Processing of (personal) data by the entity in charge of the online application process
Overview
We provide you with this privacy policy, which relates exclusively to the data collected as part of the online application process, to inform you about how we handle your personal data collected as part of the application process.
General information
All parties mentioned here are connected to each other as the Steinbeis Group. As a result, we process some of your personal data jointly for group-wide purposes.
In order to safeguard your rights and in accordance with the requirements of the EU General Data Protection Regulation (‘GDPR’), we have concluded an agreement that sets out rules for the group-wide processing of your personal data. As so-called joint controllers (pursuant to Article 26 GDPR), the parties are jointly responsible for some processing of your data.
Below we answer the questions that are particularly important for you regarding processing under joint or sole responsibility.
Joint controllers and their contact details
The following parties of the Steinbeis Group are jointly or solely responsible for the processing activity
a) Steinbeis Holding GmbH
b) Steinbeis Papier GmbH
c) Steinbeis Energie GmbH
d) ES Concept GmbH
e) AP-Concept GmbH & Co. KG
f) Steinbeis PolyVert GmbH
g) Steinbeis PolyVert Fulda GmbH
h) Steinbeis Energie Papenburg GmbH
The central contact point for all companies in the Group is Steinbeis Papier GmbH: datenschutz@stp.de
The controller within the meaning of data protection law is
Steinbeis Holding GmbH
Joseph-Wild-Str. 13
81829 Munich
Phone: +49 89 5161777 - 0
Entry in the commercial register
Register number: HRB 6018
Register court: Munich local court
Data protection officer: datenschutz@stp.de
The above-mentioned joint controllers have the following tasks in relation to data processing:
Responsible parties | Role |
Steinbeis Papier GmbH | Single point of contact and centralised administration |
Steinbeis Papier GmbH | Personnel administration, admin and support and users |
Steinbeis Holding GmbH | Hosting of the system and users |
Steinbeis Energie GmbH | User |
EBS Concept GmbH | User |
Steinbeis PolyVert GmbH | User |
Steinbeis PolyVert Fulda GmbH | User |
Steinbeis Energie Papenburg GmbH | User |
Your central point of contact for rights, questions and the assertion of your rights
The above-mentioned parties have jointly agreed that you can contact Steinbeis Papier GmbH in particular to exercise the rights of data subjects pursuant to Articles 15-21 GDPR and to fulfil the information obligations pursuant to Articles 13 and 14 GDPR. Steinbeis Papier GmbH is at your disposal for all questions regarding the processing of your personal data in the context of this joint data processing. Of course, you can also contact any other sub-topic of the Group if it is easier for you.
You can also contact the Data Protection Officer of Steinbeis Papier GmbH, who can help you with any questions you may have:
Dipl.-Ing. Jörg Hagen
Jhcon Data Protection Consultancy
Königstraße 50 a
30175 Hanover
E-mail: info@jhcon.de
Personal data as part of the application process
Personal data is information about the personal or factual circumstances of an identified or identifiable natural person. This includes information such as your name, your address, your telephone number and your date of birth, but also data about your specific career, etc., which can be assigned to a specific person with reasonable effort. However, information that is not (in)directly associated with your real identity is not personal data.
Principles and purposes of processing personal data for applications and in the application process
If you apply to us electronically, i.e. by e-mail or via our web form, we will collect and process your personal data for the purpose of handling the application process and implementing pre-contractual measures.
By submitting an application on our recruiting page, you express your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application.
In particular, the following data will be collected
Name (first name and surname)
e-mail address
telephone number
You also have the option of uploading informative documents such as a cover letter, your CV and references. These may contain further personal data such as date of birth, address etc.
Only authorised employees from the HR department or employees involved in the application process have access to your data.
Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.
Your data will be stored for a period of 180 days after the end of the application process. This is usually done to fulfil legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical analyses (e.g. proportion of women or men in applications, number of applications per period, etc.).
In addition, we reserve the right to store your data for inclusion in our ‘talent pool’ for 180 days after the end of the application process in order to identify any other interesting positions for you. This also applies, for example, to applications for an apprenticeship or internship. By accepting the privacy policy, you consent to any further storage of your data and inclusion in our ‘talent pool’.
If you receive an offer of employment with us during the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.
Transfer of data to third parties
The data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel administration and applicant management software (https://www.personio.de/impressum/). Personio is our processor in this context in accordance with Art. 28 GDPR. The basis for the processing is an order processing contract between us as the controller and Personio.
Rights of data subjects
If personal data is processed by us as the controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing, in particular the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object (Art. 21 GDPR). If the processing of personal data is based on your consent, you have the right to revoke this data protection consent in accordance with Art. 7 III GDPR.
