Applicant Privacy Policy

DocCheck AG, Vogelsanger Str. 66, 50823 Cologne, Germany (hereinafter referred to as "we" or "DocCheck") is responsible for recruitment for the entire DocCheck Group. The following companies belong to the DocCheck Group:

  • DocCheck AG
  • DocCheck Community GmbH
  • DocCheck Shop GmbH
  • DocCheck Guano AG
  • DocCheck Medical Cloud GmbH
  • DocCheck Forest GmbH
  • DocCheck Warehouse GmbH
  • antwerpes ag
  • antwerpes health share gmbh
  • antwerpes healthy media gmbh

 

We take the protection of your personal data (hereinafter simply referred to as “data”) very seriously. Therefore, we would like to inform you about the manner and scope of data processing (collection, processing and use) on our website with the domain https://www.doccheck.ag/de/datenschutzerklaerung as well as during the use of our services offered there (hereinafter collectively referred to as “our services”) with the following data protection guidance.

 

Name and address of the party responsible for the data processing

 

The responsible party in accordance with the General Data Protection Regulation (GDPR) and other regulations and laws relating to data protection is:

DocCheck AG
Vogelsanger Str. 66
50823 Cologne
Germany
Phone: +49 (0) 221-920530
E-mail: karriere(at)doccheck.com
Represented by the Board of Directors:
Dr. Frank Antwerpes (Chairman)
Philip Stadtmann, Thilo Kölzer, Jens Knoop

 

Name and address of the Data Protection Officer

 

Data Protection Officer of DocCheck AG is:

Tim Halver
DocCheck AG
Vogelsanger Str. 66
50823 Cologne
Germany
Phone: +49 (0) 221-920530
E-mail: datenschutz(at)doccheck.com

 

You can directly contact our Data Protection Officer with any questions about data protection.

 

1. What is personal data?

Data protection concerns personal data. Personal data is any information that refers to an identified or identifiable natural person (“person concerned”) (Article 4 paragraph 1 GDPR). A natural person is regarded as identifiable if this person can be identified directly or indirectly, in particular by associating the person with an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Furthermore, so-called special personal data is included in the scope of data protection. This is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. It also refers to the processing of genetic data, biometric data to uniquely identify a natural person, health data or data concerning the sex life or sexual orientation of a natural person (Article 9 paragraph 1 GDPR).

Health data, on the other hand, is personal data referring to the physical or mental health of a natural person, including the provision of health services, and revealing any information about the state of health of that person (Article 4 paragraph 15 GDPR).

 

2. How is this data collected and processed?

The collection, processing and storage of data while using our services can be done in different ways. This can take place directly in our systems, at a company commissioned by us and bound by instructions or also at third parties (see point 3 ff.). An important instrument for data processing in the online sector are techniques such as cookies or HTML5 web storage, which can cache or retrieve information on your terminal device. Therefore, we would like to explain these techniques to you.

 

2.1 Cookies and HTML5 web storage

So-called cookies and HTML5 web storage techniques are small text files that are stored on your terminal device. Cookies and HTML5 web storage are used to save various information beyond the current session, even if you close the window or if you leave the website. When the website is visited again, your browser can access the information stored on your device and forward it to the server of the website. The information can be retrieved by the operator of the website at a later point in time.

There are various areas in which cookies and HTML5 web storage techniques are used:

 

2.1.1 Session cookies and session storage

On the one hand, cookies and web storage are used for the intermediate storage of information which contains, for example, registration information or user settings as well as any other details previously entered or identifiers (hereinafter referred to as “session objects”).

These session objects thus contain data, such as a unique identifier (a so-called “session ID” as pseudonym), with which various requests from your browser can be assigned to the same session and your terminal device can be recognised on various sub-pages of the website. This assignment can also take place if you return to the website again during one internet session, for example after visiting another website in the meantime.

