Processing of (personal) data by the entity in charge of the online application process
Information Obligations when Collecting Personal Data from Applicants (Art. 13, Art. 14 GDPR)
I. Who is responsible for data processing, and who is the Data Protection Officer?
The responsible party for data processing is:
DAMM & BIERBAUM
Agency for Marketing and Communication GmbH
Hanauer Landstraße 174-176
60314 Frankfurt am Main
Phone: +49 69 78 91 05-0
Email: info@dammbierbaum.de
Our Data Protection Officer at AGOR AG can be reached at info@agorag.com or by phone at +49 (0) 69 - 9494 32 410. Their contact information is also available online at www.agor-ag.com.
II. Which data categories do we use, and where do they come from?
The processed categories of personal data include, in particular:
➢ Your basic data (e.g., first name, last name, name affixes, nationality, date of birth)
➢ Contact data (e.g., home address, email address, (mobile) phone number)
➢ Your professional resume, education, and school qualifications
➢ Online data (e.g., username, password, IP address for online applications)
➢ Any other optional information provided, such as religious affiliation, nationality, photo, etc.
Your personal data is generally collected directly from you during the application process. In certain cases, due to legal requirements, your personal data may also be collected from other sources (especially authorities). Additionally, we may receive data from third parties (e.g., employment agencies).
III. For what purposes and on what legal basis is data processed?
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other relevant laws (e.g., BetrVG, ArbZG, etc.).
The primary purpose of data collection and processing is to manage the application process. The primary legal basis for this is Art. 6(1) Sentence 1(b), Art. 88 GDPR, in conjunction with Section 26(1) BDSG.
Where necessary, we also process your data based on Art. 6(1) Sentence 1(f) GDPR to protect legitimate interests of ours or third parties (e.g., authorities). This is particularly applicable in criminal investigations (legal basis Section 26(1) Sentence 2 BDSG) or within the corporate group for purposes of corporate governance, internal communication, and other administrative purposes, as well as for statistical purposes.
Company-wide processing of personal data of employees is necessary for cost-saving reasons, to simplify and accelerate internal processes, to avoid errors, and in the interest of data economy and data minimization.
We also process your data to fulfill our legal obligations as a company, especially in the area of tax and social security law. This is based on Art. 6(1) Sentence 1(c) GDPR.
If necessary, we obtain your consent under Art. 6(1) Sentence 1(a) GDPR, which can be revoked at any time for the future, in the following cases: internal transfers within the corporate group, extended storage of application documents/applicant pool, and assessment centers.
If we intend to process your personal data for a purpose not mentioned above, we will inform you beforehand.
IV. Who receives your data?
Within our company, only those persons and departments (e.g., HR, works council, representative for severely disabled persons, department heads) that are responsible for managing the application process and deciding on the outcome of the application have access to your personal data.
Additionally, we use various service providers to fulfill our contractual and legal obligations. A list of the contractors and service providers with whom we have established ongoing business relationships is available upon request.
Furthermore, we may transfer your personal data to other recipients outside the company, where necessary to fulfill our contractual and legal obligations as an employer. These may include:
The data subject has the right to request information from the controller regarding their personal data, as well as rights to rectification, deletion, restriction of processing, objection to processing, and data portability.
If the data subject has provided consent for further data usage, they have the right to revoke this consent at any time without providing a reason.
These rights can be exercised by contacting DAMM & BIERBAUM, Agency for Marketing and Communication, Phone: +49 69 78 91 05-0, Email: info@dammbierbaum.de.
In addition to the rights mentioned above, the data subject also has the option to contact the respective supervisory authority if they believe that the processing of their data violates the GDPR.
VI. How long will your data be stored?
Companies and employers in Germany are subject to various legal retention obligations, especially under the German Fiscal Code (AO) and the German Commercial Code (HGB). Regardless of this, there is a general retention period of three years for employment relationships according to Section 195 BGB.
If we enter into an employment contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal provisions.
If no employment contract is concluded with the applicant, the application documents will be deleted no later than six months after the rejection decision, provided there are no other legitimate interests of the controller that prevent deletion. Legitimate interests in this sense include, for example, the duty to provide evidence in a case under the General Equal Treatment Act (AGG).
If consent is given for longer storage, inclusion in the applicant tool, and/or data transfer within the corporate group, deletion will occur only after this period has expired, unless the applicant gives further consent for the aforementioned purposes.
VII. Are your data transferred to a third country?
Certain personal data are processed by Microsoft and Google in the United States. Under the “Data Privacy Framework” (DPF), the EU Commission has recognized the data protection level for certain companies in the U.S. as safe through the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the U.S. Department of Commerce’s website at https://www.dataprivacyframework.gov/s/participant-search (in English).
VIII. Are you required to provide your data?
In the application process, you are required to provide the personal data necessary for deciding on the establishment of the employment relationship or that we are legally obliged to collect. Without this data, we will not be able to carry out the application process with you.
IX. Are automated decisions or profiling measures used?
No automated individual decisions or profiling measures are used.
I. Who is responsible for data processing, and who is the Data Protection Officer?
The responsible party for data processing is:
DAMM & BIERBAUM
Agency for Marketing and Communication GmbH
Hanauer Landstraße 174-176
60314 Frankfurt am Main
Phone: +49 69 78 91 05-0
Email: info@dammbierbaum.de
Our Data Protection Officer at AGOR AG can be reached at info@agorag.com or by phone at +49 (0) 69 - 9494 32 410. Their contact information is also available online at www.agor-ag.com.