To assert your rights as a data subject with regard to the data processed in this online application process, please contact our data protection officer (see section 2).
Final provisions
We reserve the right to amend this privacy policy at any time to ensure that it always complies with current legal requirements or to reflect changes to the application process or similar. If you visit this recruitment page again or submit a new application, the new privacy policy will apply.
In addition to this privacy policy, you can view our general privacy policy at https://www.stp.de/datenschutz.
Processing of (personal) data by the operator of the recruiting site
General information
This recruiting site is operated by Personio SE & Co. KG, a company based in Germany that offers personnel administration and application management software (https://www.personio.com/legal-notice/). Data). The data transmitted as part of your application is transferred using TLS encryption and stored in a database. The company that carries out this online application process is solely responsible for this data within the meaning of Art. 24 GDPR. Personio is merely the operator of the software and this recruiting page and, in this context, a processor in accordance with Art. 28 GDPR. The basis for the processing by Personio is an order processing contract between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may also be personal data, in order to provide its services, in particular for the operation of this recruiting site. This is discussed in more detail below.
Responsible body
The controller within the meaning of data protection law is
Personio SE & Co. KG
Seidlstraße 3
80335 Munich
Phone: +49 (89) 1250 1004
Entry in the commercial register
Register number: HRA 115934
Register court: Munich Local Court
Data protection officer: privacy@personio.com
Access logs (‘server logs’)
Every time this recruiting page is accessed, general log data, so-called server logs, are automatically recorded. These data are generally pseudonyms and therefore do not allow any conclusions to be drawn about a natural person. Without this data, it would not be technically possible in some cases to deliver and display the content of the software. In addition, the processing of this data is absolutely necessary for security reasons, in particular for access, input, transfer and storage control. The anonymous information can also be used for statistical purposes and to optimise the service and technology. In addition, the log files can be subsequently checked and analysed in the event of suspected illegal use of the software. The legal basis for this can be found in Section 15 (1) of the German Telemedia Act (TMG) and Art. 6 (1) f GDPR. Data such as the domain name of the website, the web browser and the web browser version, the operating system, the IP address and the timestamp of access to the software are generally recorded. The scope of this logging does not exceed the usual scope of any other website on the Internet. The storage period of these access logs is up to 7 days. There is no right of objection.
Error logs
So-called error logs are created for the purpose of identifying and rectifying errors. This is absolutely necessary in order to be able to react as promptly as possible to possible problems in the presentation and implementation of content (legitimate interest). These data are generally pseudonyms and therefore do not allow any conclusions to be drawn about a natural person. The legal basis for this can be found in Section 15 (1) TMG and Art. 6 (1) f GDPR. If an error message occurs, general data such as the domain name of the website, the web browser and the web browser version, the operating system, the IP address and the timestamp when the corresponding error message/specification occurs are recorded. These error logs are stored for up to 7 days. There is no right of objection.
Use of cookies
In some cases, so-called cookies are used on this recruiting page. These are small text files that are stored on the device you use to access this recruiting site. Cookies are generally used to ensure security when visiting a website (‘absolutely necessary’), to implement certain functionalities such as standard language settings (‘functional’), to improve the user experience or performance on the website (‘performance’) or to display target group-based advertising (‘marketing’). On this recruiting page, only strictly necessary, functional and performance cookies are used, in particular to implement certain default settings such as the language, to identify the application channel or to analyse the performance of a job advertisement through which a user has reached this recruiting page. The use of cookies is absolutely necessary for the provision of our services and thus for the fulfilment of the contract (Art. 6 (1) b) GDPR). Storage duration: Up to 1 month or until the end of the browser session Right to object: You can use your browser settings to determine whether you want to allow cookies or object to the use of cookies. Please note that deactivating cookies may result in limited or completely disabled functionality of this recruiting site.
Rights of data subjects
If personal data is processed by Personio SE & Co. KG processes personal data as the controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing, in particular the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object (Art. 21 GDPR). If the processing of personal data is based on your consent, you have the right to revoke this data protection consent in accordance with Art. 7 III GDPR. To assert your rights as a data subject with regard to the data processed for the operation of this recruiting site, please contact the data protection officer of Personio SE & Co. KG (see section B.).
Final provisions
Personio reserves the right to amend this Privacy Policy at any time to ensure that it always complies with current legal requirements or to implement changes to the services in the Privacy Policy, e.g. when introducing new services. The new data protection declaration will then apply when you visit this recruiting page again or submit a new application.