On the one hand, the setting of session objects is required for saving the entries already made by you in any series of input masks and for allowing you to restore your entries in the event of a malfunction (e. g. brief disconnection from the website while trying to access a subsequent input mask). The setting of session objects is also necessary for the correction of information already entered, including when using the "Back" button of your browser. On the other hand, session objects may be required for the provision of various other functions, such as for registration within a user system. In this respect, their use complies with the recognised technical and organisational measures to prevent unintentional access to your data by third parties.

Since it is possible to assign various requests from your browser to the same session, session objects can also generally be used to record your usage behaviour or to send appropriate advertising to you and to make sure that you do not, for example, fraudulently click on multiple advertising banners.

 

2.1.2 Preference cookies and local storage

Cookies and web storage techniques also serve to save your preferred settings on a website and to help you find the information you want regarding the services offered (hereinafter referred to as “preference objects”). Without using these preference objects, several functions could partly not be offered at all or only with considerable limitations.

In contrast to session objects, such preference objects do not allow various browser requests to be assigned to a specific session. In particular, it is not possible to recognise you when returning to a website at a later point in time because they only contain simple settings parameters.

 

2.2 Use of session and preference objects when using our services

Session and preference objects can thus serve a wide variety of purposes. We explain to you why we use which type of technique in point 3, where the individual objectives of processing are covered. This is where we inform you whether any session or preference objects are used for the respective processing objective.

 

2.3 Deactivating and deleting cookies and web storage objects

Under the menu item “Help”, most web browsers offer information on how to prevent the use of cookies and web storage objects technically and about the settings you need in order to be informed by your browser about the placement of a new cookie or web storage object. Please note that some functions of our website may not be available if cookies and web storage objects are deactivated.

 

3. What data do we collect for what purpose and what happens to your data?

3.1 Operation of the website

When visiting our website, the following data is always (i. e. even when simply visiting our website without registering or without using individual services) collected and processed, without drawing any conclusions about your person:

Directly by us:

  • The website you visited previously (so-called referrer URL)
  • The individual pages of our website which you access
  • The date and time of access to our website
  • The Internet protocol address (IP address) of the accessing device
  • The type of device which you use to access our website (e. g. computer, mobile phone etc.)
  • The browser and the operating system which you use to access our website, including the respective version number and the selected language

 

Data which we receive from our provider, CANCOM Managed Services GmbH, Erika-Mann-Straße 69, 80636 Munich, Germany:

  • Further similar data and information which serve to avert danger in the event of attacks on our information technology systems

 

This information is required in order to:

  • Deliver the contents of our website correctly
  • Optimise the contents of our website and its promotion, e. g. to adjust the contents for display on a mobile terminal device
  • Ensure the continuous functionality of our information technology systems and technology of our website as well as
  • Provide law enforcement authorities with the information necessary to prosecute in the event of a cyber-attack

 

After the end of the respective Internet session, we anonymize the collected data and subsequently analyse it statistically. We also analyse the data with the aim to improve data protection and data security in our company in order to ensure an optimum protection level for the personal data processed by us. In this respect, the processing of your data is done in our legitimate interest and is based on Article 6 paragraph 1 sentence 1 point f) GDPR.

 

3.2 Integration of services and contents provided by third parties

We use content or services offered by third-party providers within our online offering based on our legitimate interest (i. e. interest in the analysis, optimisation and economic operation of our online offering in terms of Article 6 paragraph 1 sentence 1 point f) GDPR) in order to integrate their contents and services, such as videos or fonts (hereinafter uniformly referred to as “contents”). This always assumes that the third-party providers of these contents find the IP addresses of the users since they would not be able to send the contents to their browsers without the IP address. The IP address is thus required in order to display these contents.

The following list provides you with an overview of third-party providers and their contents, including links to their privacy policies containing further information about data processing and ways to withdraw consent as partly mentioned here previously (so-called opt out):

 

3.2.1 Google Hosted Libraries

To reduce loading times, Google Hosted Libraries is used to integrate various open-source JavaScript libraries. Google Hosted Libraries is a service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter only referred to as “Google”).

The relevant libraries are made available by Google and are loaded on our website using the corresponding command so that our website can use the library. Google loads the library via a so-called Content Delivery Network (CDN), i. e. via a network of data centres that distributes the content.

