Privacy policy
 

1. Data privacy overview

General information

The following information provides a basic overview of what happens to your personal data when you visit this website. Personal data refers to any information that can be used to identify you personally. You can find detailed information on the subject of data protection in the Privacy Policy below this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator.
Contact information for the website operator can be found in the ‘Information on the data controller’ section of this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This includes information that you enter into contact forms, for example. Other data is automatically collected or collected on the basis of your consent by our IT systems when you visit our website. This primarily comprises technical data (e.g. information on your browser, operating system or the time of the page request).
Your data is automatically collected when you visit this website.

Which purposes do we use your data for?

We collect some of your data to ensure the proper functioning of our website
Other data is used to analyse how visitors use our site.

What are your rights concerning your data?

You have the right to receive information concerning the origin, recipients and purpose of your stored personal data free of charge at any time. You also have the right to demand the rectification or erasure of this data. If you have consented to data processing, you can withdraw your consent at any time with future effect. Moreover, under certain circumstances, you have the right to demand that the processing of your personal data is restricted. You also have the right to appeal to the relevant supervisory authority. If you have any questions regarding this or any other questions on the subject of data privacy, please contact us.

Analysis tools and third-party tools

When you visit our website, we are able to statistically analyse your surfing behaviour. This primarily takes place through the use of analysis tools.

You can find more information on these analysis tools in the following Privacy Policy.

 

2. Hosting

Content on our website is hosted by the following provider:

Mittwald

The content on our website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter referred to as Mittwald).

You can learn more in the Mittwald privacy policy:
www.mittwald.de/datenschutz.

We use the services provided by Mittwald on the basis of Section 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring our website is displayed as reliably as possible. Provided the applicable consent has been obtained, processing takes place on the basis of Art. 6(1) lit. a GDPR and Section 25(1) of the Telecommunications and Telemedia Data Protection Act (TDDDG) where consent covers the storage of cookies or access to information on the user's device (e.g. device finger printing) as set out in the TDDDG. Previously granted consent may be withdrawn at any time.

Commissioned data processing

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This agreement is required by data protection regulations and ensures that the data controller solely processes personal data from our website visitors in line with our instructions and in accordance with the GDPR.

 

3. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy. 

A range of personal data is collected when you use this website. Personal data refers to any information that can be used to identify you personally. This Privacy Policy explains which data we collect and the purposes for which we use it. It also explains how and why data is collected.

Please note that online data transmissions (e.g. email communication) may be subject to security gaps. We are unable to warrant complete protection of data against third party access.

Information on the data controller

The controller for data processing on this website is
PKF WULF SERVICES GmbH
Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft

represented by the management board:
Dipl.-Betriebswirt (BA) Christoph Kalmbach, Auditor/Tax Consultant
Dipl.-Ökonom Ralph Setzer, Auditor/Tax Consultant
Dipl.-Finanzwirt Martin Wulf, Auditor/Tax Consultant
M.A. Dominik Huth, Tax Consultant
B.A. Martin Krebs, Auditor/Tax Consultant

Löffelstraße 44
70597 Stuttgart

Phone: +49 (711) 69767-0
Fax: +49 (711) 69767-133

Email: info@pkf-wulf.de

The controller is the natural person or legal entity that, single-handedly or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
 

Retention period

Unless specific retention periods are stipulated in this Privacy Policy, we store your data until the purpose for which it is processed is no longer applicable. If you exercise a legitimate attempt to erase your data or withdraw your consent to the respective processing of your data, your data will be erased, provided we have no other legitimate grounds for continued storage of your personal data (such as retention periods stipulated by fiscal and commercial law); in the latter case, your data will be erased once the grounds for continued storage cease to exist.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR and Art. 9 (2) lit. a GDPR, if particular categories of data pursuant to Art. 9 (1) GDPR are being processed. If you have granted your express consent to the transfer of personal data to third countries, data processing also takes place on the legal basis of Art. 49 (1) lit. a GDPR.
If you have consented to the storage of cookies or access to information on your device (e.g. device finger printing), data processing also takes place on the legal basis of Section 25 (1) TDDDG.
Previously granted consent may be withdrawn at any time. If your data is required to perform contractual duties or in order to take steps prior to entering into a contract, we will process your data on the legal basis of Art. 6 (1) lit. b GDPR. We also process your data where required to fulfil our statutory obligations on the legal basis of Art. 6 (1) lit. c GDPR. Data processing may additionally take place on the basis of our legitimate interests as per Art. 6 (1) lit. f GDPR. The applicable legal bases for processing in each individual scenario are explained below in this privacy policy.

