A) Data protection information about our processing of personal data according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)

See document:

Data protection information about our processing of personal data of candidates (m/f/d) according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)

B) Privacy Policy of TALENTspy GmbH

1. INTRODUCTION AND GENERAL INFORMATION

Thank you for your interest in our website. The protection of your personal data is very important to us. In the following, you will find information on how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal regulations on data protection.

a) Controller according to the GDPR
TALENTspy GmbH
Pacellistraße 8
D-80333 Munich
Tel.: +49 (89) 480 582 – 0
Fax: +49 (89) 480 582 – 22

b) Contact information for the Data Protection Officer
Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstraße 21
D-80802 Munich
datenschutzbeauftragter@datenschutzexperte.de 
When you contact the Data Privacy Officer, please name the company to which your request refers. Please avoid attaching any sensitive information, such as a copy of your ID card, to your request.

c) Definitions
Our Privacy Policy is intended to be simple and understandable for everyone. In this Privacy Policy, the official terms of the General Data Protection Regulation ("GDPR") are generally used. The official definitions are explained in Art. 4 GDPR.

d) Access and storage of information in end devices
By using our website, information (for example, IP address) may be accessible or information (for example, cookies) may be stored in your end devices. This access or storage may involve further processing of personal data in accordance with the GDPR.
In cases where such access or storage of information is necessary for the technically error-free provision of our services, this will be done based on § 25 (1) S. 1, (2) No. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out based on § 25 (1) TTDSG with your consent in accordance with Art. 6 (1) lit. a GDPR. The consent can be withdrawn at any time for the future. The requirements of the GDPR and the German Federal Data Protection Act (BDSG) are applicable regarding the processing of your personal data.
For further information on the processing of your personal data and the relevant legal bases in this context, please refer to the following sections on the specific processing activities on our website.

e) Webhosting
This website is hosted by an External Service Provider (Fa. Mittwald). The hosting of this website takes place in Espelkamp. Any personal data that is collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, website accesses and other data generated via the website.
We collect the listed data to ensure a proper connection of the website and a technically error-free provision of our services. The processing of this data is necessary to provide you with the website. The legal basis for the processing of the data is our legitimate interest in the correct display and functionality of our website in accordance with Art. 6 (1) lit. f GDPR.
We have signed a data processing agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we obligate the provider to protect the data of our customers and not to disclose it to third parties.

2. COLLECTION AND STORAGE OF PERSONAL DATA AND THE TYPE AND PURPOSE OF THEIR USE

a) During your visit to the website
When you visit our website at www.talentspy.de, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the accessed file,
  • website from which the access was made (referrer URL),
  • browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The mentioned data are processed by us for the following purposes:

  • Ensuring a smooth connection setup of the website,
  • Ensuring a comfortable use of our website,
  • evaluation of system security and stability as well as
  • for other administrative purposes.

The legal basis for the data processing is Art. 6 (1) S. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of making conclusions about your person.

b) By contacting us by e-mail, mail, telephone, fax and via social media (LinkedIn, XING)
When you contact us by e-mail, post, telephone, fax and via social media (LinkedIn, XING), the data you provide, such as your e-mail address and, if applicable, your name and other contact data, will be stored by us to be able to respond to your request. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR and, if applicable, Art. 6 (1) lit. b GDPR, if your request is intended to conclude a contract. Your data will be deleted after final processing of your request if there are no legal obligations to store data. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.

c) Applications
If you apply to us via our application platform (HCM4all) or by e-mail, we collect personal data. This includes your contact data (such as first and last name, telephone number, and user e-mail address) as well as other data you provide about your background (for example, resume, qualifications, degrees, and work experience) and yourself (for example, cover letter, personal interests). This may also include special categories of personal data (for example, information about a severe disability). As a rule, your personal data is collected directly from you as part of the application process and is encrypted during electronic transmission. 

