Data Privacy Policy

Introduction and General Information

Thank you for your interest in our website. The protection of your personal data is very important to us. Below you will find information on the handling of your data that is collected through your use of our website. Your data will be processed in accordance with the statutory data protection regulations.

Responsible for GDPR

ESFORIN SE
Ruhrallee 201
45136 Essen
+49.201.220.38-100
info@esforin.com

Contact Details of the Data Protection Officer

Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de

Definitions

Our privacy policy should be simple and understandable for everyone. As a rule, the official terms of the General Data Protection Regulation (GDPR) are used in this privacy policy. The official definitions are explained in Art. 4 GDPR.

Webhosting

This website is hosted by an external service provider (Mittwald GmbH). This website is hosted in Germany Personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, website access and other data generated via a website.

We have concluded an order processing contract with the provider in accordance with the requirements of Art. 28 GDPR, in which we oblige the provider to protect our customers' data and not to pass it on to third parties.

Access to and Storage of Information on Terminal Equipment

By using our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of § 25 para. 1 sentence 1, para. 2 no. 2 TTDSG.

In cases in which such a process serves other purposes (e.g. the needs-based design of our website), this is only carried out on the basis of Section 25 (1) TTDSG with your consent in accordance with Art. 6 (1) (a) GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the German Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.

Server log files

When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

Name and URL of the retrieved file
Date and time of retrieval
Amount of data transferred
Message about successful retrieval (HTTP response code)
Browser type and browser version
Operating system
Referrer URL (i.e. the previously visited website)
Websites that are accessed by the user's system via our website
Internet service provider of the user
IP address and the requesting provider

We collect the listed data to ensure a smooth connection to the website and to enable users to use our website comfortably. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or log files is Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time. This data does not allow us to identify individual persons. After 90 days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data may also be processed in anonymized form for statistical purposes. At no time is this data stored together with other personal data of the user, compared with other databases or passed on to third parties.

Cookies

Our website uses so-called "cookies". Cookies are small text files that are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising.

Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time for the future. The legal basis may also arise from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

If cookies are used for analysis purposes, we will inform you about this separately in this privacy policy and obtain your consent.

You can set your browser so that you

be informed about the setting of cookies,
allow cookies only in individual cases,
exclude the acceptance of cookies for certain cases or in general,
activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for the respective browsers:

You can also manage cookies from many companies and functions that are used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called "do-not-track function". If this function is activated, the respective browser informs advertising networks, websites and applications that you do not wish to be "tracked" for the purpose of behavior-based advertising and the like.

Information and instructions on how to edit this function can be found under the following links, depending on your browser provider:

You can also prevent scripts from loading by default. "NoScript" only allows the execution of JavaScripts, Java and other plug-ins on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that the functionality of our website may be restricted if cookies are deactivated.

Change cookie settings

You can revoke or change your cookie settings at any time. To do this, call up the cookie settings again via this link .

External Links

Social networks (LinkedIn) are only integrated on our website as a link to the corresponding services. After clicking on the integrated text/image link, you will be redirected to the page of the respective provider. User information is only transferred to the respective provider after you have been forwarded. For information on the handling of your personal data when using these websites, please refer to the respective privacy policies of the providers you use.

Data transfer and recipients

Your personal data will not be transferred to third parties unless

if we explicitly referred to this in the description of the respective data processing,
if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and
insofar as this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In addition, we use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with whom we have concluded order processing contracts in accordance with Art. 28 GDPR if necessary. These are bound by our instructions and are regularly monitored by us. These include service providers for hosting, sending emails, maintenance and servicing of our IT systems, etc. The service providers will not pass this data on to third parties.

Contact Form and Contact by E-Mail

If you send us inquiries via the contact form or e-mail, your details from the inquiry form or your e-mail, including the personal data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. An e-mail address and your first name and surname are required for contact purposes, your telephone number is optional. We will never pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information.

Additional data may be provided in order to be able to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you our newsletter by e-mail if you have expressly confirmed to us that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive future newsletters. By confirming, you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of sending the desired newsletter.

When you register for the newsletter, in addition to the e-mail address required for sending the newsletter, we store the IP address you used to register for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later date.

