1. General information, responsible body and legal framework
1.2 Responsible bodyThe controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
The responsible body within the meaning of the Data Protection Act is:
Digital Vikings GmbH
If you have any questions about the processing of your personal data by us or about data protection in general, please contact us directly. You can reach us at the above address or by email at firstname.lastname@example.org.
(a) personal data means any information relating to an identified or identifiable natural person (hereinafter 'data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(b) data subject means any identified or identifiable natural person whose personal data are processed by the controller.
(c) 'processing' means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
d) restriction of processing means the marking of stored personal data with the aim of limiting their future processing.
(e) profiling means any automated processing of personal data which consists in using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
(f) pseudonymization means the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
(g) 'controller' means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
h) processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of and in accordance with the instructions of the controller pursuant to Art. 28 GDPR.
(I) recipient means a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
j) third party means a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
(k) 'consent' means any freely given specific and informed indication of the data subject's wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to personal data relating to him or her being processed.
2. General information on data processing (processing of publicly available data by the data controller, informational use of the website, technical background, cookies, etc.).We collect and process the personal data mentioned below for the purposes stated below, based on the legal grounds and for the duration stated therein.
2.1 Data processing through headhunting activities for publicly available dataIf you have provided personal data about yourself or have had such data provided in publicly visible places on the Internet, in particular on professional networking services, such as XING or LinkedIn, it may be that you come to our attention but that we are unable to place you in a specific vacancy. Nevertheless, we may wish to draw your attention to a suitable vacancy with one of our clients in the future or place you in a new professional environment within the framework of the information mentioned in sections 3 to 5, therefore we process the publicly available data further and, in particular, store job-related information in an internally managed database. This is necessary and is done for the purpose of being able to contact you in the event of further vacancies in line with your interests, i.e. based on our legitimate interest pursuant to Art. 6 (1) f) GDPR, if applicable in conjunction with Art. 9 (2) e) GDPR. The legitimate interest of the controller is based on the fact that it is generally available, publicly viewable data that is regularly processed for - for you - positive, useful purposes, namely career development. Partly because we ourselves have an interest in keeping our data up to date, outdated data or data that are no longer publicly viewable are reviewed and deleted after a specified maximum deletion cycle of three (3) years.
2.2 Informational use of our websiteThe provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP adress
The collection of this data is based on Art. 6 (1) f) GDPR. The website operator has a legitimate interest in the technically error-free and optimal presentation of its website - for this purpose, the server log files must be collected.
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide or have provided - e.g. in professional networks - further personal data that we use to provide the respective service and for which the data processing principles mentioned here apply.
2.3 SSL or TLS encryption; technical note on email communicationFor security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
We would like to point out that data transmission via unencrypted email can have security gaps and recommend that you choose a secure transmission channel, especially for sensitive content.
Some elements of our website require that the calling browser can be identified even after a page change, so that technically necessary cookies are set. By technically necessary cookies we mean cookies without which the technical provision of the online offer or certain functions of the online offer cannot be guaranteed.br/>
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) f) GDPR.
The legal basis for the processing of personal data using cookies for analysis and marketing purposes etc. (technically unnecessary cookies) is Art. 6 (1) a) GDPR if the user has given his or her consent in this regard. Furthermore, Art. 6 (1) f) GDPR is an additional legal basis.
Cookies are stored on the user's computer and transmitted from it to our site. Some of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (so-called persistent cookies). Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie.
You can find the duration of the respective cookie storage in the overview of the cookie settings of your web browser or in the following overview.
2.5 Contacting us sWhen you contact us by email or via our general contact form on the website, the data you provide will be stored by us to answer your enquiry. The provision of certain truthful data is required to process your enquiry; further information is voluntary. The mandatory data that we need to answer your enquiry are marked as such in the form; the other data are provided voluntarily. The processing of the above data is based on your consent, which you have expressed by contacting us, in accordance with Art. 6 (1) a) GDPR and, insofar as special categories of personal data (e.g. health data or other "sensitive" data) are concerned, in accordance with Art. 9 (2) a) GDPR. The personal data collected will be deleted immediately after completion of your request, unless it is required for the initiation or execution of a contract (including a recruiting relationship or similar) with you pursuant to Art. 6 (1) b) GDPR.
For specific enquiries in the context of a (potential) application or recruiting process, please also refer to the further information under sections 3 to 5.
