Data protection policy


Introduction

-    This data protection policy describes how we collect, use and process your personal data and how we uphold our statutory obligations to you, especially those arising from the EU General Data Protection Regulation (‘GDPR’). The protection of your data is important to us, and we have made it our mission to protect and guarantee your data protection rights.

-    This data protection policy explains how we handle your personal data when we support you as a candidate in your job search and uphold our relationship with you after we have found you a position or if you are not accepted for a position and when you visit our website. 

-    If there are no legal grounds for processing, we generally obtain permission from the data subject.

 

1. Who is responsible for the processing of your personal data?
The responsible authority for the collection, processing and use of your personal data in the sense of article 4 paragraph 7 of the GDPR is

Gütermann Consulting GmbH
Managing Director: Martin Gütermann, Sabine Gütermann
Kapellenweg 2
DE-79261 Gutach
Phone +49 7682 82 52
Fax +49 7682 96 36
mail@guetermann-consulting.com

 (hereafter referred to in the first person).

2. What kind of personal data is collected?

2.1. Candidates 
We process data related to your applications. This may be general data about you (e.g. contact details, CV with previous employment, photo, date of birth, qualifications, references) or other information that you provide us with in relation to your application (e.g. salary components, interests, preferences and expectations for your job search, contact partner for a reference).

We may process certain sensitive personal data if you include this in information you submit to us, e.g. if you include information about your health or religion in the CV you send us.

If you register or submit a job application on our job portal, we may ask you to provide personal data like your name and contact details (email address) as well as other application documents.

Otherwise, we may process other work-related information made public by you, such as a profile on a work-related social media network (e.g. XING, Experteer, LinkedIn). 

2.2. Visitors to Our Website
If you use our website exclusively for information purposes, i.e. if you do not register on our job portal or submit information in any other way, we only collect the personal data transferred to our servers by your browser/provider.

If you would like to view our website, we collect the information technically required for us to display our website and guarantee stability and security in accordance with article 6 paragraph 1 sentence 1 f of the GDPR:

  • IP address
  • Date and time of request
  • Time difference to Greenwich Mean Time (GMT)
  • Content of request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred
  • Website the request came from
  • Browser
  • Operating system and interface
  • Language and browser version.

3. For what purposes and on what legal basis do we process personal data?

3.1. Candidates
The main reason for the use of your personal data is to support you in your search for a job or other suitable position with one of our clients. We collect your data and save it in our applicant database so we can contact you in relation to your application. The legal basis is article 6 paragraph 1 f of the GDPR.
 
Insofar as you have granted us permission, we will send your personal data to clients looking to fill a job vacancy or offering another position after consulting you. The legal basis is article 6 paragraph 1 a of the GDPR.

If you have granted permission, we will compare your data with job openings and contact you via email or telephone when we find a suitable position for you. The legal basis is article 6 paragraph 1 a of the GDPR.

Furthermore, we may process personal data about you if this is necessary to defend against legal claims against us arising from the application process. The legal basis for this is article 6 paragraph 1 f of the GDPR.

3.2. Visitors to Our Website
We use your data to make it easier for you to use our website. The legal basis is article 6 paragraphs 1 a and f of the GDPR.

4. From what sources do you get personal data?
You can submit your data to us as an applicant via our online application form, our job portal, via email or in person. In order to prevent unauthorised third party access to your personal data, the connection is SSL encrypted.

The data may come from an application that you submitted via a job agency. Or you may have made the data public on a professional social media network (e.g. Xing, Experteer or LinkedIn). The data may also come from third parties that you contacted regarding a job application.

5. What recipient categories receive the data?
Insofar as you have granted us permission, we can send your personal data to clients looking to fill a job vacancy or offering another position after consulting you. 

Otherwise, personal data is processed on our behalf based on contracts in accordance with article 28 of the GDPR, especially by host providers, applicant management system providers and external service providers. 

6.  Do we transfer your data outside Germany?
When you visit our website, the data outlined in section 2.2 will be transferred to Switzerland. The EU Commission has issued an adequacy decision for Switzerland in accordance with article 45 paragraph 1 of the GDPR.

Insofar as you are considered as an applicant for a position inside or outside the European Economic Area (EEA), your personal data will be transferred there with your permission and after consulting you.

Regarding the use of social plug-ins, Google Analytics and Google Maps, data may be processed both inside and outside the European Economic Area (EEA). You can find out more in sections 11, 12 and 13.

7. How long will your data be stored for?
We will save your personal data for as long as is required for our client to make a decision about your application. After this, we will delete your personal data or limit processing if we must uphold statutory retention periods.

If you have granted us permission, we will save your personal data for as long as we have this permission.

We may also save data insofar as this is necessary for defence against possible legal claims or insofar and for as long as we are legally or otherwise obliged to store your data.

8. What rights do you have?
Depending on the individual situation, you have the following data protection rights, and you can contact us at any time using the contact details provided in section 1 to exercise them:

  • Right to Information (Article 15 of the GDPR)

You especially have the right to obtain information about the data saved by us, the purpose of data processing and any transfers of data. Furthermore, you have the right to receive a copy of the data kept by us.

  • Right to Correction or Deletion (Article 16 of the GDPR and Article 17 of the GDPR)

This means you have the right to request the correction of incorrect or incomplete data or the complete deletion of your data insofar as no statutory retention obligations prevent this.

  • Right to Limit Processing under the Conditions in Article 18 of the GDPR
  • Right to Data Transferability (Article 20 of the GDPR)
  • Right to Object to Processing (Article 21 of the GDPR)

Based on grounds arising from your specific situation, you have the right to object to the processing of the personal data outlined above based on article 6 paragraph 1 f of the GDPR.

