Data Privacy Policy
Introduction and General Information
Responsible for GDPR
ESFORIN SE
Ruhrallee 201
45136 Essen
+49.201.220.38-100
info@esforin.com
Contact Details of the Data Protection Officer
Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
Definitions
Our privacy policy is intended to be simple and understandable for everyone. In this privacy policy, the official terms of the General Data Protection Regulation (GDPR) are generally used. The official definitions are explained in Art. 4 GDPR.
Webhosting
This website is hosted by an external service provider (Mittwald GmbH). This website is hosted in Germany. Personal data collected on this website is stored on the hosts‘ servers. The collected data mainly includes IP addresses, contact requests, meta and communication data, website access and other data generated via a website.
We have concluded an order processing agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we oblige the provider to protect our customers‘ data and not to pass it on to third parties.
Access to and Storage of Information on Terminal Equipment
By using our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.
In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 (1) sentence 1, (2) no. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of § 25 para. 1 TTDSG with your consent in accordance with Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time for the future. The provisions of the DSGVO and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.
For further information on the processing of your personal data and the relevant legal bases in this context, please refer to the following sections on the specific processing activities on our website.
Server log files
When you access our website, it is technically necessary for data to be on our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
- Name and URL of the retrieved file
- Date and time of retrieval
- Data volume transferred
- Message about successful retrieval (HTTP response code)
- Browser type and browser version
- Operating system
- Referrer URL (i.e. the previously visited website)
- Websites that are called up by the user’s system via our website
- Internet service provider of the user
- IP address and the requesting provider
Â
We collect the listed data to ensure a smooth connection setup of the website and to enable comfortable use of our website by the users. In addition, the log file serves the evaluation of system security and stability as well as administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f GDPR.
For reasons of technical security, in particular, to defend against attempted attacks on our web server, this data is stored by us for a short period of time. Based on this data, it is not possible for us to draw conclusions about individual persons. After 90 days at the latest, the data is anonymized by shortening the IP address at the domain level so that it is no longer possible to establish a link to the individual user. In addition, the data is processed anonymously for statistical purposes, if necessary. This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.
Cookies
Our website uses so-called "cookies". Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself, or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behaviour or to display advertising.
Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time for the future. The legal basis may also arise from Art. 6 (1) lit. b GDPR, if the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures, which are carried out at the request of the data subject.
As far as cookies are used for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and obtain your consent.
You can set your browser to allow you to
- be informed about the setting of cookies
- allow cookies only in individual cases,
- exclude the acceptance of cookies for certain cases or in general,
- enable the automatic deletion of cookies when closing the browser.
Cookie settings can be managed under the following links for the respective
browsers:
You can also manage cookies of many companies and functions used for
advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called "do-not-track" function. When this feature is enabled, the respective browser tells advertising networks, websites, and applications that you do not want to be "tracked" for behavioural advertising and the like.
For information and instructions on how to edit this feature, depending on your browser provider, see the links below:
Additionally, you can prevent the loading of so-called scripts by default.
"NoScript" allows JavaScripts, Java and other plug-ins to run only on trusted
domains of your choice. Information and instructions on how to edit this feature
are available from your browser vendor (e.g. for Mozilla Firefox under: https://addons.mozilla.org/de/firefox/addon/noscript/).
Please note that if you disable cookies, the functionality of our website may be limited.
Change Cookie Settings
You can revoke or change your cookie settings at any time. To do this, call up the cookie settings again via this link .
External Links
Social networks (LinkedIn) are only integrated on our website as a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. User information is only transferred to the respective provider after the forwarding. For information on the handling of your personal data when using these websites, please refer to the respective data protection provisions of the providers you use.