You can unsubscribe from the newsletter at any time via the link included in every newsletter or by sending an email to the controller named above. Once you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the data collected or the continued processing is otherwise permitted by law.

Download one-pagers

Prerequisite for the use of free services: We offer you the option of downloading a one-pager as a free service via our website. Consent pursuant to Art. 6 para. 1 lit. a GDPR to the sending of an e-mail with further information on ESFORIN's products and services may be made a condition for receiving the one-pager. You can withdraw your consent at any time by sending an email to [email]. You will need to enter your email address in the download form on our website in order to receive the one-pager and other emails containing further information about ESFORIN's products and services.

The personal data processed in this context will be deleted when the purpose of the processing has been fulfilled or no longer applies or if you withdraw your consent.

Provision of information material about Paperflite

We use the content enablement software "Paperflite" from the provider Paperflite, Inc, 341 Raven Circle, Camden Wyoming, DE-19934, USA (hereinafter referred to as Paperflite) in our company.

With the help of Paperflite, we can offer prospective customers of our company and our existing customers suitable information material via an interface provided by Paperflite.

Sending the Paperflite link and calling up the landing page

If a prospective customer or customer gives us consent to do so in the course of a sales conversation or by other means, we will send them a personalized link by e-mail that leads to a website operated by Paperflite, where prospective customers or customers receive information tailored to them about Esforin's offers and services.

In order to send the link to the Paperflite interface, we process the e-mail address provided by the respective addressee for this purpose. When the Paperflite website is accessed, the IP address and other technical device information are also transmitted to Paperflite to establish the connection.

Tracking interactions on the Paperflite landing page

Paperflite also enables us to track how customers and interested parties interact with the Paperflite interface (e.g. by tracking click and open rates) in order to measure how successful the provision of information via Paperflite is.

The legal basis for the processing of personal data for the above-mentioned purposes is the voluntary consent of interested parties and customers in accordance with Art. 6 para. 1 lit. a GDPR. Consent to the processing of personal data can be revoked at any time without giving reasons by sending an email to datenschutz@esforin.com with effect for the future.

As personal data is transferred to Paperflite in the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and assurances from the recipient in the USA.

The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options to protect your privacy can be found in Paperflite's data protection information: https://www.paperflite.com/security-compliance

External services on the Paperflite landing page

In order to display all content on the Paperflite website correctly, Paperflite uses the services of YouTube on the landing page. Information on YouTube's data processing can be found in the "YouTube" section of our website privacy policy.

Furthermore, "Google Fonts", a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google") is used on the Paperflite landing page. Google Fonts enables the use of external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by your web browser when you access the Paperflite landing page. This is necessary so that your browser can also display a visually improved presentation of the texts. If your browser does not support this function, a standard font from your computer will be used for display. These Google fonts are integrated by a server call, usually a Google server in the USA. This tells the server which page of our website you have visited. The IP address of the browser of the visitor's end device is also stored by Google.

Paperflite uses Google Fonts for optimization purposes, in particular to improve the use of the website for you and to make its design more user-friendly. The processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of the consent you have given. This consent can be revoked at any time with effect for the future.

As it is possible for Google to transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on data protection can be found in Google's privacy policy: http://www.google.de/intl/de/policies/privacy
Further information on Google Fonts can be found at https://fonts.google.com/

Chatbot with Landbot

We use the chatbot "Landbot" from the provider HELLO UMI S.L., Carrer de París, 82, Bajo 1, Derecha, CP 08029, Barcelona, Spain, on our website. With Landbot, we offer visitors to our website the opportunity to find out more about ESFORIN's services by answering specific questions, to download information material and, if they are interested in ESFORIN's services, to initiate contact with ESFORIN by entering their contact details.

For the technical integration of Landbot into our website, it is necessary that when you visit a subpage of our website on which Landbot is integrated, a connection to the Landbot servers is established and device information of the respective visitor (e.g. the IP address of the end device) is transmitted to the Landbot server.