Data Protection Officer
We have appointed the following external data protection officer.

Julian Kraft
KUHN IT GmbH
Schillerstraße 81
73642 Welzheim

Email: datenschutz@kuhnit.de
Phone: +49 (7182) 51601 64

Recipients of personal data

We work in partnership with a number of external parties as part of our business operations. As a result, in certain circumstances, we may also need to transfer personal data to these external parties. We only pass on personal data to external parties when required to fulfil contractual duties, in the case of legal requirements (e.g. disclosure of data to the tax authorities), to uphold our legitimate interest in transferring the data as per Art. 6 (1) lit. f GDPR or where any other legal grounds permit the transfer of data. If we use processors, we will only pass on personal data from customers on the basis of a valid data processing agreement. In cases where we jointly process data, a contract will be concluded to govern the joint processing.

Withdrawing your consent to data processing

A wide range of data processing operations are only possible with your express consent.
You reserve the right to withdraw previously granted consent at any time. The legality of the data processing carried out up to the point of withdrawal remains unaffected by the withdrawal.

Right to appeal to the competent supervisory authority

In the event of violations of the GDPR, data subjects reserve the right to appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place where the alleged violation occurred.
The right to appeal exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to demand that we hand over any data which we process automatically on the basis of your consent or to fulfil a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place where technically feasible.

Right to information, rectification and erasure

Within the scope of the applicable statutory provisions, you reserve the right to obtain information free of charge at any time about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, the right to rectify or erase this data. If you have any questions regarding this or any other questions on the subject of personal data, please contact us.

Right to restrict data processing

You have the right to request that the processing of your personal data is restricted.
Please contact us at any time to exercise this right.
The right to restrict processing exists in the following cases:
 

  • If you dispute the accuracy of your personal data stored with us, we usually require time to verify this.
    For the duration of this review, you also have the right to request that the processing of your personal data is restricted.
     
  • If the processing of your personal data was/is carried out unlawfully, you may request the restriction of data processing instead of deletion.
     
  • If we no longer require your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that we restrict the processing of your personal data instead of deleting it.
     
  • If you have lodged an objection under Section 21 (1) GDPR, our rights will be weighed up against yours.
    As long as it is not yet clear whose interests prevail, you have the right to demand that the processing of your personal data is restricted.
     

If you have restricted the processing of your personal data, this information – with the exception of storage thereof – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims, or protecting the rights of another natural person or legal entity, or for reasons of an important public interest of the European Union or a Member State.

SSL and/or TLS encryption 

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries that you send to us as the website operator.
You can see whether you have an encrypted connection by checking that the address line of your browser changes from "http://" to "https://" and by the appearance of a lock icon in your browser line. 

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

4. Data collection on this website

Cookies

This website uses cookies. Cookies are small text files that are stored on your device and do not inflict any damage on your device. They are stored on your device either for the duration of your visit (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may be created by us (first-party cookies) or third parties (third-party cookies). Third-party cookies make it possible to integrate certain services provided by third parties on websites (e.g. cookies for processing payment services).

Cookies perform a range of functions. Certain cookies are technically required, as certain features of the website would not function without them (such as the shopping cart function or the display of videos). Other cookies may be used to analyse user behaviour or for advertising purposes.

Cookies that are required to execute electronic communication processes (necessary cookies) or to provide certain features for your benefit (for the shopping cart function, for example) or to optimise the website (cookies to measure web traffic, for example) are stored on the legal basis of Art. 6 (1) lit. f GDPR, provided no other legal basis is specified.
The website operator has a legitimate interest in the storage of necessary cookies to ensure the fault-free and optimised provision of its services.
If your consent is obtained for the storage of cookies and similar recognition technologies, the corresponding processing takes place on the basis of this consent as per Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. This consent can be withdrawn at any time.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when you close your browser.
The functionality of our website may be limited when cookies are disabled.

This Privacy Policy contains information on which cookies and services are used on this website.

Klaro Consent Manager

Klaro is an intuitive, user-friendly and free open source tool used for managing consent granted to data processing on this website in compliance with data protection legislation.
Klaro is provided by KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin.