Data Sharing and Recipients
A transfer of your personal data to third parties does not take place unless
- if we explicitly referred to this in the description of the respective data processing,
- if you have given your explicit consent to this accordance with Art. 6 (1) p.1 lit. a GDPR,
- the disclosure is necessary pursuant to Art. 6 (1) p. 1 lit. f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume you have an overriding legitimate interest in the non-disclosure of your data,
- in the event that there is a legal obligation for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c GDPR and
- as far as this is necessary for the processing of contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b GDPR. In addition, we use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with which we have concluded order processing agreements pursuant to Art. 28 GDPR, if necessary. These are bound by our instructions and are regularly monitored by us. These are, among others, service providers for hosting, sending e-mails and maintenance care of our IT systems, etc. The service providers will not disclose this data to third parties.
Contact Form and Contact by E-Mail
If you send us inquiries via the contact form or e-mail, your information from the inquiry form or your e-mail, including the personal data you provide there, will be stored by us to process the inquiry and in case of follow-up questions. The specification of an e-mail address and your first and last name are required to contact you. Your telephone number is voluntary. We will not pass on this data in any case without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR and, if applicable, Art. 6 (1) lit. b GDPR, if your request is aimed at concluding a contract. Your data will be deleted after the final processing of your request, provided that there are no legal obligations to retain data. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.
Newsletter
If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail as mandatory information.
Additional data may be provided in order to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.
We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, want to receive the newsletter in the future. With the confirmation, you give us consent pursuant to Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.
When registering for the newsletter, we store, in addition to the e-mail address required for sending, the IP address through which you registered for the newsletter, as well as the date and time of registration and confirmation, in order to be able to track possible misuse at a later date.
You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an e-mail to the responsible person named above. After unsubscribing, your e-mail address will be deleted immediately from our newsletter distribution list unless you have expressly consented to the continued use of the data collected or the continued processing is otherwise permitted by law.
Download one-pagers
Prerequisite for the utilisation of free services: We offer you the option of downloading a one-pager as a free service via our website. Consent pursuant to Art. 6 para. 1 lit. a GDPR to the sending of an e-mail with further information on ESFORIN's products and services may be made a condition for receiving the one-pager. You can revoke your consent at any time by sending an email to [email]. You will need to enter your email address in the download form on our website in order to receive the one-pager and other emails containing further information about ESFORIN's products and services.
The personal data processed in this context will be deleted when the purpose of the processing has been fulfilled or no longer applies or if you withdraw your consent.
Provision of information material about Paperflite
We use the content enablement software "Paperflite" from the provider Paperflite, Inc, 341 Raven Circle, Camden Wyoming, DE-19934, USA (hereinafter referred to as Paperflite) in our company.
With the help of Paperflite, we can offer prospective customers of our company and our existing customers suitable information material via an interface provided by Paperflite.
Sending the Paperflite link and calling up the landing page
If a prospective customer or customer gives us consent to do so in the course of a sales conversation or by other means, we will send them a personalized link by e-mail that leads to a website operated by Paperflite, where prospective customers or customers receive information tailored to them about Esforin's offers and services.
In order to send the link to the Paperflite interface, we process the e-mail address provided by the respective addressee for this purpose. When the Paperflite website is accessed, the IP address and other technical device information are also transmitted to Paperflite to establish the connection.
Tracking interactions on the Paperflite landing page
Paperflite also enables us to track how customers and interested parties interact with the Paperflite interface (e.g. by tracking click and open rates) in order to measure how successful the provision of information via Paperflite is.
The legal basis for the processing of personal data for the above-mentioned purposes is the voluntary consent of interested parties and customers in accordance with Art. 6 para. 1 lit. a GDPR. Consent to the processing of personal data can be revoked at any time without giving reasons by sending an email to datenschutz@esforin.com with effect for the future.
As personal data is transferred to Paperflite in the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and assurances from the recipient in the USA.
The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options to protect your privacy can be found in Paperflite's data protection information: https://www.paperflite.com/security-compliance
External services on the Paperflite landing page
Um alle Inhalte auf der Website von Paperflite richtig darstellen zu können, setzt Paperflite auf der Landingpage die Dienste von YouTube ein. Informationen zu der Datenverarbeitung von YouTube finden Sie im Punkt „YouTube“ unserer Website-Datenschutzerklärung.