 

In particular, we use the following libraries provided by Google:

  • jQuery

 

Integration of the libraries is done via an interface (“API”) to Google services. By integrating these libraries, Google may collect data (including personal data) and process it. In doing so, it cannot be ruled out that Google also transfers this information to a server in a third country.

The processing of user data partly takes place on servers operated by Google in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Google.

 

In particular, the following personal data is processed by Google Hosted Libraries:

  • Protocol data (especially the IP address)
  • Location-related information
  • Unique application numbers
  • Cookies and similar technologies

 

Data processing, especially the use of cookies, is based on your consent given according to Article 6 paragraph 1 sentence 1 point a) GDPR.

You can find detailed information on the terms of use of Google Hosted Libraries here as well as some technical information here.

For further information on the collection and use of data by Google, see also Google’s Privacy Policy.

 

3.2.2 Google Fonts

On our website, we make use of “Google Web Fonts”, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter only referred to as “Google”).

Google Web Fonts allows us to use external fonts, so-called Google Fonts. When you visit our website, your web browser loads the required Google Font into the browser cache. This is necessary so that your browser can show you a visually improved display of our texts. If your browser does not support this function, your computer uses a standard font for display. The integration of these web fonts takes place by means of a server request, usually to a server operated by Google in the USA. In doing so, the server receives information on which web pages you have visited. In addition, Google saves your IP address used by your terminal device.

The processing of user data partly takes place on servers operated by Google in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Google.

We use Google Web Fonts for optimisation purposes, especially in order to improve the use of our website for you and to make its design more userfriendly. For these reasons we also have a legitimate interest in the processing of the above-mentioned data by third-party providers. The legal basis for this is article 6 paragraph 1 sentence 1 point f) GDPR.

For further information on the collection and use of data by Google, see Google’s Privacy Policy.

You can find more information about Google Web Fonts here and here.

 

3.2.3 Google Maps

For the display of interactive maps and for creating directions on our website, we use a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter only referred to as “Google”).

This function allows us to visually display geographic information and interactive maps. When visiting pages where maps provided by Google Maps are integrated, data of those using the websites is collected, processed and used.

The processing of user data partly takes place on servers operated by Google in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Google.

 

Data processing by Google services includes the following data:

  • IP address
  • Device, operating system/browser

 

Data processing, in particular the use of cookies, is based on your consent given according to Article 6 paragraph 1 sentence 1 point a) GDPR.

You can find further information about the collection and use of data by Google in Google’s Privacy Policy. This is also where you can change your settings in the data privacy centre so that you can manage and protect your data processed by Google.

 

3.2.4 YouTube

On our website we make use of YouTube. This is a video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter only referred to as “YouTube”).

The processing of user data partly takes place on servers operated by Google in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Google which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

We use YouTube employing the “Privacy-enhanced mode” function in order to be able to show you videos. The legal basis for this is Article 6 paragraph 1 point f) GDPR. Our legitimate interest is to improve the quality of our website. According to information provided by YouTube, the “Privacy-enhanced mode” function ensures that the data specified in more detail below will only be transferred to the YouTube server if you actually start a video.

Without this “Privacy-enhanced mode”, a connection to the YouTube server in the USA is established as soon as you visit one of our web pages with an integrated YouTube video.

This connection is necessary in order to be able to display the respective video on our website via your web browser. In the course of this, YouTube records and processes a minimum of your IP address, the date and time as well as the website you visited. Furthermore, a connection to the Google advertising network “DoubleClick” is established.

If you are logged in to YouTube simultaneously, YouTube assigns the connection information to your YouTube account. If you want to prevent this, you must either log out from YouTube before visiting our website or enter the corresponding settings in your YouTube user account.

YouTube continuously saves technically necessary cookies via your web browser on your terminal device for the purpose of functionality and analysis of user behaviour. If you do not wish to allow this processing, you can prevent the storage of cookies by entering the corresponding setting for your web browser.

You can find further information on the collection and use of data as well as your rights and privacy controls in this regard in Google’s Privacy Policy.