A Klaro! cookie (klaro) is only stored by your browser once you consent to the cookie during the opt-in process, whereby your granted consent or refusal to grant consent is saved.

This data is not passed on to the developers of Klaro! The collected data is stored until you delete the Klaro! cookie or the purpose for which it was collected ceases to apply.
Mandatory statutory retention periods remain unaffected by these provisions. For more information on data processing by Klaro!, visit https://heyklaro.com/.

You can open Klaro Consent Manager at any time to review and update your settings by clicking on the cookie symbol in the bottom left.

We use Klaro Consent Manager to obtain legally prescribed consent to the use of cookies.This takes place on the legal basis of Art. 6 (1) lit. c GDPR.

 

5. Social media

Meta pixel (formerly Facebook pixel)

This website uses the Facebook/Meta pixel for conversion tracking purposes. The Meta pixel is a service provided by the Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
According to statements from Facebook, data collected by the pixel may be transferred to the US or other third countries.

These pixels enable us to track the behaviour of site visitors after they click on a Facebook ad to reach our website.
This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and the optimisation of future advertising measures.

The data collected is anonymous to us as the operator of this website and we cannot use it to draw any conclusions about our users’ identities.
However, the data stored and processed by Facebook may enable a connection to your Facebook profile and permit Facebook to use the data for its own advertising purposes as stipulated in the Facebook privacy policy (https://www.facebook.com/privacy/policy/). This allows Facebook to display ads both on Facebook and on third-party sites. As the website operators, we have no control over how this data is used.

Our use of this service takes place on the basis of our legitimate interest in accordance with Act. 6 (1) lit. f GDPR. Previously granted consent may be withdrawn at any time.

We use advanced matching with the Meta pixel.

Advanced matching enables us to send various types of data (e.g. place of residence, federal state, postcode, hashed email addresses, name,  gender, date of birth or telephone number) from our customers and potential customers that we collect on our website to Meta (Facebook). Using advanced matching allows us to tailor our Facebook ad campaigns on Facebook even more precisely to people who are interested in our services. Advanced matching also improves the assignment of website conversions to users and extends custom audiences.

In cases where personal data is collected on our website using the above tools and forwarded to Facebook, we bear joint responsibility for this data processing with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Art. 26 GDPR). Our joint responsibility is restricted to the collection of data and the transfer thereof to Facebook.
Any processing of the data by Facebook after its transmission is not covered by our joint responsibility. The obligations to which we are jointly subject have been defined in a joint processing agreement,which is available at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a manner considered secure under data protection law. Facebook is responsible for the data integrity of Facebook products.
Please contact Facebook directly to assert your data subject rights (e.g. requests for information) in relation to data processing by Facebook. If you assert your data subject rights with us, we are required to forward your claim to Facebook.

Data transfers to the USA take place on the basis of the standard contractual clauses promulgated by the EU Commission.
Learn more at: www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find more information on protecting your privacy in Facebook’s privacy policy: https://www.facebook.com/privacy/policy/

You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will need to log in to Facebook for this.

If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance:http://www.youronlinechoices.com/de/praferenzmanagement/. 

Our company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing that takes place in the USA. Every company certified under the DPF is committed to upholding these data protection standards. Click the link below to learn more from the provider: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.

TikTok pixel

Our website features the TikTok pixel provided byTikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter TikTok). 

The TikTok pixel allows us to display web-based ads on TikTok to website visitors who have viewed our website (TikTok ads).
We also use the TikTok pixel to evaluate the effectiveness of our ads on TikTok. This allows the effectiveness of TikTok Ads to be evaluated for statistical and market research purposes and the optimisation of future advertising measures. In relation to this, various user data such as IP address, site visits, time spent on the site, operating systems used and user origin, information about the ad a person clicked on TikTok or an event that was triggered (timestamp). This data is compiled to form a user ID and allocated to the device used by the website visitor.

Our use of this service takes place on the basis of our legitimate interest in accordance with Act. 6 (1) lit. f GDPR. Previously granted consent may be withdrawn at any time.

Data transfers to third countries take place on the basis of the standard contractual clauses promulgated by the EU Commission. Learn more at: www.tiktok.com/legal/page/eea/privacy-policy/en and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

LinkedIn

Elements from the LinkedIn network provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland are used on this website.