  • Right to Complain to a Supervisory Authority (Article 77 of the GDPR)

You have the right to complain to a data protection supervisory body about our processing of your personal data.

9. No Automated Decision Making
No automated decision making in the sense of article 22 of the GDPR takes place, i.e. the decision regarding your application is not based on automated processing.

10. What are cookies and how are they used?
In order to make a visit to our website more attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files that are saved to your end device. Some of the cookies we use are deleted after the browser session, so when you close your browser (session cookies). Other cookies remain on your end device and allow us or our partners (third party cookies) to recognise your browser the next time you visit (persistent cookies). If cookies are placed, they collect and process certain user information such as browser and location data and IP address values. Persistent cookies are automatically deleted after a set time period, which may differ from cookie to cookie.

If cookies implemented by us also process personal data, the processing is intended to uphold our legitimate interests in the best possible functionality of the website as well as customer-friendly and effective page design in accordance with article 6 paragraph 1 f of the GDPR.

Please note that you can set up your browser to inform you each time a cookie is set or to ask you to confirm each time or to generally allow or generally reject cookies. Each browser has different cookie settings. This is generally outlined in every browser’s help menu, which will explain how you can change your cookie settings. 
Please note that rejecting cookies may limit the functionality of our website.

11. How are social plug-ins used? 
Our website uses plug-ins, e.g. from the following providers:

  • Google+, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA
  • Facebook.com, operated by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304 in the USA
  • linkedin.com, operated by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA& 94043 in the USA
  • XING, operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg in Germany

We hereby notify the users of our website that plug-ins for Google+, Facebook, LinkedIn, XING etc. are installed on our website. If you click on one of these buttons, the relevant plug-in will establish a direct connection with Google+, Facebook, LinkedIn, XING etc. The content of the plug-in you use is transferred directly from Google+, Facebook, LinkedIn, XING etc. directly to your browser. The content of transferred data is outside our sphere of influence. However, we would like to inform you what data is transferred to Google+, Facebook, LinkedIn, XING etc. to our current knowledge.

When you use these plug-ins, i.e. you click the relevant button, the information that you have visited certain pages of our website will be forwarded to the servers of Google+, Facebook, LinkedIn, XING etc. If you are logged into your Google+, Facebook, LinkedIn, XING etc. account, this usage data will be allocated to your personal account. If you use these buttons, e.g. by leaving a comment, this information will be transferred from your browser directly to Google+, Facebook, LinkedIn, XING etc. and saved there. Even if you are not a member of the relevant social networks, there is still a chance that Google+, Facebook, LinkedIn, XING etc. may collect and save your IP. 

In order to find out the purpose and scope of the collection, processing and use of your data as well as your rights and settings options to protect your privacy, please use the links below to find the social network providers’ privacy policies: 

If you do not want Google+, Facebook, LinkedIn, XING etc. to collect data about you via our website, please log out of your Google+, Facebook, LinkedIn, XING etc. accounts before visiting any pages on our site. You can also block Google+, Facebook, LinkedIn, XING etc. plug-ins using add-ons for your browser. 

12. How is Google Analytics used? 
Our website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). Google Analytics uses cookies, text files that are stored on your computer and enable the analysis of your website use. The information generated by the cookie about your use of this website (including your shortened IP address) is usually transferred to a Google server in the USA and stored there.

Our website only uses Google Analytics with the ‘_anonymizeIp()’ extension, which ensures the anonymisation of IP addresses by way of shortening them, thus preventing direct identification. This expansion means that your IP address will first be shortened by Google before leaving the European Union or the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. In these exceptional cases, the processing takes place based on our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with article 6 paragraph 1 f of the GDPR.

On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

You can prevent the saving of cookies by setting your browser software accordingly; we wish to point out that you may not be able to make full use of all the functions of this website if you do so. You can also prevent Google’s collection of the data generated by the cookie relating to your use of the website (including your IP address) as well as Google’s processing of this data by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Alternatively to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie to prevent Google Analytics from collecting data within this website in future (this opt-out cookie only works in this browser and for this domain - if you delete cookies in your browser, you will have to repeat this process): Deactivate Google Analytics

Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
You can find more information about the handling of user data by Google Analytics in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

13. How is Google Maps used? 
Our website uses services from Google Maps. This lets us show you interactive maps on our website, allowing you to easily use the map function.

When you visit our website, Google receives the information that you viewed the specific pages of our website. Furthermore, data in accordance with section 2.2 of this policy is transferred. This occurs regardless of whether you are logged into a Google user account or whether you have no such user account. If you are logged into Google, your data will be directly allocated to your account. If you do not want data to be allocated to your Google profile, you must log out before activating a button. Google saves your data as a user profile and uses it for advertising, market research and/or needs-orientated website design purposes. Any such evaluation takes place especially (even for users not logged in) to provide needs-orientated advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile, whereby you must address any such objection to Google.

You can find more information and the scope and purpose of data collection and its processing by plug-in providers in the provider’s data protection policy. There, you will find more information about your related rights and settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework 

14. How are links to other websites used? 
Our website may contain links to websites, plug-ins and third party applications. When you click on these links or activate connections, third parties may collect or pass on data about you. We have no influence on third party websites and take no responsibility for their privacy policies. 

15. Data Security
Although we do our best to protect your personal data, you should know that transferring information via the internet or email is not completely safe and we cannot guarantee the safety of your personal information if this is transferred on the website or to third parties. All transfers are at your own risk. We use strict processes and suitable technical and organisational security measures to prevent unauthorised access, deletion or transfer of personal data insofar as possible.

16. Changes to This Data Protection Policy
Our data protection measures are regularly reviewed and improved. You can always find the latest data protection policy on this page. We recommend checking the policy at regular intervals.


Valid as of: 25th of May 2018