 

3.2.5 CookieFirst

We use the consent management tool CookieFirst, a service of Digital Data Solutions B.V. (Plantage Middenlaan 42a, 1018 DH, Amsterdam) on our website; hereinafter only referred to as "CookieFirst".

The tool allows you to give your consent to data processing via the website, in particular to the setting of cookies, and to exercise your right of withdrawal for previously given consents. This data processing serves the purpose of obtaining and documenting the necessary consent to data processing in order to comply with legal obligations. Cookies may be used for this purpose. In this processing the following information, among others, may be collected and transmitted to CookieFirst:

  • uniquely assignable ID
  • date and time of consent
  • opt-in
  • and opt-out data.

This data will not be passed to other third parties. The data is processed to fulfill a legal obligation based on Art. 6 Para. 1 Sentence 1 Letter c) GDPR. You can find further information in CookieFirst’s privacy policy.

 

3.2.6 Vimeo

We make use of Vimeo in order to display videos on our website. This is a service operated by Vimeo, LL C, 555 West 18th Street, New York, New York 10011, USA, hereinafter only referred to as “Vimeo“.

The processing of user data partly takes place on servers operated by Vimeo in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Vimeo and we fully apply the strict regulations of German Data Protection Authorities in our use of Vimeo.

The legal basis for this is Article 6 paragraph 1 point f) GDPR. Our legitimate interest is to improve the quality of our website.

When visiting a page on our website in which a Vimeo video is embedded, your browser connects to the servers of Vimeo. For technical reasons, it is necessary for Vimeo to process your IP address. Furthermore, the date and time of your visit to our website is recorded.

If you are logged in to Vimeo simultaneously while visiting one of our webpages in which a Vimeo video is embedded, Vimeo may assign the information gathered to your personal Vimeo user account. If you want to prevent this, you must either log out from Vimeo before visiting our website or configure your Vimeo user account accordingly.

If you do not wish to allow this data processing, you can prevent the installation of cookies by entering the corresponding settings for your internet browser. If you are a registered member of Vimeo, you can also use the settings of Vimeo to manage the cookies used.

You can find further information about the collection and use of data as well as about your rights and ways to protect your privacy in Vimeo’s Privacy Policy .

3.2.7 Zammad

We use the helpdesk system Zammad provided by Zammad GmbH, Marienstraße 18 in 10117 Berlin, Germany, hereinafter referred to as “Zammad“. We have concluded a contract on the commissioning of data processing with Zammad for this purpose.

Zammad uses data (chat protocols, e-mails with e-mail address) only for technical reasons related to the processing of enquiries and does not transfer it to third parties.
During the processing of service enquiries, it may become necessary to collect more of your data.

We make use of Zammad based on our legitimate interest, i.e. the quick and efficient processing of enquiries. The legal basis is Article 6 paragraph 1 sentence 1 point f) GDPR

If you are not happy to have your data collected by the Zammad software, you can use alternative means of communication such as e-mail or telephone.

You can find further information in Zammad’s Privacy Policy.

3.3 Analysis Tools

It goes without saying that we want to design our services to meet your requirements and offer you the best possible user experience. Therefore, we continuously monitor the functioning of our services and correct any functions identified as being faulty or user unfriendly. Another important point for us is to know if and to what extent the services we offer reach our intended target group. For this purpose, it is necessary to understand where, how and to what extent you use our services.

To obtain this information, we use the tools mentioned in number 3.4 to measure audience and analyse the use of our services. This data processing is done in our aforementioned, legitimate interest and is thus based on Article 6 paragraph 1 sentence 1 point f) GDPR. This legitimate interest lies in a design that meets your requirements and in the continuous improvement of our website as well as in the maintenance of its functionality.