Landbot continues to set cookies that are stored on the end devices of visitors to our website for the technical provision of the chatbot. Cookies are only stored on the basis of the prior consent of visitors to our website in accordance with Section 25 (1) TDDDG. Consent can be revoked at any time for the future by changing the settings in the cookie banner.

If a visitor to our website wishes to initiate contact with ESFORIN via Landbot, it is necessary to provide a name, the company name and, depending on the desired method of contact, an e-mail address or telephone number. The data entered will then be stored by Landbot.

The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal retention obligations to the contrary. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.

We have concluded an order processing contract with the service provider in which we oblige it to protect our customers' data and not to pass it on to third parties.

Sending applications

If you apply to us via our contact form or by e-mail, we collect personal data. This includes in particular your contact details (such as first and last name, telephone number and e-mail address of the user) as well as other data provided by you about your background (e.g. CV, qualifications, degrees and professional experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. details of a severe disability). As a rule, your personal data is collected directly from you as part of the application process and encrypted during electronic transmission. The primary legal basis for this is Art. 6 para. 1 b GDPR in conjunction with Section 26 para. 1 BDSG. In addition, consent pursuant to Art. 6 para. 1 lit. a, 7 GDPR in conjunction with Section 26 para. 2 BDSG can be used as a data protection authorization provision. If the processing of your data is based on consent, you have the right to withdraw your consent at any time with effect for the future.

Within our company, only those persons and departments (e.g. Human Resources) have access to your personal data that absolutely need it to carry out the application process or to fulfill our legal obligations. If necessary, your application will be forwarded to the responsible person for review. Under no circumstances will your personal data be passed on to third parties without authorization.

Your data relating to an application for a specific job advertisement will be stored and processed by us during the ongoing application process. After completion of the application process (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after completion of the application process. You can revoke your consent at any time with effect for the future. An informal e-mail to the contact details of the controller listed above is sufficient for this purpose. If you are accepted, your application documents will be transferred to your personnel file.

Softgarden & career page

This part of the privacy policy applies to the ESFORIN SE career portal and applicant management system: Order processing

We use an applicant management system from softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin (contact: datenschutz@softgarden.de), which operates the applicant management as a processor within the meaning of Art. 4 No. 8 GDPR. A contract for order processing in accordance with Art. 28 GDPR has been concluded with the provider, which ensures compliance with data protection regulations.

We remain your first point of contact for exercising your rights as a data subject and for handling the application process. You can contact us directly using the details of the controller provided above or, if specified, contact the data protection officer in confidence.

Subject matter of data protection

The subject of data protection is the processing of personal data, in this case in the context of applicant management. According to Art. 4 No. 1 GDPR, this includes all information relating to an identified or identifiable natural person (hereinafter "data subject") that is necessary for the performance of the application process and the initiation of an employment relationship, Section 26 BDSG.

In addition, data associated with the use of the applicant management system is also collected, so-called usage data. Usage data is data that is required to operate our websites, such as information about the start, end and scope of use of our website, including login data. This processing complies with the provisions of data protection and telemedia law.

As part of the application process and/or the use of the system, processing activities may also take place that are carried out either on the basis of legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR or on the basis of your consent pursuant to Art. 6 para. 1 lit. a) GDPR. Processing activities for which there is a legal obligation to process or a public interest, Art. 6 para. 1 lit. c) and e) GDPR, such as in the context of criminal prosecution or investigation by state authorities, also come into consideration. You can determine and control the scope of processing yourself through individual settings in your web browser, the configuration of the corresponding cookie settings and your user behavior.

Collection and use of your data

Website visit

For operational and maintenance purposes and in accordance with the provisions of telemedia law, interaction is recorded ("system logs"), which are required for the operation of the website or processed for system security purposes, for example to analyze attack patterns or illegal usage behavior ("evidence function").

Your internet browser automatically transmits the following data when you access the career portal:

Date and time of access,
Browser type and version,
operating system used,
Amount of data sent.
IP address of the access

This data is not used for direct allocation in the context of applicant management and is deleted again promptly in accordance with the legitimate retention periods, unless longer retention is required for legal or factual reasons, for example for evidence purposes. In individual cases, storage for the aforementioned purposes may be considered. The legal basis is Art. 6 para. 1 lit. f) GDPR and telemedia law.