2.6 Recipient group; third country transferWithin our company, the departments responsible for processing the requests have access to your data. In addition, we use external service providers, in particular order processors, insofar as we cannot, or cannot reasonably, perform services ourselves. These external service providers are primarily providers of IT services and telecommunications services. If certain service providers are explicitly mentioned, you will also find further information in the [linked] data protection declarations of the service providers..
A transfer to third countries only takes place in exceptional cases and within the framework of Art. 44ff. GDPR; in particular if this should be required by law or you have given us your consent to do so (Art. 49 GDPR).
2.7 MinorsPersons under the age of 16 may not transmit personal data to us or submit declarations of consent without the consent of their legal guardians. We would like to urge parents and guardians and minors to comply with the provisions of the GDPR and not to circumvent any age restrictions.
3. Special notes on data processing in the recruiting process, multiple data controllers
3.1 Purposes of processing, categories of personal data and initial contactWe process the application or candidate data outlined in this section for the purposes and to the extent outlined below. The focus of the data processing is the placement in a contractual relationship (primarily but not exclusively employment relationships) with one of our clients (recruiting company). Alternatively, it may also be about the inclusion in our applicant database or CRM system; the latter also takes place with the long-term objective of placing you in a new professional environment.
In particular, the following categories of data may be processed:
- General personal data (name, address and other contact data, application photo, dates of birth, nationality, marital status, other (possibly also sensitive) data disclosed to us by you)
- Job-related data (professional contact details, current position, competences/responsibilities, current employer, current remuneration, period of notice, blocking notes)
- Experience-related data (previous positions and employers, school and academic education, vocational training, experience, knowledge)
- Future-related data (wishes and ideas, assessments, conceivable areas of application, mediation ideas)
- Other data (information focusing on your professional life that is publicly available via social media services (e.g. XING, Google, LinkedIn, Experteer, etc.) or otherwise on the Internet that could be relevant to your qualification for a specific vacancy)
a) If you approach us proactively, we process the data you provide as part of the initial contact.
In addition to the application data you provide directly to us, we may also research your personal data in publicly accessible sources (especially on the Internet). This is based on the search for your name using relevant search engines, such as DuckDuckGo, Google, Ecosia or Bing, as well as, above all, using job-related social networks, such as XING or LinkedIn. This includes both professional and personal information. As far as we find information helpful or useful, we store it with your candidate data. The better we know you, the greater the chances of a successful placement.
b) Insofar as the initial contact is not proactive on your part, contact may be made via the relevant job-related social networks. Which of your data we have access to in this respect depends on your respective profile settings. With the help of the profile settings in the job-related social networks, you yourself decide on the release of your data stored there.
You will notice via which platform we have become aware of you by the way we have chosen for the initial contact. We predominantly use the internal messaging systems of job-related social networks. Incidentally, we do not tend to use private social networks in our search for suitable top executives for the positions we fill.
Should further contact develop between us, the following principles apply to the handling of your data.
3.2 Further data processing by the controller; legal basis for data processingWe treat and process all information requested by us (CV, certificates, proof of qualifications) as application data, along with any other information (e.g. information provided in telephone interviews, in personal interviews or on the occasion of a trade fair contact or information that can be viewed publicly). This is done based on Art. 6 (1) b) GDPR for the contractual or pre-contractual purposes outlined above.
The provision of certain truthful data is necessary to process your request; further information (in particular the submission of a photo) is voluntary.
As far as special categories of personal data are concerned (e.g. health data, trade union or religious affiliation, or other "sensitive" data), the processing is based on your consent pursuant to Art. 9 (2) a) GDPR, which you have expressed by communicating these data.
The processed personal data will be deleted if the processing is no longer necessary for the fulfilment of the contract or if you ask us to delete the data within the framework of the assertion of your data subject rights (cf. section 4). Once a position has been filled, this is usually done no later than six (6) months after we have been notified of the recruitment, unless there are longer retention obligations (in particular of a tax nature). If we are not notified in this way or if we do not recruit, a longer storage period of up to eighteen (18) months from the last individual contact with you may be necessary in individual cases based on our legitimate interests pursuant to Art. 6 (1) f) GDPR - in particular to enforce a fee claim against our client (recruiting company).
If you indicate your willingness to be included in our candidate database, the processing and the processing period will be governed by the principles set out in section 3.4.