Furthermore, "Google Fonts", a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google") is used on the Paperflite landing page. Google Fonts enables the use of external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by your web browser when you access the Paperflite landing page. This is necessary so that your browser can also display a visually improved presentation of the texts. If your browser does not support this function, a standard font from your computer will be used for display. These Google fonts are integrated by a server call, usually a Google server in the USA. This tells the server which page of our website you have visited. The IP address of the browser of the visitor's end device is also stored by Google.
Paperflite uses Google Fonts for optimization purposes, in particular to improve the use of the website for you and to make its design more user-friendly. The processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of the consent you have given. This consent can be revoked at any time with effect for the future.
As it is possible for Google to transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
Further information on data protection can be found in Google's privacy policy: http://www.google.de/intl/de/policies/privacy
Further information on Google Fonts can be found at https://fonts.google.com/
Chatbot with Landbot
We use the chatbot "Landbot" from the provider HELLO UMI S.L., Carrer de ParÃs, 82, Bajo 1, Derecha, CP 08029, Barcelona, Spain, on our website. We use Landbot to offer visitors to our website the opportunity to find out more about ESFORIN's services by answering specific questions, to download information material and, if they are interested in ESFORIN's services, to initiate contact with ESFORIN by entering their contact details.
For the technical integration of Landbot into our website, it is necessary that when you visit a subpage of our website on which Landbot is integrated, a connection to the Landbot servers is established and device information of the respective visitor (e.g. the IP address of the end device) is transmitted to the Landbot server.
Landbot continues to set cookies that are stored on the end devices of visitors to our website for the technical provision of the chatbot. Cookies are only stored on the basis of the prior consent of visitors to our website in accordance with Section 25 (1) TDDDG. Consent can be revoked at any time for the future by changing the settings in the cookie banner.
If a visitor to our website wishes to initiate contact with ESFORIN via Landbot, it is necessary to provide a name, the company name and, depending on the desired method of contact, an e-mail address or a telephone number. The data entered will then be stored by Landbot.
The legal basis for processing the data is our legitimate interest in responding to your enquiry in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your enquiry is aimed at concluding a contract. Your data will be deleted after final processing of your enquiry, provided that there are no statutory retention obligations to the contrary. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.
We have concluded an order processing agreement with the service provider, in which we oblige him to protect our customers‘ data and not to pass it on to third parties.
Sending Job Applications
If you apply to us via our contact form or by e-mail, we collect personal data. This includes, in particular, your contact data (such as first and last name, telephone number and e-mail address of the user) as well as other data provided by you regarding your career (e.g. resume, qualifications, degrees and work experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability. As a rule, your personal data is collected directly from you as part of the application process and encrypted during electronic transmission. The primary legal basis for this is Art. 6 (1) b GDPR in conjunction with Section 26 (1) BDSG. In addition, consent pursuant to Art. 6 Para. 1 lit. a, 7 GDPR in conjunction with § 26 Para. 2 BDSG can be used as a data protection permission provision. If the processing of your data is based on consent, you have the right to revoke the consent at any time with effect for the future.
Within our company, only those persons and departments (e.g. Human Resources) have access to your personal data that absolutely need it to carry out the application process or to fulfil our legal obligations. If necessary, your applications will be forwarded to the relevant responsible persons for review. Under no circumstances will your personal data be passed on to third parties without authorization.
Your data relating to an application for a specific job posting will be stored and processed by us during the ongoing application process. After completion of the application process (e.g. in the form of an acceptance or rejection), the application process, including all personal data, will be deleted from the system no later than six months after completion of the application process. You can revoke your consent at any time with effect for the future. An informal e-mail addressed to the contact person mentioned above is sufficient for this purpose. In the event of an acceptance, your application documents will be transferred to the personnel file.