Your personal data will be processed by TALENTspy GmbH for the purpose of recruiting you for open positions at partner companies. The necessity and the scope of the data collection are assessed, among other factors, according to the position to be filled. If your intended position involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, or is linked to certain physical and health requirements, more comprehensive data collection may be necessary. 

The legal basis for the processing of your personal data by our company and the transfer to partner companies for job filling procedures is your consent voluntarily given to us pursuant to Art. 6 (1) lit. a GDPR. If your application documents also contain so-called "special categories of personal data" within the meaning of Art. 9 (1) GDPR, the legal basis for processing by TALENTspy GmbH and forwarding to partner companies is your consent granted pursuant to Art. 9 (2) lit. a GDPR.

In addition, you can also give us consent to include you in our applicant pool. In this case, we will store the application documents beyond the current application process for consideration in subsequent application processes.
If we process data based on your consent, you have the right to withdraw your consent at any time for the future. If possible, please send your withdrawal by e-mail to info@talentspy.de.

The legitimacy of the processing of your data up to the time of the revocation remains unaffected.
We have concluded a data processing agreement with our service provider HCM4all, in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Provider
HCM4all GmbH
Rosenkavalierplatz 18
D-81925 Munich
Privacy Policy: https://hcm4all.com/datenschutz/

d) Registration
You have the option of registering for specific services that we make available on our website and thereby creating a user profile. As part of the registration and setup process, we collect and use the following personal data:

  • Title
  • First and Last Name 
  • Email Address
  • Mobile number

In addition, voluntary information can be given (e.g. telephone number, address, channel). Mandatory information for the purpose of registration is marked in the registration form with an asterisk as a mandatory field. Your user account gives you the opportunity to use other parts of our website. The legal basis for data processing is Art. 6 (1) lit. a GDPR in the case of consent, or Art. 6 (1) lit. b GDPR if processing is necessary to provide the requested services. Your data will be deleted as soon as the user account on our website is deleted and as far as no legal retention obligations exist. A change and/or deletion of your user account including the data you have provided can usually be made directly in your user account after logging in or by sending a message to the controller mentioned in the introduction.

3. EXTERNAL LINKS
Social networks (LinkedIn, XING) are only integrated on our website as a link to the corresponding services. After clicking on the integrated text/image link, you will be redirected to the page of the provider to which you are referring. The user information will only be transferred to the respective provider after the connection has been made. For information on the handling of your personal data by using these websites, please check the privacy policy of the provider you are using.

a) Social media presence
In the following, you will find information about the handling of your data that is collected by our social media presences on social networks and platforms. Your data will be processed in accordance with the legal regulations.

b) Further social media providers

i.    Responsible party
If your personal data is processed by a provider listed below, this provider is the controller for data processing within the meaning of the GDPR. For the claiming of your data subject rights, we would like to point out that these can most effectively be asserted with the respective providers. Only they have access to the data collected from you. Should you require assistance, nevertheless, please feel free to contact us at any time.
We have online presences on the social media platforms of the following providers: 
    • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. 
    • XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany

ii. Data Protection Officer
Instructions on how to contact the Data Protection Officer of the other social media providers can be found here:
    • LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO 
    • XING SE: Datenschutzbeauftragter@xing.com

c) General information about social media platforms

i. Responsible party
The responsible party for data processing within the meaning of the GDPR is the entity named at the beginning of this privacy policy, insofar as data transmitted by you via one of the social media platforms is processed by us ourselves.

ii. Our Data Protection Officer
If you have any concerns about the data processing performed by us as the controller, you can contact our data protection officer using the contact details provided at the beginning of this privacy policy.

iii. General processing of data at the social media platforms; Data processing for market research and advertising
Personal data is usually processed on the company website for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. By means of the collected data, usage profiles can be created. These are used to display advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and logged in to them.

