Skip to main content

Processing of (personal) data by the entity in charge of the online application process

APPSFACTORY PRIVACY POLICY 
Status: 31.08.2018 
 
1. NAME AND ADDRESS OF THE RESPONSIBLE PERSON 
The responsible person in terms of the basic data protection regulation and other national data protection laws of the member states and other data protection regulations is the: 
 
Appsfactory GmbH 
Dittrichring 5-9 
04109 Leipzig 
Germany 
Phone: +49 (0)341 355 920 50 
e-mail: info[replace by@character]appsfactory.de 
 
2. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER 
Thomas Voss 
Appsfactory GmbH 
Dittrichring 5-9 
04109 Leipzig 
Germany 
Phone: +49 (0)341 355 920 50 
e-mail: data protection [replace by@sign]appsfactory.de 
 
 
3. GENERAL INFORMATION ON DATA PROCESSING 
3.1 SCOPE OF THE PROCESSING OF PERSONAL DATA 
As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by legal regulations. 
 
3.2 LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA 
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Regulation (DSGVO) serves as the legal basis. 
 
When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures. 
 
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis. 
 
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis. 
 
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) lit. f DSGVO serves as the legal basis for the processing. 
 
3.3 DELETION OF DATA AND STORAGE PERIOD 
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Furthermore, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which the person responsible is subject. Data is also blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract. 
 
 
4. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES 
4.1 DESCRIPTION AND SCOPE OF DATA PROCESSING 
Whenever you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected: 
 
Information about the browser type and the version used 
The user's operating system 
The Internet service provider of the user 
The IP address of the user 
Date and time of access 
Websites from which the user's system accesses our website 
Websites that are called up by the user's system via our website 
The data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that allow the data to be assigned to a user. This data is not stored together with other personal data of the user. 
 
4.2 LEGAL BASIS FOR DATA PROCESSING 
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO. 
 
4.3 PURPOSE OF DATA PROCESSING 
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. 
 
The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. 
 
These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f DSGVO. 
 
4.4 DURATION OF STORAGE 
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. 
 
In the case of data stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible. 
 
4.5. POSSIBILITY OF OBJECTION AND REMOVAL 
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection on the part of the user. 
 
5. E-MAIL CONTACT 
5.1 DESCRIPTION AND SCOPE OF DATA PROCESSING 
On our website it is possible to contact us via the provided e-mail address. In this case the personal data of the user transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation. 
 
5.2 LEGAL BASIS FOR DATA PROCESSING 
The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b DSGVO. 
 
5.3 PURPOSE OF DATA PROCESSING 
The processing of the personal data from the input mask serves us only for the processing of the establishment of contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data. 
 
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. 
 
5.4 DURATION OF STORAGE 
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified. 
 
The personal data additionally collected during the sending process will be deleted after a period of seven days at the latest. 
 
5.5 POSSIBILITY OF OBJECTION AND REMOVAL 
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case. 
 
6. APPLICATIONS AND APPLICATION PROCEDURE 
6.1 APPLICATIONS AND APPLICATION PROCEDURE 
The controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out by electronic means. This is particularly the case if an applicant submits relevant application documents to the controller electronically, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in accordance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with deletion. Other legitimate interests in this sense include, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG). 
 
6.2 USER TESTS / USER ACCEPTANCE TESTS (UAT) 
The controller collects and processes the personal data of participants in UATs for the purpose of the organisational management of the UATs. The processing may also be carried out by electronic means. This is particularly the case if a potential participant in a UAT contacts the contact person at Appsfactory electronically, for example by e-mail. If the potential participant participates in a UAT and/or declares his or her interest in participating in future UATs carried out by Appsfactory, the transmitted data shall be stored for the purpose of establishing contact and assessing the suitability of the potential participant for the corresponding UAT in compliance with the statutory provisions. If the potential test person withdraws from his or her interest in participating in a (further) UAT, the personal data will be automatically deleted two months after the corresponding notification, provided that no other justified interests of the person responsible for processing conflict with deletion. 
 
7 MYNEWSDESK 
By clicking on news entries (accessible via "News" in the header area of the website) you can access our corporate presence at MyNewsDesk. Clicking on them establishes a direct connection through the browser to the servers of MyNewsDesk. If you are logged in to MyNewsDesk via your personal user account while visiting our website, MyNewsDesk can assign this visit to your user account. If you wish to prevent data transmission to your MyNewsDesk account, you must log out of your MyNewsDesk account before clicking on news entries. 
 
The MyNewsDesk data protection statement explains the purpose and scope of data collection and the further processing and use of your data by MyNewsDesk. The social network MyNewsDesk is operated by Mynewsdesk GmbH, Ritterstraße 12-14, 10969 Berlin. 
 
8. GOOGLE ANALYTICS 
This website uses the service "Google Analytics", which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse the use of the website by users. The service uses "cookies" - text files which are stored on your end device. The information collected by the cookies is usually sent to a Google server in the USA and stored there. 
 
IP anonymization is used on this website. The IP address of users is shortened within the member states of the EU and the European Economic Area. Due to this shortening, the personal reference of your IP address is no longer necessary. Within the framework of the agreement on commissioned data, which the website operators have concluded with Google Inc., the latter uses the information collected to create an evaluation of website use and website activity and provides services associated with Internet use. 
 
You have the option of preventing the storage of the cookie on your device by making appropriate settings in your browser. There is no guarantee that you will be able to access all functions of this website without restrictions if your browser does not allow cookies. 
 
Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link will take you to the appropriate plugin: https://tools.google.com/dlpage/gaoptout?hl=de. 
 
Here you will find further information about the data usage by Google Inc.: https://support.google.com/analytics/answer/6004245?hl=de. 
 