Softgarden & career page
This part of the privacy policy applies to the ESFORIN SE career portal and applicant management system: Order processing
We use an applicant management system from softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin (contact: datenschutz@softgarden.de), which operates the applicant management as a processor within the meaning of Art. 4 No. 8 GDPR. A contract for order processing in accordance with Art. 28 GDPR has been concluded with the provider, which ensures compliance with data protection regulations.
We remain your first point of contact for exercising your rights as a data subject and for handling the application process. You can contact us directly using the details of the controller provided above or, if specified, contact the data protection officer in confidence.
Subject matter of data protection
The subject of data protection is the processing of personal data, in this case in the context of applicant management. According to Art. 4 No. 1 GDPR, this includes all information relating to an identified or identifiable natural person (hereinafter "data subject") that is necessary for the performance of the application process and the initiation of an employment relationship, Section 26 BDSG.
In addition, data associated with the use of the applicant management system is also collected, so-called usage data.Usage data is data that is required to operate our websites, such as information about the start, end and scope of use of our website, including login data. This processing complies with the provisions of data protection and telemedia law.
As part of the application process and/or the use of the system, processing activities may also take place that are carried out either on the basis of legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR or on the basis of your consent pursuant to Art. 6 para. 1 lit. a) GDPR. Processing activities for which there is a legal obligation to process or a public interest, Art. 6 para. 1 lit. c) and e) GDPR, such as in the context of criminal prosecution or investigation by state authorities, also come into consideration.You can determine and control the scope of processing yourself through individual settings in your web browser, the configuration of the corresponding cookie settings and your user behavior.
Collection and use of your data
Website visit
For operational and maintenance purposes and in accordance with the provisions of telemedia law, interaction is recorded ("system logs"), which are required for the operation of the website or processed for system security purposes, for example to analyze attack patterns or illegal usage behavior ("evidence function").
Your internet browser automatically transmits the following data when you access the career portal:
- Date and time of access,
- Browser type and version,
- operating system used,
- Amount of data sent.
- IP address of the access
This data is not used for direct allocation in the context of applicant management and is deleted again promptly in accordance with the legitimate retention periods, unless longer retention is required for legal or factual reasons, for example for evidence purposes. In individual cases, storage for the aforementioned purposes may be considered. The legal basis is Art. 6 para. 1 lit. f) GDPR and telemedia law.
Session cookies
We store so-called "cookies" in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. "Cookies are small files that are stored on your computer with the help of your Internet browser. If you do not wish cookies to be used, you can prevent them from being stored on your computer by making the appropriate settings in your Internet browser. Please note that this may limit the functionality and range of functions of our website.
We set the cookie JSESSIONID on the career site as a technically necessary session cookie. This stores a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. This session cookie is deleted when you log out or close the browser.
Data entered by the user
Application process
As part of the application process, you can set up and manage an account in the career portal after configuring your user name and password. In addition to the individual application, you can use other options in the softgarden applicant management system and make your individual settings (e.g. inclusion in a talent pool).
For an efficient and promising application, you can provide us with the following information as part of your application:Â
- Contact details (address, telephone number)
- Curriculum vitae data e.g.
- School education
- Vocational training
- Professional experience
- Language skills
- Profiles in social networks (e.g. XING, LinkedIn, Facebook)
- Documents in connection with applications (application photos, cover letters, certificates, references, work samples, etc.)Â
The legal basis for processing for the purposes of carrying out the application process and initiating an employment relationship is Section 26 (1) BDSG. In addition, the use of the applicant management system by the controller is in the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. If consent within the meaning of Art. 6 para. 1 lit. a) is required for a specific processing activity, this will be obtained separately and transparently from you by the controller, unless it results from conclusive and voluntary behavior on your part in accordance with the transparency requirement, such as voluntary participation in a video interview.
Forwarding of data
Your data will not be passed on to unauthorized third parties in the context of applicant management and will be processed for the purposes stated in this data protection declaration. Inspection by internal departments and specialist managers of the controller is in the legitimate interest, insofar as knowledge of the information from the application process is necessary and permissible for the selection of applicants or internal administrative purposes of the company. For this purpose, your data may be forwarded to third parties in the company by e-mail or within the management system. The legal basis may be § 26 para. 1 BDSG, Art. 6 para. 1 lit. f) and a) GDPR.