Session cookies

We store so-called "cookies" in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. "Cookies are small files that are stored on your computer with the help of your Internet browser. If you do not wish cookies to be used, you can prevent them from being stored on your computer by making the appropriate settings in your Internet browser. Please note that this may limit the functionality and range of functions of our website.

We set the cookie JSESSIONID on the career site as a technically necessary session cookie. This stores a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. This session cookie is deleted when you log out or close the browser.

Data entered by the user

Application process

As part of the application process, you can set up and manage an account in the career portal after configuring your user name and password. In addition to the individual application, you can use other options in the softgarden applicant management system and make your individual settings (e.g. inclusion in a talent pool).

For an efficient and promising application, you can provide us with the following information as part of your application:

Contact details (address, telephone number)
Curriculum vitae data e.g.
- School education
- Vocational training
- Professional experience
- Language skills
Profiles in social networks (e.g. XING, LinkedIn, Facebook)
Documents in connection with applications (application photos, cover letters, certificates, references, work samples, etc.)

The legal basis for processing for the purposes of carrying out the application process and initiating an employment relationship is Section 26 (1) BDSG. In addition, the use of the applicant management system by the controller is in the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. If consent within the meaning of Art. 6 para. 1 lit. a) is required for a specific processing activity, this will be obtained separately and transparently from you by the controller, unless it results from conclusive and voluntary behavior on your part in accordance with the transparency requirement, such as voluntary participation in a video interview.

Forwarding of data

Your data will not be passed on to unauthorized third parties in the context of applicant management and will be processed for the purposes stated in this data protection declaration. Inspection by internal departments and specialist managers of the controller is in the legitimate interest, insofar as knowledge of the information from the application process is necessary and permissible for the selection of applicants or internal administrative purposes of the company. For this purpose, your data may be forwarded to third parties in the company by e-mail or within the management system. The legal basis may be § 26 para. 1 BDSG, Art. 6 para. 1 lit. f) and a) GDPR.

The transfer to third parties also takes place in the context of order processing in accordance with Art. 28 GDPR, i.e. in the context of processing activities in which the controller has a legitimate interest in outsourcing processing activities that it is otherwise entitled to carry out itself. For this purpose, the controller shall take measures to ensure compliance with data protection regulations.

Disclosure to external third parties may also take place for the defense of legal claims based on legitimate interest or in the context of the investigation of or disclosure to government agencies, insofar as a law prescribes this or there is an obligation to disclose. The information obligations towards data subjects within the meaning of Art. 13, 14 GDPR are ensured in advance of the relevant disclosure, insofar as these are to be fulfilled separately.

Feedback module

As a follow-up to your application, we may ask you to submit your feedback after an interview and 3 months after you have been hired. We will send you an invitation link that will take you to the rating system to submit your feedback. The purpose of the processing is the further development and optimization of our recruiting and application processes as well as the company image.

The following data is processed automatically for this purpose:

Contact details (name, e-mail)
Position title of the job you have applied for
Location of the position
Job category
Applicant identification

The feedback itself is stored anonymously in the database. No personal reference is made. In addition to a star rating for individual questions, you have the opportunity to leave comments here. We expressly ask you not to leave any personal data in the comments. The information collected in this way can be displayed together with your feedback on our review page or transmitted to external partners such as kununu.

Participation is purely voluntary and only takes place with your consent, without which it is not possible to provide feedback. The legal basis is Art. 6 para. 1 lit. a) GDPR.

Subscription to job advertisements "Job-Abo"

To be informed about new vacancies, you can subscribe to the job newsletter or view suitable vacancies on our career board (RSS feed). You can define your subscription in more detail by specifying the desired job and location.

To subscribe, you must also provide your email address. The legal basis for this is your consent to receive the newsletter in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter (opt-out).

No personal data is processed via the RSS feed itself to inform you about new job advertisements.

Salary statistics module "Salary statistics"

At various stages of the application process, softgarden will give you the opportunity to provide feedback on your salary expectations and the salaries offered to you.

