Principles of data processing As part of the application process, your personal data will be processed by the controller and stored for the duration required to fulfill the specified purposes and legal obligations.
In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard, in particular with regard to the General Data Protection Regulation (GDPR). Who is responsible for data processing? The controller within the meaning of data protection law is the Seeberger Group company named in the respective job offer. Seeberger GmbH, Hans-Lorenser-Straße 36, 89079 Ulm Seeberger Professional GmbH, Hans-Lorenser-Straße 36, 89079 Ulm Seeberger Genusswelt GmbH, Hans-Lorenser-Straße 20, 89079 Ulm Which of your data do we process?
And for what purposes? We only process personal data that is required to fulfill the defined purposes (application process) and legal obligations.
This may include the following personal data:
- Personal details (e.g. name, address, contact details, date of birth, country)
- Curriculum vitae
- Qualifications (e.g. education, professional experience, language skills, further training)
- Testimonials, certificates
- Image and sound data (e.g. application photo, ID photo, video recording, sound recordings, other photo recordings)
- all personal data that you yourself provide to us in the course of the application process (e.g. by sending us your CV, cover letter, etc.)
Seeberger receives your personal data in the following ways:
- Direct advertising via the Seeberger careers page
- Applications by e-mail directly to Seeberger employees
- Postal application
- Recruitment agency
- Candidates who are contacted by Seeberger on LinkedIn
If we have received data from you, we will only process it for the purposes for which we received or collected it, i.e:
- for the implementation of the application procedure and for the decision on the establishment of an employment relationship
- Implementation of pre-contractual measures (initiation of the employment relationship)
- Inclusion of applicant data in an applicant pool
- to process applications received via various channels (e.g. via e-mail or social media)
- to actively approach potential employees via various channels and contracted personnel consultants (recruitment)
- for correspondence with you
- to fulfill legal and statutory obligations
- for the defense of asserted legal claims
Data processing for other purposes is only considered if the necessary legal requirements pursuant to Art. 6 para.
4 GDPR are present.
Any information obligations pursuant to Art. 13 para.
3 GDPR and Art. 14 para.
4 GDPR will of course be observed in this case.
If you are hired, you will be informed separately about the regulations applicable to the handling of your personal data, in particular with regard to the creation of personnel files. There is no obligation to provide us with the personal data we ask you for.
However, it will not be possible to carry out the application process if you do not provide your personal data.
If the provision of your data is required by law in some cases, we will inform you of this separately. What is the legal basis for this? The legal basis for the processing of personal data is generally the General Data Protection Regulation and the Federal Data Protection Act, unless there are specific legal provisions.
The following options in particular come into consideration here:
- Consent (Art. 6 para. 1 lit. a) GDPR)
If you have given your consent to the processing of personal data, the data will be processed exclusively for the purpose stated in the consent.
- Data processing for the fulfillment of contracts (Art. 6 para. 1 lit. b) GDPR and § 26 BDSG)
Your personal data is processed to establish, implement or terminate the employment relationship within the framework of the existing contract or to carry out pre-contractual measures.
- Data processing on the basis of a balancing of interests (Art. 6 para. 1 lit. f) GDPR)
If necessary, your personal data will be processed beyond the actual fulfillment of the contract.
This processing serves to protect the legitimate interests of the Seeberger Group or third parties.
The legitimate interest is to ensure an efficient application process and optimal staffing.
- Data processing to fulfill a legal obligation (Art. 6 para. 1 lit. c) GDPR as well as Art. 88 GDPR and § 26 BDSG).
The Seeberger Group is subject to various legal obligations and statutory requirements (e.g. social security law, occupational safety, professional code of conduct for lawyers, tax laws), as well as regulatory requirements (e.g. bar associations).
- If special categories of personal data pursuant to Art. 9 para.
1 GDPR are processed, this serves the exercise of rights or the fulfillment of legal obligations under labor law, social security law and social protection law within the framework of the employment relationship.
The processing is carried out on the basis of Art. 9 para.
2 b GDPR in conjunction with § 26 para.
3 BDSG.
In addition, the processing of health data for the assessment of their ability to work in accordance with Art. 9 para.
2 h GDPR in conjunction with Section 22 para.
1 b BDSG may be necessary.
In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 para.
2 a GDPR in conjunction with Section 26 para.
2 BDSG.
If personal data is processed on the basis of your consent, you have the right to withdraw your consent from us at any time with effect for the future.