iv. Data Processing in case of Contact
We collect personal data when you contact us, for example, via a contact form or a messenger service. Which data is collected depends on the information you provide and the contact data you have provided or released. These are stored for the purpose of processing the request and for the case of follow-up questions with us. Under no circumstances will we pass on the data to third parties without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR and, if applicable, Art. 6 (1) lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, if this does not conflict with any statutory retention obligations. We assume that processing is complete if it can be assumed from the circumstances that the matter in question has been conclusively clarified.

v. Data Processing for the Performance of Contracts
If your contact via a social network or other platform aims at the conclusion of a contract for the delivery of products or the provision of services with us, we process your data for the performance of the contract or for the implementation of pre-contractual measures or for the provision of the requested services. The legal basis for the processing of your data in this case is Art. 6 (1) lit. b GDPR. Your data will be deleted if it is no longer required for the performance of the contract or if it is determined that the pre-contractual measures do not lead to the conclusion of a contract corresponding to the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after the conclusion of the contract to comply with contractual or legal obligations.

vi. Data processing based on consent
If you are asked by the respective providers of the platforms for consent to processing for a specific purpose, the legal basis of the processing is Art. 6 (1) lit. a., Art. 7 GDPR. Consent given can be withdrawn at any time with effect for the future.

vii. Data transfer and recipient
When you visit and use the platforms listed above, personal data may be transferred to the US or other third countries outside the EU, which is why further protection mechanisms are required in these cases to ensure the level of data protection of the GDPR. For more information on whether and which suitable guarantees the providers can provide for this, please see the list below. 
We have no influence on the processing of your personal data by the provider and how it is handled. Likewise, we do not have any information on this. For more information, please check the privacy policy of the provider and, if necessary, use the opt-out/personalization options regarding data processing by the provider:

4. DISCLOSURE OF DATA

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties
    • if we have explicitly referred to this in the description of the respective data processing,
    • if you have given your explicit consent to this in accordance with Art. 6 (1) S. 1 lit. a GDPR,
    • if the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 (1) S. 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
    • if a legal obligation exists for the disclosure pursuant to Art. 6 (1) S. 1 lit. c GDPR, and
    • as far as this is necessary for the processing of contractual relationships with you according to Art. 6 (1) S. 1 lit. b GDPR.
We also use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with whom we have concluded data processing agreements in accordance with Art. 28 GDPR. These are bound by our instructions and are regularly monitored by us. These are, among others, service providers for hosting, sending emails and maintenance and care of our IT systems, etc. The service providers will not disclose this data to third parties.

5. DURATION OF THE STORAGE OF PERSONAL DATA

The duration of the storage of personal data is measured by the relevant statutory retention periods (for example, from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the fulfillment or initiation of a contract or if we have a legitimate interest in continuing to store it, the data will be deleted when it is no longer required for these purposes, or you have exercised your right of revocation or objection.

6. DATA SUBJECT RIGHTS

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • pursuant to Art. 16 GDPR, to request the correction of incorrect or incomplete personal data stored by us without undue delay;
  • pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
  • pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
  • in accordance with Art. 7 (3) GDPR, to withdraw your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future;
  • complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

7. RIGHT OF OBJECTION

If your personal data is processed based on legitimate interests according to Art. 6 (1) S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, if there are legitimate reasons which result out of your situation or if the objection is directed against direct marketing. In the last case, you have a general right of objection, which will be implemented by us without specifying a particular situation.
If you would like to make use of your right of withdrawal or objection, it is enough to send an e-mail to info@talentspy.de.

8.    DATA SECURITY

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, considering the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk. Within the website visit, we use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

9. LEGAL OBLIGATIONS

The provision of personal data for the decision on the conclusion of a contract, the performance of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

10. Automated individual decision-making, including profiling

Automated decision making or profiling according to Art. 22 GDPR will not take place.

11.  UPDATES AND CHANGES OF THIS PRIVACY POLICY

We reserve the right to update or change this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and consider changes to our services, for example, when introducing new services. The current version applies to your visit.

Date of this Privacy Policy: 23.02.2023