The transfer to third parties also takes place within the framework of order processing in accordance with Art. 28 GDPR, i.e. within the framework of processing activities in which the controller has a legitimate interest in outsourcing processing activities that it is otherwise entitled to carry out itself. For this purpose, the controller shall take measures to ensure compliance with data protection regulations.
Disclosure to external third parties may also take place for the defense of legal claims based on legitimate interest or in the context of the investigation of or disclosure to government agencies, insofar as this is required by law or there is an obligation to disclose. The information obligations towards data subjects within the meaning of Art. 13, 14 GDPR are ensured in advance of the relevant disclosure, insofar as these are to be fulfilled separately.
Feedback module
In addition to your application, we may ask you to submit your feedback after an interview and 3 months after you have been hired. We will send you an invitation link that will take you to the rating system to submit your feedback. The purpose of the processing is the further development and optimization of our recruiting and application processes as well as the company image.Â
The following data is processed automatically for this purpose:Â
- Contact details (name, e-mail)
- Position title of the job you have applied for
- Location of the position
- Job category
- Applicant identification
The feedback itself is stored anonymously in the database. No personal reference is made. In addition to a star rating for individual questions, you have the option of leaving comments here. We expressly ask you not to leave any personal data in the comments. The information collected in this way can be displayed together with your feedback on our review page or transmitted to external partners such as kununu.Â
Participation is purely voluntary and only takes place with your consent, without which it is not possible to provide feedback. The legal basis is Art. 6 para. 1 lit. a) GDPR.Â
Subscription to job advertisements "Job-Abo"
To be informed about new vacancies, you can subscribe to the job newsletter or view suitable vacancies on our career board (RSS feed). You can define your subscription in more detail by specifying the desired job and location. Â
To subscribe, you must also provide your email address. The legal basis for this is your consent to receive the newsletter in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter (opt-out).Â
No personal data is processed via the RSS feed itself to inform you about new job advertisements.
Salary statistics module "Salary statistics"
At various stages of the application process, softgarden will give you the opportunity to provide feedback on your salary expectations and the salaries offered to you.
The information transmitted is processed anonymously and without linking it to your name and contact details. softgarden processes this data anonymously for its own purposes (statistics, analysis, studies) and is responsible for this processing within the meaning of Art. 4 No. 7 GDPR. Â
Processing will only take place with your consent through participation and on a purely voluntary basis. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.Â
Social Share Buttons
It is possible to share the job advertisements on various social networks. Different buttons are provided for each network. After clicking on one of these buttons, you will be directed to the respective networks and will be taken to their login pages. These buttons are not plug-ins and do not transfer any personal data directly to the operators of the social networks.Â
The job advertisements can currently be shared on the following social networks:Â
- Facebook ( https://de-de.facebook.com/privacy/explanation )
- Twitter ( https://twitter.com/de/privacy)
- LinkedIn ( https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-join-privacy-policy )
- Xing ( https://privacy.xing.com/de/datenschutzerklaerung )
The legal basis is Art. 6 para. 1 lit. f) GDPR for statistical analysis and reach measurement of job advertisements.
You can also use the links provided to find out how the social networks mentioned process your personal data. We have no influence on the processing of your personal data by the social networks.
