Information for applicants in accordance with Art. 13 GDPR
Compliance with data protection regulations is very important to us. We would like to inform you below about the collection of your personal data by us.
Responsible person
The person responsible for processing personal data collected as part of the application process is innn.it e.V., Pressehaus Podium, Karl-Liebknecht Str. 29A, 10178 Berlin, email: datenschutz[at]innn.it
Data protection officer
You can contact our data protection officer for information or suggestions on the subject of data protection:
datenschutz nord GmbH
Kurfürstendamm 212
10719 Berlin
Web: www.datenschutz-nord-gruppe.de
Email: office[at]datenschutz-nord.de
Data we process
As part of the application process, we process data from you that we need in order to decide whether to establish an employment relationship. This includes in particular your contact details, such as your name and address, as well as all data related to the application, such as your CV, certificates, qualifications, answers to interview questions, etc. If you submit an application for reimbursement of travel expenses, we also need your bank details. The legal basis for the processing of your data results from § 26 Federal Data Protection Act (BDSG).
If you also voluntarily provide us with personal data, we process your data on the basis of your revocable consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 26 para. 2 BDSG.
Purpose of data processing
The purpose of data processing is the applicant selection procedure.
Source of data
As a rule, we only process the personal data that you provide to us as part of the application process. We may also obtain data about you from other sources, including external business partners, e.g. recruitment agencies (headhunters). We may also receive data that you have made public on professionally oriented social networks, such as LinkedIn.
Data deletion
If there is no legal retention period, the data will be deleted as soon as storage is no longer necessary or the justified interest in storage has expired. If no recruitment takes place, this is regularly the case no later than six months after the application process has been completed. We also delete data if you revoke your consent to the processing of your data.
In individual cases, individual data may be stored for a longer period of time (e.g. travel expense reports). The duration of storage then depends on the statutory retention obligations, e.g. from the German Fiscal Code (6 years) or the German Commercial Code (10 years). In accordance with the limitation periods, further storage of your data is also permissible if further processing is necessary for the assertion, exercise or defense of legal claims after we have weighed up the interests involved.
If you are not hired, but your application is still of interest to us, we will ask you whether we may continue to keep your application for future job openings. This longer retention is based on your revocable consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 26 para. 2 BDSG.
Confidential treatment and data recipients
Of course, we treat your data confidentially. Access is only granted to those persons who need it to fulfill their tasks. Recipients of your data may also be service providers that we use for the provision of our services in accordance with instructions (so-called commissioned processing in accordance with Art. 28 GDPR).
To conduct video interviews (job interviews), we use the processor „Zoom“ of Zoom Video Communications, Inc. As the provider of the web meeting software, Zoom is given access to your data insofar as this is provided for as part of the order processing. Zoom is a service provided by a provider based in the USA. The USA is a third country outside the European Union. Countries outside the European Union handle the protection of personal data differently than countries within the European Union. There is currently no decision by the EU Commission that third countries generally offer an adequate level of protection. A secure transfer to the USA is currently not completely possible. However, we have concluded the data protection contract provided by the European Union Commission for the processing of personal data in third countries (EU standard contractual clauses) with Zoom in order to secure the level of data protection as far as possible. You can request a copy of this data protection contract using the contact details provided above.
Your rights
As a data subject, you have the right to information about the personal data concerning you (Art. 15 GDPR) as well as the right to have inaccurate data corrected (Art. 16 GDPR) or to have it deleted if one of the reasons mentioned in Art. 17 GDPR applies, e.g. if the data is no longer needed for the purposes pursued. There is also the right to restriction of processing if one of the conditions listed in Art. 18 GDPR applies and, in the cases of Art. 20 GDPR, the right to data portability. If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. Please also note that we may have to retain certain data for a certain period of time in order to comply with legal requirements despite your revocation (see „Data deletion“ for more details).
Right of objection
In cases where we process your personal data on the legal basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object at any time on grounds relating to your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In addition, as a data subject, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data relating to you is in breach of data protection law. The right to lodge a complaint may in particular be asserted before a supervisory authority in the Member State of the place of residence or place of work of the data subject or the place of the alleged infringement. The contact details of the competent supervisory authority are:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
Phone: +49 (0)30 138 890
Fax: +49 (0)30 215 505 0
Email: mailbox[at]datenschutz-berlin.de