3.3 Disclosure of personal data to potential employers and joint accountabilityTo fulfil the above-mentioned purposes, it is also necessary to pass on your data to our clients (recruiting companies) as your potential new employers. For this purpose, we will - unless you make use of the data subject rights described in section 3.4 - pass on the data provided by you or otherwise collected by us within the framework of the information in this section 3 to our clients, who will then decide whether or not they wish to seek further contact with you - especially via us - and in particular whether or not they would like further information or a personal interview.
The cooperation with our clients within the framework of the recruitment or placement process is based on joint responsibility under data protection law within the meaning of Art. 4 (7) and Art. 26 (1) GDPR, therefore the processing of your personal data is also based on Art. 6 (1) b) and, if applicable, Art. 9 (2) a) GDPR when they are passed on. You can find out from us at any time to whom we have passed on your data. Upon completion or termination of the recruitment process, the joint responsibility ends.
During the period of joint responsibility, you can assert your rights as a data subject (cf. section 4 in particular) against each of the controllers, although the two controllers have contractually regulated their responsibilities and their liability in their internal relationship with each other or, if applicable, divided them differently. The fulfilment of your data protection rights may therefore not be carried out by the body to which you originally addressed your request in the context of the exercise of data protection rights.
If the client exceeds the limits of permissible data processing and the office mentioned in section 3.1 becomes aware of this, it shall support the data subject in exercising his or her data subject rights if necessary and within the scope of what is legally and reasonable.
If the client (recruiting company) independently collects data of the data subject, it is obliged to implement the relevant information obligations from Art. 12 - 14 GDPR vis-à-vis the data subjects. This applies to or from the establishment of an employment relationship or a similar cooperation. The body mentioned in section 3.1 is not responsible for information obligations in this regard.
3.4 Listing of your application data in our candidate database, storage periodInsofar as a placement with a specific recruiting company does not take place or (initially) is not to take place and (initially) only an inclusion in our CRM system or our candidate database is to take place, we regularly check within the scope of the database contractual relationship whether you are (also) eligible for other positions than the one initially referred to. This is done based on Art. 6 (1) b) GDPR for contractual purposes and is necessary to process your request. If the data you provide are special categories of personal data (e.g. health data, trade union or religious affiliation, or other "sensitive" data), the processing is based on your consent pursuant to Art. 9 (2) a) GDPR, which you have expressed by providing these data. Decision-making based exclusively on automated processing - including profiling - does not take place..
You can, of course, provide us with updated data at any time, for example if your contact details have changed or you have accepted a new job, or if you make use of the data subject rights outlined in section 4.
If you have signaled your interest in being listed in our CRM system/applicant pool - possibly also via chat functions of professional networks - we will store your application data for a maximum of eighteen (18) months, unless a shorter storage period results from the correspondence with you or further placement-related correspondence does not initiate a new storage period of a maximum of eighteen (18) months, and in the absence of any longer retention obligations (in particular of a fiscal nature) preventing deletion. In individual cases, a longer storage period of your data may also be necessary when exercising a deletion request based on our legitimate interests pursuant to Art. 6 (1) f) GDPR - to enforce a fee claim against our client/client, for example.
4 Data subject rights according to Art. 15ff. and Art. 77 GDPR
4.1 Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)If the data processing is based on Art. 6 (1) e) or f) GDPR, you have the right to withdraw your consent at any time for reasons arising from your particular situation to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising.
4.2 Revocation of your consent to data processingMany data processing operations are only possible with your express consent. We obtain this consent from you before the start of the data processing that requires your consent. You can revoke this consent at any time. Insofar as it is not already possible to revoke your consent by clicking on links or adjusting browser settings, it is sufficient to send us an informal message by email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
4.3 Right of appeal to the competent supervisory authorityData subjects have the right to lodge a complaint with the competent supervisory authority in the event of violations of data protection law. The competent supervisory authority for data protection issues is the State Data Protection Commissioner of the federal state in which our company has its headquarters. A list of the data protection officers and their contact details can be found in the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
The data protection authority responsible for us is:
Berlin Commissioner for Data Protection and Freedom of Information
4.4 Right to data portabilityYou have the right to have data that we process automatically, based on your consent or in fulfilment of a contract, handed over to you or to another person responsible, in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
4.5 Information, blocking, deletionWithin the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of these data. For this purpose as well as for further questions about personal data, you can contact us at any time at the address given in the imprint.