Easyfeedback" online surveys
At the end of the application process, softgarden may send you an invitation to a survey via a link. The survey takes place via a service of easyfeedback GmbH in order to query the application experience. softgarden conducts this survey as the controller within the meaning of Art. 4 No. 7 GDPR and processes the collected data anonymously for its own purposes (statistics, analysis, studies) and for the further development of softgarden products.Â
The collection of survey data is secured by SSL encryption as standard and softgarden does not establish any personal reference during the evaluation. The survey can be canceled at any time. The data processed up to the time of termination can be used for the stated purposes.Â
Your participation in the survey is purely voluntary and by participating you declare your consent, without which your participation is not possible, Art. 6 para. 1 lit. a) GDPR. The processing of the data for the purposes of evaluation is anonymized at softgarden. Â
You can find more information about easyfeedback's data protection in the following notes:Â https://easy-feedback.de/privacy/datenschutzerklaerung.Â
Talent pool
As part of your application or via the "Get in touch" button, you have the opportunity to recommend yourself for our talent pool. The processing is necessary in order to be automatically considered for further job advertisements, i.e. for similar or other suitable positions.Â
If you register for the talent pool using the "Get in touch" button, the following information will be requested:Â
- Salutation, academic title (optional)
- First name, last name, e-mail address
- Job fields of interest
- Current career level
- Preferred location(s)
- XING profile or curriculum vitae
Inclusion in the talent pool is purely voluntary with your consent and by using an opt-in link. The legal basis is Art. 6 para. 1 lit. a) GDPR. Furthermore, we will write to you after 12 months to ask whether you still wish to be part of the talent pool. Â
Video interview with Jitsi
We use a video conferencing service "Jitsi" integrated into the system to conduct conferences and interviews. A direct "peer-to-peer connection" is established between the participants so that no video interviews or personal data are recorded or stored by the system. The softgarden server only serves as an intermediary. Participation in a video interview is voluntary and is based on your consent, Art. 6 para. 1 lit. a GDPR, unless this is necessary to carry out the application, § 26 BDSG.Â
Registration Customer Portal
You have the option of registering for certain services provided on our website and thus creating a user profile (customer portal). In the course of registration and setup, we collect and use the following personal data:
- First and last name
- E-mail address
- Date and time of registration
Â
In addition, voluntary information can be provided (e.g. telephone number, etc.). Mandatory information provided for the purpose of registration is marked as mandatory in the input mask with an asterisk. With your user account, you will be given the opportunity to use further parts of our website and to log in for the offers you have purchased. The legal basis for data processing is Art. 6 para. 1 lit. a GDPR in the case of consent or Art. 6 para. 1 lit. b GDPR if the processing is necessary to provide the requested services. Your data will be deleted as soon as the user account on our website is deleted and insofar as no legal retention obligations exists. A change and/or deletion of their user account, including the data provided by you, can usually be made after a login directly in your user account or by sending a message to the responsible person mentioned in the introduction.
Google Analytics
Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies".
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website and compiling reports on website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the internet. The IP address sent by your browser as part of Google Analytics will not be combined with other Google data. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your consent.
We use Google Analytics only with enabled IP anonymization. This means that your IP address is only processed by Google in a shortened form.
We have concluded an order processing agreement with the service provider, in which we oblige him to protect our customers‘ data and not to pass it on to third parties.
As it is possible for Google to transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
The Google Analytics terms of use and information on data protection can be accessed via the following links:
http://www.google.com/analytics/terms/de.html
https://www.google.de/intl/de/policies/
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of user-level and event-level data linked to cookies, user identifiers (e.g., user ID), and advertising IDs), e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) takes place no later than 14 months after their collection.
You can prevent the storage of cookies by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case, you may not be able to use all functions of this website without restrictions. You can also prevent Google from collecting the data generated by the cookie and from analysing your use of the website (including your IP address) and from having this data processed by Google by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=de .
Leadforensics
We use the LeadForensics service of Lead Forensics Limited, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN on our website. With the help of the LeadForensics service, we are able to assign visitors to our website to companies that may be interested in our service.
For this purpose, a special JavaScript code is integrated on our website, via which the information that is transmitted to us by default from the visitor's end device when visiting our website is forwarded to LeadForensics. The following information in particular is affected by this:
- Date and time of the request
- Name of the requested file
- Page/URL from which the file was requested
- (Complete) IP address of the requesting computer
Â
The information submitted to LeadForensics is checked after submission against a LeadForensics database in which details of various companies are stored. If the information submitted can be assigned to a company from the LeadForensics database, we receive general information about the company concerned (company name, address of the company and telephone number).