You can learn more about the details of the concrete data processing by reading the following explanations:

 

3.3.1 Google Analytics

To meet your requirements in the design and continuous optimisation of our websites, we use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter only referred to as “Google“. This involves pseudonymous user profiles being established and cookies needed for technical reasons being set (see number 4). The information generated by the cookie concerning your use of this website such as

  • browser type/ version,
  • operating system,
  • referrer URL (the page previously visited),
  • host name of the accessing computer (IP address)
  • time of the server request,

 

is transferred to a Google server in the USA and stored there. DocCheck has set a time limit for the storage of this data at Google of 26 months. This information is used to analyze the use of the website, to generate reports on the activities of the website, and to render other services in connection with the use of the website and the Internet for the purposes of market research and a website design that meets your requirements. This information may also be transferred to third parties if this is legally required or if these third parties are commissioned to process the data. In no case will your IP address be merged with other data of Google. IP addresses are anonymized, so that an assignment is impossible (IP masking).

The processing of user data partly takes place on servers operated by Google in the USA. Data transfer to the USA is based on standard contractual clauses of the EU Commission. In addition, we have concluded a contract on the commissioning of data processing with Google, which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

You can prevent the installation of these cookies required for technical reasons using the corresponding settings for your browser software; but we point out that in this case you may not be able to make full use of all the functions of the website.

Furthermore, you can prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on by clicking this link.

As an alternative to the browser add-on, particularly for browsers on mobile terminal devices, you can prevent the collection of data by Google Analytics by setting an opt-out cookie which prevents the future collection of your data when visiting the website. The opt-out cookie works only within this browser and only for our website and is stored on your device. If you delete cookies in this browser, you must set the opt-out cookie again.

The use of Google Analytics and the data processing this involves including the use of cookies thus takes place in our legitimate interest based on Article 6 paragraph 1 sentence 1 point f) GDPR. This legitimate interest lies in a design that meets your requirements and in the continuous improvement of our website. In addition, we have concluded a contract on the commissioning of data processing with Google which ensures that the processing of personal data is subject to a level of security corresponding to that of the GDPR.

You can find more information about data protection in connection with Google Analytics at Google Analytics Help or here.

 

3.4 Data we process if you apply to our company

If you apply to our company, we process personal data from you to consider your future employment. Data is only processed insofar as this is necessary for our decision to employ you. The data you provide during registration and by filling in our short application form, by sending an e-mail or by other means, may be inspected and used by DocCheck. This may be general data referring to you personally, to your vocational qualifications and school education or further training or other information you provide in the context of your application. Furthermore, we may process employment-related information you made publicly available by publishing it in your profile on professional social media networks, in particular XING and LinkedIn.

The legal basis for this is thus Article 6 paragraph 1 point b) GDPR as well as Article 26 paragraph 1 in connection with paragraph 8 sentence 2 German Federal Data Protection Act (BDSG). Furthermore, we can process personal data about you if this is necessary to defend ourselves against legal claims originating from the application procedure. The legal basis for this is Article 6 paragraph 1 point f) GDPR, our legitimate interest is for example a burden of proof in proceedings according to the General Act on Equal Treatment (AGG). If we hire you, we can process the personal data already obtained from you for employment-related purposes, if this is necessary for carrying out or terminating the employment according to Article 26, paragraph 1 BDSG. There will be no transfer to third countries.

There will be no automated decision-making according to Article 22 GDPR.

If you are still underage i.e. have not yet reached the age of 18 and you wish to apply to our company, we require you to have the consent of your legal representative (your parents in most cases). If we become aware that this is not the case, we cannot consider your application and we will delete your data immediately.

The data can be transferred to the above-mentioned companies belonging to our group, depending on which of these companies you want to apply to. Furthermore, we check other vacancies in the same company and may proactively suggest other positions to you. Furthermore, we have commissioned the processing of personal data in the framework of contracts based on Article 28 GDPR; this applies to the hiring system provider Recruitee as well as to the above-mentioned companies belonging to our group.

 

3.4.1 Hiring System: Recruitee

For job applications, we use the services of the company Recruitee B.V., address: Keizersgracht 313 1016 EE Amsterdam, Netherlands (hereinafter referred to as "Recruitee"). A Recruitee webpage is integrated on our Jobs subpage. We have concluded a contract on the commissioning of data processing with Recruitee.