II. Which data categories do we use, and where do they come from?
The processed categories of personal data include, in particular:
➢ Your basic data (e.g., first name, last name, name affixes, nationality, date of birth)
➢ Contact data (e.g., home address, email address, (mobile) phone number)
➢ Your professional resume, education, and school qualifications
➢ Online data (e.g., username, password, IP address for online applications)
➢ Any other optional information provided, such as religious affiliation, nationality, photo, etc.
Your personal data is generally collected directly from you during the application process. In certain cases, due to legal requirements, your personal data may also be collected from other sources (especially authorities). Additionally, we may receive data from third parties (e.g., employment agencies).
III. For what purposes and on what legal basis is data processed?
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other relevant laws (e.g., BetrVG, ArbZG, etc.).
The primary purpose of data collection and processing is to manage the application process. The primary legal basis for this is Art. 6(1) Sentence 1(b), Art. 88 GDPR, in conjunction with Section 26(1) BDSG.
Where necessary, we also process your data based on Art. 6(1) Sentence 1(f) GDPR to protect legitimate interests of ours or third parties (e.g., authorities). This is particularly applicable in criminal investigations (legal basis Section 26(1) Sentence 2 BDSG) or within the corporate group for purposes of corporate governance, internal communication, and other administrative purposes, as well as for statistical purposes.
Company-wide processing of personal data of employees is necessary for cost-saving reasons, to simplify and accelerate internal processes, to avoid errors, and in the interest of data economy and data minimization.
We also process your data to fulfill our legal obligations as a company, especially in the area of tax and social security law. This is based on Art. 6(1) Sentence 1(c) GDPR.
If necessary, we obtain your consent under Art. 6(1) Sentence 1(a) GDPR, which can be revoked at any time for the future, in the following cases: internal transfers within the corporate group, extended storage of application documents/applicant pool, and assessment centers.
If we intend to process your personal data for a purpose not mentioned above, we will inform you beforehand.
IV. Who receives your data?
Within our company, only those persons and departments (e.g., HR, works council, representative for severely disabled persons, department heads) that are responsible for managing the application process and deciding on the outcome of the application have access to your personal data.
Additionally, we use various service providers to fulfill our contractual and legal obligations. A list of the contractors and service providers with whom we have established ongoing business relationships is available upon request.
| Personio SE & Co. KG Seidlstraße 3 80335 München Tel.: +49(89) 1250 1004 E-Mail: info@personio.de | Applicant management tool |
| LinkedIn Ireland Unlimited Company Wilton Place Dublin 2, Ireland | Job postings / professional network |
| Indeed Deutschland GmbH Theo-Champion-Str. 2 40549 Düsseldorf | Job postings |
| Microsoft Corporation One Microsoft Way Redmond, WA 98052 | Appointment coordination and meetings via Office 365 and Microsoft Teams |
| Google Ireland Limited Gordon House Barrow Street, Dublin 4 Ireland | Appointment coordination and communication via Gmail and Google Calendar |
- Authorities (e.g., Immigration Office, Federal Employment Agency, courts)
- The applicant’s bank, if travel expenses are reimbursed
- Attorneys
- Former employers with the applicant’s consent
The data subject has the right to request information from the controller regarding their personal data, as well as rights to rectification, deletion, restriction of processing, objection to processing, and data portability.
If the data subject has provided consent for further data usage, they have the right to revoke this consent at any time without providing a reason.
These rights can be exercised by contacting DAMM & BIERBAUM, Agency for Marketing and Communication, Phone: +49 69 78 91 05-0, Email: info@dammbierbaum.de.
In addition to the rights mentioned above, the data subject also has the option to contact the respective supervisory authority if they believe that the processing of their data violates the GDPR.
VI. How long will your data be stored?
Companies and employers in Germany are subject to various legal retention obligations, especially under the German Fiscal Code (AO) and the German Commercial Code (HGB). Regardless of this, there is a general retention period of three years for employment relationships according to Section 195 BGB.
If we enter into an employment contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal provisions.
If no employment contract is concluded with the applicant, the application documents will be deleted no later than six months after the rejection decision, provided there are no other legitimate interests of the controller that prevent deletion. Legitimate interests in this sense include, for example, the duty to provide evidence in a case under the General Equal Treatment Act (AGG).
If consent is given for longer storage, inclusion in the applicant tool, and/or data transfer within the corporate group, deletion will occur only after this period has expired, unless the applicant gives further consent for the aforementioned purposes.
VII. Are your data transferred to a third country?
Certain personal data are processed by Microsoft and Google in the United States. Under the “Data Privacy Framework” (DPF), the EU Commission has recognized the data protection level for certain companies in the U.S. as safe through the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the U.S. Department of Commerce’s website at https://www.dataprivacyframework.gov/s/participant-search (in English).
VIII. Are you required to provide your data?
In the application process, you are required to provide the personal data necessary for deciding on the establishment of the employment relationship or that we are legally obliged to collect. Without this data, we will not be able to carry out the application process with you.
IX. Are automated decisions or profiling measures used?
No automated individual decisions or profiling measures are used.