The legal basis for the use of LeadForensics on our website is the voluntary consent of the users of our website in accordance with § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a DSGVO. Consent given can be revoked at any time by changing the setting in the cookie banner of our website accordingly.
The information provided to LeadForensics will be deleted by LeadForensics as soon as a match has not been found or until the purpose of the processing is fulfilled or no longer applicable.
Since the use of LeadForensics involves the transfer of information to LeadForensics servers in the United Kingdom, further protection mechanisms are required to ensure a level of data protection equivalent to the GDPR. For the United Kingdom, there is an adequacy decision of the EU Commission pursuant to Art. 45 (1), which certifies that the United Kingdom has an adequate level of data protection.
YouTube
On our website, we embed videos from "YouTube", a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). The legal basis for the processing of your personal data in this context is your consent given in accordance with Art. 6 para. 1 lit. a GDPR.
If the playback of embedded YouTube videos is started with your consent, a server call is made, usually to a Google server in the USA. This tells the server which page you have accessed and the IP address of the browser of the visitor's end device is transmitted to Google and stored by Google.
If you have given your consent, the provider "YouTube" also uses cookies to collect information about user behavior. According to information from "YouTube", these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your data may also be assigned to your account when you click on a video. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. Google stores this data as usage profiles and uses it for the purposes of advertising, market research and/or the needs-based design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly for this purpose.
As it is possible for Google to transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
Further information on data protection and data used by Google can be found on the following Google website: https://policies.google.com/privacy?hl=de&gl=de
Â
Google Maps
Our homepage uses the online map service provider Google Maps via an interface. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps, it is necessary to store your IP address.
Google uses cookies to collect information about user behavior. The legal basis for the processing of your personal data is your consent in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG.
As it is possible for Google to transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
For more information on the handling of user data, please see Google’s privacy policy:
https://www.google.de/intl/de/policies/privacy/Opt-out:Â https://www.google.com/settings/ads/
Letscast
For our podcast on this website, we use the podcast hosting service LetsCast.fm of Produktgenuss GmbH, Vereinsstraße 51, 20357 Hamburg.
Produktgenuss GmbH is a German company and stores the collected data in a DSGVO-compliant manner on servers in Germany. When using the podcast player, only information about the podcast episode, the IP address and the version of the browser and operating system are transmitted. The IP address is stored anonymously or pseudonymously in the LetsCast.fm database.
The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimisation of our podcast offer pursuant to Art. 6 Para. 1 lit. f. DSGVO.
For more information, please see the LetsCast.fm privacy policy: https://letscast.fm/privacy.
Data Security
We take appropriate technical and organizational measures in accordance with Article 32 of the GDPR, taking into account the state of technology, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
Duration of the Storage of Personal Data
The duration of the storage of personal data is measured by the relevant statutory retention periods (e.g. from commercial law and tax law). After the expiry of the respective period, the corresponding data is routinely deleted. If data is required for the fulfilment or initiation of a contract or if we have a legitimate interest in continuing to store it, the data will be deleted when it is no longer required for the purposes, or you have exercised your right of revocation or objection.
Your Rights
In the following, you will find information on which affected rights the applicable data protection law grants you regarding the responsible with regard to the processing of your personal data:
The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
The right to request the correction of inaccurate or incomplete personal data stored by us without undue delay in accordance with Art. 16 GDPR.
The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
The right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion, and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
The right, pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.
The right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.
The right to revoke the consent given in accordance with Art. 7 (3) GDPR: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right of Objection
Insofar as your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation.
If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to: datenschutz@esforin.com
Legal Obligations
The provision of personal data for the decision on the conclusion of a contract, the fulfilment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.
Automated Decision Making
Automated decision making or profiling according to Art. 22 GDPR does not take place.
Subject to Change
We reserve the right to adapt or update this data protection declaration if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.
Status of this data protection declaration: 16.11.2021