Recruitee is directly implemented on our website as a webservice. The use of Recruitee is based on our legitimate interest to optimize our entire application management and its efficiency, thus the legal basis is Article 6 paragraph 1 point f) GDPR. In this framework, we process your personal data to smoothen the entire application process. If you visit our Jobs subpage, Recruitee collects personal information from you, such as

  • contact details, e.g. title, first name, last name, address, e-mail address, telephone number
  • photo
  • business networks
  • documents, such as cover letter, CV, diplomas, other qualifications, work samples
  • other information you provided voluntarily
  • correspondence relating to your application

 

Collection of your personal data is necessary for taking steps at your request prior to entering into a contract, cf. Article 6 paragraph 1, point b) GDPR.

In principle, we store your personal data for as long as this is necessary to decide upon your application. If we do not employ you, we can still store data insofar as this is necessary for the defence against possible legal claims. The information on data deletion mentioned below also applies to job applications reaching us by e-mail or as printed documents. In this case, data will be deleted six months after you were informed about our rejection of your application, unless longer storage is necessary because of (possible) legal disputes. The longest possible storage period is 3 years in the case of claims for damages for violation of the right to protection of personality, as this is subject to the general period of prescription stipulated in §§ 195, 199 German Civil Code (BGB).

You can find more information on data protection in the Privacy Policy of Recruitee.

 

3.4.2 Communication & Interview Invitation: Microsoft Office 365 (Outlook & Teams)

In the case of a digital job interview, we use Office 365 services for applicants, provided by Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA (hereinafter referred to as "Microsoft"). The services used are Microsoft Outlook (hereinafter "Outlook") as a communication tool and calendar function for scheduling job interviews and Microsoft Teams (hereinafter "Teams") for conducting the digital job interview in the form of an online meeting.
 

When communicating about your application and scheduling an interview, we collect the following personal data from you in the Office 365 services used:

  • Contact details, such as title, first name, surname, email;
  • Correspondence relating to your application and documents that you provide to us by email.

The collection of your personal data is necessary for the implementation of any pre-contractual measures that are carried out at your request, Art. 6 Section 1 letter b) GDPR.

Microsoft processes the personal data to provide the agreed services as defined in the Microsoft Online Services Terms of Use and ultimately for the purposes determined by us as the contractual partner within the scope of our contractual relationship. The legal basis is then Art. 6 Section 1 p. 1 b) GDPR. Please note that we have no influence on Microsoft's data processing in some cases. To the extent that Microsoft Teams processes personal data in connection with Microsoft's legitimate business operations, Microsoft is an independent data controller for such use and as such is responsible for compliance with all applicable laws and obligations of a data controller.

Further information on data protection can be found in Microsoft's privacy policy and in the additional privacy policy for Microsoft Teams.  There you will also find further information on your rights in this regard. Microsoft may also process some of your personal data in the USA.

 

3.4.3 Talentpool + Talentpool-Newsletter

We always find talented people among our applicants for whom we unfortunately do not have a suitable vacancy at the time of application. We therefore invite suitable applicants to join our talent pool (hereinafter "talent pool"). If you wish, we can also inform you regularly about job vacancies and innovations within our company via our talent pool newsletter (hereinafter referred to as the 'talent pool newsletter').

 

(a) "Talent pool"

For our talent pool, we use the company Recruitee B.V., Keizersgracht 313 1016 EE Amsterdam, Netherlands (hereinafter referred to as "Recruitee"). As part of the application process (3.4.1), we ask applicants for their explicit consent that the submitted application may be stored in Recruitee for a full stop of 2 (two) years beyond the specific process. After that, the applicant's data will be deleted or the application documents will be stored for a further period of time after a new request for consent, provided that the applicant is interested in continuing to be part of our talent pool.

Further information on data protection can be found in our privacy policy on the application process under point 3.4.1 and in Recruitee's privacy policy.

 

(b) "Talent pool newsletter"

We collect the following data as part of our talent pool newsletter:

  • Contact data, such as title, first name, surname, address, email, telephone number;
    Business networks;
  • General information about your specialism
  • Your professional level (e.g. working student, career starter, experienced professional)
  • Your preferred location for working (Cologne or remotely within Germany)
    Other information you provide voluntarily

For our talent pool newsletter, we use the services of HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (hereinafter referred to as "Hubspot").