The information transmitted is anonymized and processed without linking it to your name and contact details. softgarden processes this data anonymously for its own purposes (statistics, analysis, studies) and is responsible for this processing within the meaning of Art. 4 No. 7 GDPR.

Processing will only take place with your consent through participation and on a purely voluntary basis. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.

Social Share Buttons

It is possible to share the job advertisements on various social networks. Different buttons are provided for each network. After clicking on one of these buttons, you will be directed to the respective networks and will be taken to their login pages. These buttons are not plug-ins and do not transfer any personal data directly to the operators of the social networks.

The job advertisements can currently be shared on the following social networks:

Facebook ( https://de-de.facebook.com/privacy/explanation )
Twitter ( https://twitter.com/de/privacy)
LinkedIn ( https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-join-privacy-policy )
Xing ( https://privacy.xing.com/de/datenschutzerklaerung )

The legal basis is Art. 6 para. 1 lit. f) GDPR for statistical analysis and reach measurement of job advertisements.

You can also use the links provided to find out how the social networks mentioned process your personal data. We have no influence on the processing of your personal data by the social networks.

Easyfeedback" online surveys

At the end of the application process, softgarden may send you an invitation to a survey via a link. The survey takes place via a service of easyfeedback GmbH in order to query the application experience. softgarden conducts this survey as the controller within the meaning of Art. 4 No. 7 GDPR and processes the collected data anonymously for its own purposes (statistics, analysis, studies) and for the further development of softgarden products.

The collection of survey data is secured by SSL encryption as standard and softgarden does not establish any personal reference during the evaluation. The survey can be canceled at any time. The data processed up to the time of termination can be used for the stated purposes.

Your participation in the survey is purely voluntary and by participating you declare your consent, without which your participation is not possible, Art. 6 para. 1 lit. a) GDPR. The processing of the data for the purposes of evaluation is anonymized at softgarden.

You can find more information about easyfeedback's data protection in the following notes: https://easy-feedback.de/privacy/datenschutzerklaerung.

Talent pool

As part of your application or via the "Get in touch" button, you have the opportunity to recommend yourself for our talent pool. The processing is necessary in order to be automatically considered for further job advertisements, i.e. for similar or otherwise suitable positions.

When you register for the talent pool using the "Get in touch" button, the following information is requested:

Salutation, academic title (optional)
First name, last name, e-mail address
Job fields of interest
Current career level
Preferred location(s)
XING profile or curriculum vitae

Inclusion in the talent pool is purely voluntary with your consent and by using an opt-in link. The legal basis is Art. 6 para. 1 lit. a) GDPR. Furthermore, we will write to you after 12 months to ask whether you still wish to be part of the talent pool.

Video interview with Jitsi

We use a video conferencing service "Jitsi" integrated into the system to conduct conferences and interviews. A direct "peer-to-peer connection" is established between the participants so that no video interviews or personal data are recorded or stored by the system. The softgarden server only serves as an intermediary. Participation in a video interview is voluntary and is based on your consent, Art. 6 para. 1 lit. a GDPR, unless this is necessary to carry out the application, § 26 BDSG.

Registration Customer Portal

You have the option of registering for certain services provided on our website and thus creating a user profile (customer portal). We collect and use the following personal data as part of the registration and setup process:

First and last name
E-mail address
Date and time of registration

In addition, voluntary information can be provided (e.g. telephone number etc.). Mandatory information provided for the purpose of registration is marked with an asterisk as a mandatory field in the input mask. Your user account gives you the opportunity to use other parts of our website and to log in to the offers you have purchased. The legal basis for data processing with consent is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR, provided that the processing is necessary for the provision of the desired services. Your data will be deleted as soon as the user account on our website is deleted and insofar as there are no statutory retention obligations. You can usually change and/or delete your user account, including the data you have provided, directly in your user account after logging in or by sending a corresponding message to the controller named at the beginning.

Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies".

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website and compiling reports on website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the internet. The IP address sent by your browser as part of Google Analytics will not be combined with other Google data. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your consent.

We only use Google Analytics with activated IP anonymization. This means that your IP address is only processed by Google in abbreviated form.

We have concluded an order processing contract with the service provider in which we oblige it to protect our customers' data and not to pass it on to third parties.