If we process data on the basis of a balancing of interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 GDPR. How long will the data be stored? We process the data for as long as this is necessary for the respective purpose.
Insofar as statutory retention obligations exist – e.g. under the German Social Security Code, the German Commercial Code and the German Fiscal Code – the relevant personal data will be stored for the duration of the retention obligation.
Applications are stored for up to 6 months after the end of the application process; if you have given your consent to be included in the applicant pool, the application will be stored for a maximum of 1 year.
After the retention period has expired, we will check whether there is any further need for processing.
If it is no longer necessary, the data will be deleted.
Of course, you can request information about the personal data we have stored about you at any time (see below) and, if it is no longer necessary, request that the data be deleted or processing be restricted. To which recipients is the data forwarded? Your personal data will only be passed on to third parties if this is necessary for the decision on the establishment of an employment relationship or, after the employment relationship has been established, for its implementation or termination.
Your personal data will be passed on to the following recipients:
- Personnel and IT department
- Head of department
- IT service providers used by us
- Companies that belong to our Group
The processing of your personal data is carried out on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR.
In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR.
Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfill legal obligations or if we have your consent.
The recipients we use are Contract data processing and sub-processors We process your application via the applicant management system StepStone, of StepStone Deutschland GmbH, Völklinger Str. 1 40219 Düsseldorf 1, Germany.
Details on data processing can be found in StepStone’s privacy policy at https://www.stepstone.de/e-recruiting/rechtliches/datenschutz-bewerber/.
Our online application portal is technically operated by our service provider d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, Germany.
D.vinci only provides software and computing capacity and has no influence on the application process.
Details on data processing can be found in d.vinci’s privacy policy: https://www.dvinci.de/datenschutz/. PLÜCOM DIGITAL We use an external application site from PLÜCOM DIGITAL of PLÜCOM e.K., Friedensallee 27, 22765 Hamburg.
This is an agency that creates social media recruiting campaigns.
Applications are recorded via the website created by the agency and sent by e-mail as a small questionnaire.
Details on data processing can be found in PLÜCOM’s privacy policy: https://pluecom.de/datenschutz/. Microsoft Office 365 As a collaboration tool, we use Office 365 from Microsoft, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
Details on data processing can be found in Microsoft’s privacy policy at https://privacy.microsoft.com/de-de/privacystatement. Transfer of personal data to a third country In the case of processors and service providers outside the EU/EEA, your personal data mentioned above will only be processed to the extent that appropriate safeguards have been put in place for third country transfers.
Some of the recipients mentioned above are located outside your country or process your personal data there.
The level of data protection in other countries may not be the same as in your country.
However, we only transfer your personal data to countries for which the EU Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients have an adequate level of data protection.
For example, we conclude standard contractual clauses in accordance with Art. 46 para.
2 lit.
c GDPR have been concluded.
These are available on request at datenschutz@seeberger.de The provider Microsoft, which has a group company in the USA (Microsoft), has joined the Trans-Atlantic Data Privacy Framework (TDPF; data protection agreement between the EU and the USA), so that an appropriate level of data protection is guaranteed for data processing and the conclusion of standard contractual clauses is not required. we reserve the right to commission additional service providers for business purposes and will inform you about this in the context of this data protection declaration. Audio and videoconferencingData processingWe use online conferencing tools, among others, to communicate with our customers.
The individual tools we use are listed below.
If you communicate with us by video or audio conference via the internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conferencing tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number).
The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that is required to process the online communication.
This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If content is exchanged, uploaded or made available in any other way within the tool, this is also stored on the tool provider’s servers.
Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full control over the data processing operations of the tools used.
Our options are largely determined by the company policy of the respective provider.
Further information on data processing by the conference tools can be found in the privacy policies of the tools used, which we have listed below this text. Purpose and legal basis The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 sentence 1 lit. b GDPR).
Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR).
If consent has been requested, the tools in question are used on the basis of this consent.
Consent can be revoked at any time with effect for the future. Storage period The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies.
Stored cookies remain on your end device until you delete them.
Mandatory statutory retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes.
For details, please contact the operators of the conferencing tools directly. Conference tool used:Microsoft Teams We use Microsoft Teams.
The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Details on data processing can be found in the Microsoft Teams privacy policy:https://privacy.microsoft.com/de-de/privacystatement.