The legal basis for the processing of your data in our talent pool is your consent pursuant to Art. 6 Section 1 lit. a GDPR.  The transfer to a third country is based on Art. 49 Section 1 lit. a GDPR. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future. Your personal data will be stored for as long as it is necessary to fulfil the purpose of processing or until you withdraw your consent. The data will be deleted as soon as it is no longer required to fulfil the purpose. 

Further information about how HubSpot works can be found in the HubSpot Inc. privacy policy.

 

3.5 Data we process if you contact us

If you contact us using the contact details given on the website, in particular the contact form or the e-mail addresses and fax / telephone numbers, we process, apart from date and time of your enquiry, such data that you voluntarily share with us. This may be your title including academic title, your name, your (mobile) telephone number, your e-mail address as well as other information provided voluntarily. We use this data to deal with your enquiry. Processing of your data is in this sense executed upon your request and is based on Article 6 paragraph 1 sentence 1 point b) GDPR. Concerning additional information you make available voluntarily, data processing is executed following your consent and is thus based on Article 6 paragraph 1 sentence 1 point a) GDPR.

When using our contact form, your Internet Protocol Address (IP address) is stored. This storage ensures the provision of our services and the avoidance of abuse. If need be, it enables us to resolve possible criminal acts and to enforce private rights of third parties. In this sense, the storage of your IP address is necessary for our own protection. Under no circumstances will we transfer this data to third parties, except for appropriate legal duties of transfer or if transfer of data is necessary to resolve criminal acts. Processing of this data is based on Article 6 paragraph 1 sentence 1 point f) GDPR.

If your enquiry refers to the use of our services or is made in the framework of our contractual relationship including the negotiating stage of such a relationship, data transferred or collected upon your request will be stored for the duration of our contractual relationship. In other cases, we store data in principle only for the period of time necessary to answer your enquiry, as long as there are no conflicting retention periods stipulated by law.

 

4. How do we treat your data?

When processing data, we aim at ensuring the best possible level of security in the framework of the respective purpose of use. Even if absolute protection cannot be guaranteed, we take precautions to protect your data.

This includes the encrypted transfer of your data at all times. We use the coding system SSL (Secure Socket Layer) for this purpose to prevent data flows being intercepted by third parties and your data becoming visible in plain text. You can see that we use the SSL coding system from the acronym “https://“ in the address line of your browser as well as the lock symbol next to the address line of all commonly used browsers. You thus know that your data is transmitted to us in a secure way.

 

5. How long do we store your data?

We only store personal data for the period of time necessary to fulfil the specific above-mentioned purpose. Afterwards, personal data is deleted if there are no conflicting retention periods stipulated by law.

 

6. What are your rights?

Concerning the use of your data, you have the following rights. You can enforce these rights against us as the responsible persons. In this case, you can contact our Data Protection Officer directly.

 

6.1 Right to information

At any time, you have the right to obtain free of charge information from us concerning the data stored concerning you personally, as well as a copy of this information. Furthermore, you have the right to information concerning the following details:

  • the purpose of the processing
  • the categories of personal data concerned
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of the right to request the responsible person rectification or erasure of personal data or restriction of processing of personal data or to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from you, any available information as to their source
  • the existence of automated decision-making, including profiling referred to in Article 22, paragraph 1 and 4 GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the person concerned.

 

Furthermore, you have the right to be informed if personal data have been transferred to third countries or international organisations.

If this is the case, you have the additional right to be informed of the appropriate safeguards relating to the transfer.

If you want to exercise this right to information, you may contact our Data Protection Officer or any other employee at any time at karriere(at)doccheck.com.

Your right to information is based on Article 15 GDPR.

