If LinkedIn processes data in the USA, this is done on the basis of EU standard contractual clauses, which provide sufficient guarantees within the meaning of Article 46 (1), (2) c) of the GDPR. Data protection declaration: https://www.linkedin.com/legal/privacy-policy . Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

Tawk.to

Within our online offer, functions and contents of the Tawk.to service can be integrated, offered by Tawk.to. This can include, for example, content such as from chats. This content is then sent to us by email and saved. The privacy policy of tawk.to can be found at: https://www.tawk.to/privacy-policy .

VII. Information according to Art. 14 GDPR

1. Name and contact details of the responsible body and contact details of the data protection officer:

Responsible bodies:

  1. alphacoders GmbH (Am Sandtorkai 48, 20457 Hamburg, phone: +49 (0) 40 211 0762 03, email: hello@alphacoders.de)
  2. PALTRON GmbH (Am Sandtorkai 48, 20457 Hamburg, phone: +49 (0) 40 180 241 180, email: contact@paltron.com), Numeris Consulting GmbH (Am Sandtorkai 48, 20457 Hamburg, phone: +49 (0) 40 211 076 202, email; info@numeris-consulting.de), Sinceritas GmbH (Am Sandtorkai 48, 20457 Hamburg, phone: +49 (0) 40 211 076 218, email: info@sinceritas.com), Foxio Consulting GmbH ( Am Sandtorkai 48, 20457 Hamburg, phone: +49 (0) 40 696 326 969, email: info@foxio.com), CareerTeam GmbH (Am Sandtorkai 48, 20457 Hamburg, phone: +49 (0) 30 403 641 030, Email: info@careerteam.de), CAREERTEAM Schweiz GmbH (Feldeggstrasse 4, 8008 Zurich, Telephone: +41 (0) 43 508 93 29, Email: hello@careerteam.ch), CAREERTEAM BV (Keizersgracht 391A, 1016 EJ Amsterdam, Phone: +31 (0) 20 244 02 47, email: info@careerteam.nl), CAREERTEAM SAS (17-21, rue Saint Fiacre, 75002 Paris, phone:+33 1 73 06 21 39, email: info@careerteam.fr).

Data protection officer for all of the aforementioned companies:

Dr. Christian Rauda
Specialist lawyer for information
technology law GRAEF Rechtsanwälte Digital Partnerschaftsgesellschaft mbB
Jungfrauenthal 8
20149 Hamburg
Tel. +49.40.80 6000 9-0
Fax +49.40.80 6000 9-10

2. Purposes for which the personal data are to be processed and the legal basis for the processing

Bringing together suitable candidates - as individuals or in a team - and companies for the purpose of concluding an employment contract. The processing is based on Article 6, Paragraph 1, Letter f) of the GDPR.

3. Categories of personal data that are processed

Name, Xing or LinkedIn link, current position, current employer, possibly correspondence with the candidate

4. Recipients or categories of recipients of the personal data;

In each case internal department of the above named responsible bodies that operate recruiting for companies. The data will only be passed on to a potential employer after the candidate has given his / her consent.

5. Intention of the person responsible to transfer the personal data to a recipient in a third country or an international organization

See at the individual service providers.

6. Duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration

The data is stored for as long as the person concerned is potentially a candidate for exciting job offers.

7. If the processing is based on Article 6 paragraph 1 letter f, the legitimate interests pursued by the controller or a third party

We want to address candidates as individually and personally as possible and only offer them jobs that we are convinced will fit the candidate perfectly. We not only mediate individual candidates in the corporate group, but also put together cross-professional teams. We also have an economic interest in finding jobs.

8. The source from which the personal data originate and, if applicable, whether they originate from publicly accessible sources;

Xing or LinkedIn (public data)

9. Rights of data subjects

If personal data is processed by the candidate - that is, from you - he is a data subject within the meaning of the GDPR and he has rights vis-à-vis those responsible.

You will find these for the responsible body under 1. under number 1 in the following paragraph of this data protection declaration (Roman VIII.).

as well as for the responsible bodies under point 2 under the following links:
PALTRON GmbH:  https://www.paltron.com/datenschutz
Numeris Consulting GmbH:  https://www.numeris-consulting.de/datenschutz
Sinceritas GmbH:  https : //www.sinceritas.com/datenschutz
Foxio Consulting GmbH https://www.foxio.com/datenschutz
CAREERTEAM GmbH:  https://www.careerteam.de/datenschutz
CAREERTEAM Schweiz GmbH:  https: //www.careerteam. ch / data protection
CAREERTEAM BV:  https://www.careerteam.nl/privacyverklaring
CAREERTEAM SAS:  https://www.careerteam.fr/protection-des-donnees

VIII. Rights of the data subject

If your personal data is processed, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

1. Right to information

You can request confirmation from the person responsible as to whether we are processing personal data relating to you. If this is the case, you can request the following information from the person responsible:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
  4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
  5. the existence of a right to correction or deletion of your personal data, a right to restrict processing by the person responsible or a right to object to this processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. all available information about the origin of the data if the personal data are not collected from the data subject;
  8. You have the right to request information about whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

2. Right to rectification

You have a right to correction and / or completion vis-à-vis the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

3. Right to restriction of processing

Under the following conditions, you can request that the processing of your personal data be restricted:

  1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to check the accuracy of the personal data;
  2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  3. the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  4. if you have objected to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of your personal data has been restricted, this data - apart from its storage - may only be permitted with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest processed by the Union or a Member State. If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

4. Right to cancellation

a) Obligation to delete

You can request the person responsible to delete the personal data relating to you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.
  3. You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.
  4. The personal data concerning you were processed unlawfully.
  5. The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
  6. The personal data relating to you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

b) Information to third parties

If the person responsible has made the personal data relating to you public and is obliged to delete it in accordance with Art. 17 Paragraph 1 GDPR, he shall take appropriate measures, including technical measures, to take into account the available technology and the implementation costs, to identify the person responsible for the data processing who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist if processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. to fulfill a legal obligation that requires processing under the law of the Union or of the member states to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible;
  3. for reasons of public interest in the area of ​​public health in accordance with Art. 9 Paragraph 2 lit. h and i and Art. 9 Paragraph 3 GDPR;
  4. to assert, exercise or defend legal claims.

5. Right to be informed

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, the person responsible is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this turns out to be impossible or involves a disproportionate effort.

You have the right vis-à-vis the person responsible to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that

  1. the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and
  2. the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible. This must not impair the freedoms and rights of other people.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.

7. Right to Object

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The person responsible will no longer process the personal data relating to you unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of information society services - regardless of Directive 2002/58 / EC - you have the option of exercising your right of objection by means of automated processes that use technical specifications. You can send an email to our data protection officer.

8. Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which has legal effect on you or which significantly affects you in a similar manner. This does not apply when making the decision

  1. is necessary for the conclusion or performance of a contract between you and the person responsible,
  2. is permissible on the basis of legal provisions of the Union or of the member states to which the person responsible is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests or
  3. takes place with your express consent.

However, these decisions may not be based on special categories of personal data according to Art. 9 Paragraph 1 GDPR, unless Art. 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests . With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to express their own point of view and heard on contesting the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data is against violates the GDPR. The supervisory authority to which the complaint was submitted informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.