The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/de.html

https://www.google.de/intl/de/policies/

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Data at user and event level that is linked to cookies, user identifiers (e.g. user ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) is deleted no later than 14 months after it is collected.

You can prevent the storage of cookies by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and from analyzing your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=de is available.

Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user's IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it will remain in place for all tracking tags if they are implemented with Google Tag Manager.

We use Google Tag Manager on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Google Fonts

We integrate the "Google Fonts" service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, on our websites. In the European Union (EU) and the European Economic Area (EEA), the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of the data processing and the purpose

"Google Fonts" enables us to use web fonts. For this purpose, the required Google fonts are loaded from your web browser into your browser cache when you access our website. This is necessary so that your browser can also display a visually improved presentation of our texts. If your browser does not support this function, a standard font will be used by your computer for display.

Since Google Fonts is provided by Google and reloaded from its servers when the page is accessed, the usage data technically required to access the page is also transmitted. In this respect, Google also receives your IP address, which is technically required to retrieve the content.

Cookies and similar technologies, in particular JavaScript, may be used to store and read data on your end device. Further details can be found above under "Access to and Storage of Information on Terminal Equipment".

The purpose of data processing and our legitimate interest lie in making our website more visually appealing for you.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform.

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 para. 1 sentence 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your revocation, please use the link "Cookie settings" at the bottom of the web page to access the Consent Management Platform again and change your settings.

Receiver

When using the service, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

Further information on the handling of personal data by the provider of the service can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

Your data will be transferred to Google LLC in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission in relation to companies with certification under the EU-U.S. Data Privacy Framework. The Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework.

Storage duration

By integrating the service on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes. No further storage of the data processed by the service and made available to us in our own systems takes place.

Leadforensics

We use the LeadForensics service of Lead Forensics Limited, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN, on our website. With the help of the LeadForensics service, we are able to assign visitors to our website to companies that may be interested in our services.

For this purpose, a special JavaScript code is integrated on our website, via which the information that is transmitted to us by default when visiting our website from the visitor's end device is forwarded to LeadForensics. The following information in particular is affected by this:

Date and time of the request
Name of the requested file
Page/URL from which the file was requested
(Complete) IP address of the requesting computer

The information transmitted to LeadForensics is compared after transmission with a LeadForensics database in which information on various companies is stored. If the transmitted information can be assigned to a company from the LeadForensics database, we receive general information about the company concerned (company name, company address and telephone number).

The legal basis for the use of LeadForensics on our website is the voluntary consent of the users of our website in accordance with Section 25 (1) sentence 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. Consent given can be revoked at any time by changing the setting in the cookie banner on our website.

The information transmitted to LeadForensics will be deleted by LeadForensics as soon as a comparison has not resulted in a match or until the purpose of the processing has been fulfilled or no longer applies.

Since the use of LeadForensics involves the transfer of information to LeadForensics servers in the United Kingdom, further protection mechanisms are required to ensure a level of data protection equivalent to the GDPR. For the United Kingdom, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1), which certifies that the United Kingdom has an adequate level of data protection.

YouTube

On our website, we embed videos from "YouTube", a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). The legal basis for the processing of your personal data in this context is your consent given in accordance with Art. 6 para. 1 lit. a GDPR.

If the playback of embedded YouTube videos is started with your consent, a server call is made, usually to a Google server in the USA. This tells the server which page you have accessed and the IP address of the browser of the visitor's end device is transmitted to Google and stored by Google.

If you have given your consent, the provider "YouTube" also uses cookies to collect information about user behavior. According to information from "YouTube", these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your data may also be assigned to your account when you click on a video. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. Google stores this data as a user profile and uses it for the purposes of advertising, market research and/or the needs-based design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly for this purpose.

Further information on data protection and the use of data by Google can be found on the following Google website: https://policies.google.com/privacy?hl=de&gl=de

Google Maps

Our website uses the online map service provider Google Maps via an interface. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to save your IP address.

Google uses cookies to collect information about user behavior. The legal basis for the processing of your personal data is your consent in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG.