 

6.3 Right to erasure (right to be forgotten)

You have the right to request that personal data concerning you be deleted immediately, if one of the following reasons applies and if processing is not necessary:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed you withdraw the consent on which the processing is based according to Article 6 paragraph 1 point a) GDPR or Article 9 paragraph 2 point a)
  • GDPR and there is no other legal ground for the processing
  • you object to the processing pursuant to Article 21 paragraph 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 paragraph 2 GDPR.
  • the personal data have been unlawfully processed
  • we are obliged to erase your personal data for compliance with a legal obligation in Union or Member State law to which we are subject
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8 paragraph 1 GDPR

 

If one of the above-mentioned conditions applies and you want to request us to erase personal data which we stored, you may contact our Data Protection Officer or any other employee at any time at karriere(at)doccheck.com. Our Data Protection Officer or employee will see to it that your request for erasure is promptly executed.

Your right to erasure is based on Article 17 GDPR.

 

6.4 Right to restriction of processing

You have the right to request that processing is restricted, if one of the following conditions is fulfilled:

  • the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data
  • the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defence of legal claims
  • you have objected to processing pursuant to Article 21 paragraph 1 GDPR pending the verification whether the legitimate grounds of our company override yours

 

If one of the above-mentioned reasons applies and you want to request us to restrict personal data which we stored, you may contact our Data Protection Officer or any other employee at any time at karriere(at)doccheck.com. Our Data Protection Officer or employee will see to it that your request for restriction is promptly executed.

Your right to restriction of processing is based on Article 18 GDPR.

 

6.5 Right to data portability

You have the right to receive the personal data concerning you which you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit those data to another responsible person without hindrance from our side where (i) the processing is based on consent pursuant to Article 6, paragraph 1, point a) GDPR or Article 9 paragraph 2 point a) GDPR or on a contract pursuant to Article 6 paragraph 1 point b) GDPR and (ii) the processing is carried out by automated means. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, in exercising your right to data portability, you have the right to have the personal data transmitted directly from one responsible person to another, where technically feasible, and where this right does not adversely affect the rights and freedoms of others.

Your right to data portability is based on Article 20 GDPR.

 

6.6 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 paragraph 1 point e) or f) GDPR, including profiling based on those provisions.

In the case of an objection, we will no longer process personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This also includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 paragraph 1 GDPR you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

If you want to exercise the right to object, you may contact our Data Protection Officer or any other employee at any time at karriere(at)doccheck.com. Furthermore, in the context of the use of information society services, irrespective of directive 2002/58/EC, you are free to exercise your right to object by means of automated procedures which make use of technical specifications.

Your right to object is based on Article 21 GDPR.

 

6.7 Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you if this decision is not necessary for entering into, or performance of, a contract between you and us or is not authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent.

If the decision is necessary for entering into, or performance of, a contract between you and us or is based on your explicit consent, we implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

If you want to exercise rights referring to automated decision-making, you may contact our Data Protection Officer or any other employee at any time at karriere(at)doccheck.com.

These rights are based on Article 22 GDPR.

 

6.8 Right to withdraw your consent

You have the right to withdraw your consent to the processing of personal data in whole or in part at any time.

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you want to exercise your right to withdraw your consent, you may contact our Data Protection Officer or any other employee at any time. You will find contact details at the beginning of this Privacy Policy, directly before the summary.

Your right to withdraw your consent to the processing of personal data is based on Article 7 paragraph 3 GDPR.

 

6.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority. This right is based on Article 56 paragraph 2 GDPR.

 

7. Changes to this Privacy Policy

Use of collected data is always subject to the Privacy Policy valid at the time the data is collected.

We reserve the right to amend the Privacy Policy to adjust it to factual or legal changes. In this case, we will publish the new and from that point onwards applicable version of this Privacy Policy on our website. If we consider it necessary, we will highlight amendments of this Privacy Policy in an appropriate manner. This applies in particular if we intend to use already collected data in a way that deviates from the original purpose.

If our use of your personal data is based on your consent, we will only use your data within the framework you consented to, irrespective of amendments to the Privacy Policy which may have occurred in the meantime. In this case and if need be, we will ask you for a new consent which corresponds to the intended modifications in our use of data.

 

Last update 01/2022