9. FACEBOOK SOCIAL PLUGINS 
This website uses Facebook Social Plugins, which are provided by Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). The integration can be recognized by the Facebook logo or by the terms "Like", "Like", "Like", "Share" in the colors Facebooks (blue and white). Information on all Facebook plugins can be found in the following link: https://developers.facebook.com/docs/plugins/ 
 
The plugin establishes a direct connection between your browser and the Facebook servers. The website operator has no influence on the nature and scope of the data that the plugin transmits to the servers of Facebook Inc. You can find information about this here: https://www.facebook.com/help/186325668085084 
 
The plugin informs Facebook Inc. that you have visited this website. It is possible that your IP address will be saved. If you are logged in to your Facebook account during your visit to this website, the aforementioned information is linked to this account. 
 
If you use the functions of the plugin - for example by sharing or "linking" to a post - the corresponding information is also transmitted to Facebook Inc. 
 
Do you want to prevent the Facebook. Inc. from linking this data to your Facebook account, please log out of Facebook before visiting this website. 
 
10. RIGHTS OF THE PERSON CONCERNED 
If personal data is processed by you, you are a data subject within the meaning of the DSGVO and you are entitled to the following rights in relation to the person responsible: 
 
10.1 RIGHT TO INFORMATION 
You may request confirmation from the person responsible as to whether personal data concerning you is being processed by us. If such processing is carried out, you may request information from the data controller on the following: 
 
the purposes for which the personal data are processed; 
the categories of personal data which are processed; 
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; 
the planned duration of storage of the personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage; 
the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing; 
the existence of a right of appeal to a supervisory authority; 
any available information as to the source of the data where the personal data are not collected from the data subject; 
the existence of automated decision-making, including profiling, in accordance with Art. 22, paragraphs 1 and 4 DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended consequences of such processing for the data subject. 
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 DPA in connection with the transfer. 
 
10.2 RIGHT OF RECTIFICATION 
You have the right to obtain from the data controller the rectification and/or integration of any personal data processed concerning you if it is incorrect or incomplete. The data controller shall make the correction without delay. 
 
10.3 RIGHT TO LIMITATION OF PROCESSING 
Under the following conditions, you may request that the processing of personal data concerning you be restricted: 
 
if you dispute the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data; 
the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data; 
the controller no longer needs the personal data for the purposes of the processing, but you need them in order to assert, exercise or defend legal claims; or 
if you have lodged an objection to the processing in accordance with Art. 21 Para. 1 DSGVO and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons. 
If the processing of personal data relating to you has been restricted, such data - apart from being stored - may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. 
 
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted. 
 
10.4 RIGHT OF DELETION 
10.4.1 Duty of deletion 
You may request the controller to delete personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies: 
 
The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed. 
You revoke your consent on which the processing was based in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO, and there is no other legal basis for the processing. 
You submit an objection to the processing pursuant to Art. 21 Para. 1 DSGVO and there are no overriding legitimate reasons for the processing, or you submit an objection to the processing pursuant to Art. 21 Para. 2 DSGVO. 
The personal data concerning you have been processed unlawfully. 
The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject. 
The personal data concerning you have been collected in relation to information society services provided in accordance with Article 8(1) of the DPA. 
10.4.2 Information to third parties 
If the controller has made public the personal data concerning you and is obliged to delete them in accordance with Art. 17 para. 1 DPA, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data. 
 
10.4.3 Exceptions 
The right of cancellation does not exist insofar as the processing is necessary 
 
on the exercise of the right to freedom of expression and information; 
to comply with a legal obligation requiring processing under Union or national law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller; 
for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 DSGVO; 
for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the law referred to in a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or 
to assert, exercise or defend legal claims. 
10.5 RIGHT TO INFORMATION 
If you have exercised the right to rectify, erase or limit the processing, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. 
 
You have the right to be informed of these recipients by the controller. 
 
10.6 RIGHT TO DATA TRANSFERABILITY 
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without interference from the controller to whom the personal data has been made available, provided that 
 
the processing is based on a consent pursuant to Art. 6 para. 1 letter a DSGVO or Art. 9 para. 2 letter a DSGVO or on a contract pursuant to Art. 6 para. 1 letter b DSGVO and 
the processing is carried out using automated procedures. 
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, in so far as this is technically feasible. The freedoms and rights of other persons must not be affected by this. 
 
The right to data transferability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 
 
10.7 RIGHT OF OBJECTION 
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 paragraph 1 letter e or f of the DPA; this also applies to profiling based on these provisions. 
 
The controller shall no longer process the personal data concerning you unless he can demonstrate compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or if the processing is carried out for the purpose of asserting, exercising or defending legal claims. 
 
Where personal data relating to you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing. 
 
If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes. 
 
You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures using technical specifications. 
 
10.8 RIGHT TO REVOKE THE DATA PROTECTION CONSENT 
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation. 
 
10.9 AUTOMATED DECISION IN INDIVIDUAL CASES INCLUDING PROFILIN 
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or which significantly affects you in a similar way. This shall not apply if the decision 
 
is necessary for the conclusion or fulfilment of a contract between you and the person responsible, 
is authorised by Union or national legislation to which the person responsible is subject and that legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or 
with your express consent. 
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 Para. 1 DSGVO, unless Art. 9 Para. 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. 
 
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the controller, to express his or her point of view and to contest the decision. 
 
10.10 RIGHT TO APPEAL TO A SUPERVISORY AUTHORITY 
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are domiciled, your place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you is in breach of the DPA. 
 
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO. 
 
This data protection declaration is adapted from time to time. The date of the last update can be found at the beginning of this statement.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.