Skip to main content

Processing of (personal) data by the entity in charge of the online application process

               Data Protection            


 1. An overview of data protection

 

General information


 The following information will provide you with an easy to navigate overview of what will happen with your
 personal data when you visit this website. The term “personal data” comprises all data that can be used to
 personally identify you. For detailed information about the subject matter of data protection, please consult
 our Data Protection Declaration, which we have included beneath this copy.


 Data recording on this website


 Who is the responsible party for the recording of data on this website (i.e., the “controller”)?
 The data on this website is processed by the operator of the website, whose contact information is available
 under section “Information about the responsible party (referred to as the “controller” in the GDPR)” in this
 Privacy Policy.


 How do we record your data?


 We collect your data as a result of your sharing of your data with us. This may, for instance be information
 you enter into our contact form.
 Other data shall be recorded by our IT systems automatically or after you consent to its recording during
 your website visit. This data comprises primarily technical information (e.g., web browser, operating system,
 or time the site was accessed). This information is recorded automatically when you access this website.


 What are the purposes we use your data for?


 A portion of the information is generated to guarantee the error free provision of the website. Other data
 may be used to analyze your user patterns.

What rights do you have as far as your information is concerned?


 You have the right to receive information about the source, recipients, and purposes of your archived
 personal data at any time without having to pay a fee for such disclosures. You also have the right to demand
 that your data are rectified or eradicated. If you have consented to data processing, you have the option to
 revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to
 demand that the processing of your data be restricted under certain circumstances. Furthermore, you have
 the right to log a complaint with the competent supervising agency.
 Please do not hesitate to contact us at any time if you have questions about this or any other data protection
 related issues.


 Analysis tools and tools provided by third parties


 There is a possibility that your browsing patterns will be statistically analyzed when your visit this website.
 Such analyses are performed primarily with what we refer to as analysis programs.
 For detailed information about these analysis programs please consult our Data Protection Declaration
 below.


 2. Hosting


 We are hosting the content of our website at the following provider:

External Hosting

 This website is hosted externally. Personal data collected on this website are stored on the servers of the
 host. These may include, but are not limited to, IP addresses, contact requests, metadata and
 communications, contract information, contact information, names, web page access, and other data
 generated through a web site.
 The external hosting serves the purpose of fulfilling the contract with our potential and existing customers
 (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a
 professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried
 out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the
 storage of cookies or the access to information in the user's end device (e.g., device fingerprinting) within the
 meaning of the TTDSG. This consent can be revoked at any time.
 Our host will only process your data to the extent necessary to fulfil its performance obligations and to
 follow our instructions with respect to such data.

We are using the following host:

 Hellberg Consulting e.K.
 Eichweberstraße 2
 25821 Bredstedt

 Phone: 04671 404 77 00
 Fax number: 04671 404 77 01
 Email: info@hellberg-consulting.de

Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a
 contract mandated by data privacy laws that guarantees that they process personal data of our website
 visitors only based on our instructions and in compliance with the GDPR.


 3. General information and mandatory information

 

Data protection


 The operators of this website and its pages take the protection of your personal data very seriously. Hence,
 we handle your personal data as confidential information and in compliance with the statutory data
 protection regulations and this Data Protection Declaration.
 Whenever you use this website, a variety of personal information will be collected. Personal data comprises
 data that can be used to personally identify you. This Data Protection Declaration explains which data we
 collect as well as the purposes we use this data for. It also explains how, and for which purpose the
 information is collected.
 We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications)
 may be prone to security gaps. It is not possible to completely protect data against third-party access.
 Information about the responsible party (referred to as the “controller” in the GDPR)
 The data processing controller on this website is:

 BioConsult SH GmbH & Co. KG
 Schobüller Str. 36
 25813 Husum
 Deutschland

 Phone: +49 (0) 4841 77937-10
 Email: info@bioconsult-sh.de

 The controller is the natural person or legal entity that single-handedly or jointly with others makes
 decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail
 addresses, etc.).


 Storage duration


 Unless a more specific storage period has been specified in this privacy policy, your personal data will remain
 with us until the purpose for which it was collected no longer applies. If you assert a justified request for
 deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally
 permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the
 latter case, the deletion will take place after these reasons cease to apply.
 General information on the legal basis for the data processing on this website
 If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or
 Art. 9 (2)(a) GDPR, if special categories of data are processed according to Art. 9 (1) DSGVO. In the case of
 explicit consent to the transfer of personal data to third countries, the data processing is also based on Art.
 49 (1)(a) GDPR. If you have consented to the storage of cookies or to the access to information in your end
 device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TTDSG. The
 consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the
 implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR.
 Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art.
 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest
 according to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in
 the following paragraphs of this privacy policy.


 Designation of a data protection officer


 We have appointed a data protection officer.

 Karsten Klug
 Rechtsanwalt und
 Fachanwalt für Arbeitsrecht
 Externer Datenschutzbeauftragter (TÜV zert.)

 Klug - Datenschutz-Consulting
 Kaiser-Wilhelm-Str. 93
 20355 Hamburg

 Phone: +49 (40) 411 89 38 - 28
 Fax number.: +49 (40) 411 89 38 - 37
Email: mail@klug-datenschutz.de


 Revocation of your consent to the processing of data


 A wide range of data processing transactions are possible only subject to your express consent. You can also
 revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness
 of any data collection that occurred prior to your revocation.


 Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)


 IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE
 THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON
 GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED
 ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS
 BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE
 WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO
 PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA,
 THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE
 PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION
 PURSUANT TO ART. 21(1) GDPR).
 IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING,
 YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR
 THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE
 EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL
 DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES
 (OBJECTION PURSUANT TO ART. 21(2) GDPR).


 Right to log a complaint with the competent supervisory agency

In case of non-compliance with regulations of the General Data Protection Regulation (GDPR), the affected persons have the right to lodge a complaint with a supervisory authority, in particular the Independent State Centre for Data Protection of Schleswig-Holstein (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein) or in the respective member state of their habitual residence, place of work or the place of the alleged violation without prejudice to any other administrative or judicial remedy.
You can contact the competent authority as follows:

 Landesbeauftragte für Datenschutz Schleswig-Holstein
 Holstenstraße 98
 24171 Kiel

 phone: 0431 988-1200
 telefax: 0431 988-1223
online complaint form: uldsh.de/beschwerde
 email: mail@datenschutzzentrum.de (Please refer to https://uldsh.de/mail for information on email communication encryption.)


 Right to data portability


 You have the right to have data that we process automatically on the basis of your consent or in fulfillment of
 a contract handed over to you or to a third party in a common, machine-readable format. If you should
 demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
 Information about, rectification and eradication of data
 Within the scope of the applicable statutory provisions, you have the right to demand information about
 your archived personal data, their source and recipients as well as the purpose of the processing of your data
 at any time. You may also have a right to have your data rectified or eradicated. If you have questions about
 this subject matter or any other questions about personal data, please do not hesitate to contact us at any
 time.


 Right to demand processing restrictions


 You have the right to demand the imposition of restrictions as far as the processing of your personal data is
 concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in
 the following cases:
 In the event that you should dispute the correctness of your data archived by us, we will usually need
 some time to verify this claim. During the time that this investigation is ongoing, you have the right to
 demand that we restrict the processing of your personal data.
 If the processing of your personal data was/is conducted in an unlawful manner, you have the option to
 demand the restriction of the processing of your data instead of demanding the eradication of this data.
 If we do not need your personal data any longer and you need it to exercise, defend or claim legal
 entitlements, you have the right to demand the restriction of the processing of your personal data instead
 of its eradication.
 If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be
 weighed against each other. As long as it has not been determined whose interests prevail, you have the
 right to demand a restriction of the processing of your personal data.
 If you have restricted the processing of your personal data, these data – with the exception of their archiving –
 may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to
 protect the rights of other natural persons or legal entities or for important public interest reasons cited by
 the European Union or a member state of the EU.


 SSL and/or TLS encryption


 For security reasons and to protect the transmission of confidential content, such as purchase orders or
 inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption
 program. You can recognize an encrypted connection by checking whether the address line of the browser
 switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
 If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.


 4. Recording of data on this website

 

Request by e-mail, telephone, or fax


 If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name,
 request) will be stored and processed by us for the purpose of processing your request. We do not pass these
 data on without your consent.
 These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a
 contract or is required for the performance of pre-contractual measures. In all other cases, the data are
 processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art.
 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be
 revoked at any time.
 The data sent by you to us via contact requests remain with us until you request us to delete, revoke your
 consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request).
 Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
 

5. Plug-ins and Tools

 

Vimeo

This website uses plug-ins of the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of the pages on our website into which a Vimeo video has been integrated, a connection to Vimeo’s servers will be established. As a consequence, the Vimeo server will receive information as to which of our pages you have visited. Moreover, Vimeo will receive your IP address. This will also happen if you are not logged into Vimeo or do not have an account with Vimeo. The information recorded by Vimeo will be transmitted to Vimeo’s server in the United States.
If you are logged into your Vimeo account, you enable Vimeo to directly allocate your browsing patterns to your personal profile. You can prevent this by logging out of your Vimeo account.
Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognize website visitors.
The use of Vimeo is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.
For more information on how Vimeo handles user data, please consult the Vimeo Data Privacy Policy under: https://vimeo.com/privacy.


 6. Custom Services

 

Handling applicant data


 We offer website visitors the opportunity to submit job applications to us (e.g., via e-mail, via postal services
 on by submitting the online job application form). Below, we will brief you on the scope, purpose and use of
 the personal data collected from you in conjunction with the application process. We assure you that the
 collection, processing, and use of your data will occur in compliance with the applicable data privacy rights
 and all other statutory provisions and that your data will always be treated as strictly confidential.


 Scope and purpose of the collection of data


 If you submit a job application to us, we will process any affiliated personal data (e.g., contact and
 communications data, application documents, notes taken during job interviews, etc.), if they are required to
 make a decision concerning the establishment or an employment relationship. The legal grounds for the
 aforementioned are § 26 BDSG according to German Law (Negotiation of an Employment Relationship), Art.
 6(1)(b) GDPR (General Contract Negotiations) and – provided you have given us your consent – Art. 6(1)(a)
 GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be
 shared with individuals who are involved in the processing of your job application.
 If your job application should result in your recruitment, the data you have submitted will be archived on the
 grounds of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship
 in our data processing system.


 Data Archiving Period


 If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the
 right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up
 to 6 months from the end of the application procedure (rejection or withdrawal of the application).
 Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage
 serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required
 after the expiry of the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only
 take place when the purpose for further storage no longer applies.
 Longer storage may also take place if you have given your agreement (Article 6(1)(a) GDPR) or if statutory
 data retention requirements preclude the deletion.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.