Further information on the handling of user data can be found in Google's privacy policy:

https://www.google.de/intl/de/policies/privacy/Opt-out: https://www.google.com/settings/ads/

Letscast

On our websites, we integrate the "LetsCast.fm" service of Produktgenuss GmbH Vereinsstraße 51, 20357 Hamburg, Germany.

"LetsCast" is a podcast tool that enables the integration of podcasts created by us on our website. For this purpose, integrated podcasts and corresponding preview images are loaded from your web browser into your browser cache via Java Script when you call up a subpage of our website for a podcast episode. Personal data such as IP address and your interactions with the podcast are processed in order to play the desired podcast.

The provision of the podcast via the provider's server enables us to deliver podcasts with a large amount of data quickly without a longer loading time and to conserve the limited resources of our own web server. In this way, we can ensure the performance of our websites every time they are accessed.

The purpose of data processing is to make our website visually appealing for you and efficient and resource-saving for us.

Data processing in the context of LetsCast takes place only and exclusively when you visit a subpage of our website in which a podcast is integrated via LetsCast.

The legal basis for the integration and use of the service is our legitimate interest in the optimized delivery of our podcasts on our website in accordance with Art. 6 para. 1 lit. f GDPR.

When using the service, the data collected via our websites is transmitted to the following recipients:

LetsCast fm, Produktgenuss GmbH, Vereinsstraße 51, 20357 Hamburg, Germany

Further information on the handling of personal data by the provider of the service can be found at Privacy | LetsCast.fm

Data is not transferred to third countries in connection with the use of LetsCast.

By integrating the service on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes.

No further storage of the data processed by the service and made available to us in our own systems takes place.

Compliance

In order to be able to manage consents on our website in compliance with data protection regulations, we use the "Complianz" software solution from Complianz BV, CoC 717814475, Kalmarweg 14-5, 9723 JG, Groningen (NL).

When visiting our website, essential cookies are stored in the user's browser, in which the consent given or the revocation of consent is stored together with the time of granting/refusal.

With Complianz, we provide you with a so-called cookie banner, which you can use to give us your consent to the use of cookies and other website services and functions. The cookie banner informs you about the use of cookies and other website services and functions when you visit our website for the first time and asks for your consent to the use of cookies and other website services and functions. Until you give your consent, all processes requiring consent that we use on our website are automatically blocked. You have the option of rejecting unwanted cookies via the cookie banner and still continuing to use the website.

The purpose of data processing and our legitimate interest lie in being able to centrally control cookies and similar technologies and integrated services on our website and to offer you an easy way to give and revoke your declarations of consent in order to fulfill our legal obligations to obtain consent and our accountability pursuant to Art. 5 para. 2 GDPR.

We do not use the user data collected by the cookies to create user profiles. If we use cookies and similar technologies as part of the integration of the service or if data is stored on your end device or read from there by the service, this is done in accordance with Section 25 (2) No. 2 TDDDG. Subsequent data processing takes place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.

We use Complianz locally, so no personal data is passed on to the provider of Complianz.

The data collected and cookies set are stored for 12 months as standard or are deleted if you ask us to delete them or delete the Complianz cookies yourself. Mandatory statutory retention periods remain unaffected. Details on data processing by Complianz can be found at Further information can be found on the Complianz website https://complianz.io/privacy-statement/

Data Security

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Duration of the Storage of Personal Data

The duration of the storage of personal data is based on the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for contract fulfillment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if it is no longer required for these purposes or if you exercise your right of revocation or objection.

Your Rights

Below you will find information on the data subject rights granted to you by the applicable data protection law vis-à-vis the controller with regard to the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

The right to demand the immediate correction of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR.

The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you dispute the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

The right, pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller.

The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.

The right to withdraw consent granted in accordance with Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right of Objection

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the requirement to specify a particular situation.

If you would like to exercise your right of revocation or objection, simply send an e-mail to datenschutz@esforin.com

Legal Obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide such personal data that is necessary for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

Automated Decision Making

Automated decision-making or profiling in accordance with Art. 22 GDPR does not take place.

Subject to change

We reserve the right to adapt or update this privacy policy if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.

Status of this privacy policy: November 2025