Each time you visit a page of this website containing LinkedIn elements, a connection to LinkedIn's servers is established. LinkedIn is notified that you have visited this website along with your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to allocate your visit to this website to you and your user account.
We would like to draw your attention to the fact that, as the website operator, we do not receive any information on the content of transmitted data or the use thereof by LinkedIn.

Our use of this service takes place on the basis of our legitimate interest in accordance with Act. 6 (1) lit. f GDPR. Previously granted consent may be withdrawn at any time.

Data transfers to the USA take place on the basis of the standard contractual clauses promulgated by the EU Commission.
More information is available at: https://www.linkedin.com/help/linkedin/answer/a1343190

Learn more about data processing by LinkedIn in the LinkedIn privacy policy at: https://www.linkedin.com/legal/privacy-policy

Our company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing that takes place in the USA. Every company certified under the DPF is committed to upholding these data protection standards.
Click the link below to learn more from the provider: www.dataprivacyframework.gov/participant/5448.
 

6. Analysis tools and advertising

Matomo

Our website uses the open source web analysis service Matomo.

With the help of Matomo, we are able to collect and analyse data about how visitors use our website. This informs us which pages were viewed, at what time and the region the visitor comes from among other information. We also collect various log files (e.g. IP address, referral URL, browser and operating system used) and can track whether visitors to our website perform certain actions (e.g. clicks, purchases).

We use this analysis tool on the legal basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise both its website and its advertising.
Provided the applicable consent has been obtained, processing takes place on the basis of Art. 6(1) lit. a GDPR and Section 25(1) of the Telecommunications and Telemedia Data Protection Act (TDDDG) where consent covers the storage of cookies or access to information on the user's device (e.g. device fingerprinting) as set out in the TDDDG.
Previously granted consent may be withdrawn at any time.

IP anonymisation

We use IP anonymisation when analysing data with Matomo. As a result, your IP address is truncated before the analysis so that it can no longer be clearly assigned to you.

Analysis without cookies

We have configured Matomo in such a way that it does not store any cookies in your browser.

Hosting

We exclusively host Matomo on our servers to keep all analysis data within our company and avoid it being passed on to others.

Commissioned data processing

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This agreement is required by data protection regulations and ensures that the data controller solely processes personal data from our website visitors in line with our instructions and in accordance with the GDPR.

 

7. Newsletter

Newsletter data

If you want to sign up to the newsletter offered on the website, we require your email address as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. We do not collect any further data, however other data may be provided on a voluntary basis. We use the following newsletter service providers to send the newsletter.

CleverReach

We use CleverReach, a service provided by CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter CleverReach) to send newsletters. CleverReach is a service used to organise and analyse the sending of newsletters. The data you enter to subscribe to our newsletter (e.g. your email address) is stored on CleverReach servers located in Germany and Ireland. 

Using CleverReach to send letters allows us to analyse the behaviour of our newsletter recipients. Among other things, we can analyse how many recipients have opened the newsletter email and the frequency with which links in the newsletter are clicked. Conversion tracking also allows us to analyse whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on the link in the newsletter. You can learn more about data analysis by CleverReach at: https://www.cleverreach.com/en-de/push-magazin/newsletter-reporting-tracking/

This data processing takes place on the basis of your consent in accordance with Act. 6 (1) lit. a GDPR. You reserve the right to withdraw this consent at any time by unsubscribing from the newsletter.

The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation. Unsubscribe from the newsletter to prevent CleverReach from analysing your data.
An unsubscribe link can be found in every newsletter email.

Data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and is then deleted from the newsletter distribution list once you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected. 

Once you have been removed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to avoid future mailings.
The data from the blacklist is used only for this purpose and is not merged with other data. This processing takes place to protect both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). Storage in the blacklist is not subject to any time limitations, You reserve the right to object to the storage of your data in cases where your rights outweigh our legitimate interests.

Please consult the CleverReach privacy policy to learn more: https://www.cleverreach.com/ende/privacypolicy/#:~:text=We%20will%20store%20your%20data,you%20have%20entered%20your%20objection.

Commissioned data processing 

We have concluded a data processing agreement (DPA) for the use of the aforementioned service.
This agreement is required by data protection regulations and ensures that the data controller solely processes personal data from our website visitors in line with our instructions and in accordance with the GDPR.
 

7.Audio and video conferences

Data processing

We use various tools, including online conference tools, to communicate with our customers. The tools we use are listed below in more detail. If you communicate with us in an online video or audio conference, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all the data that you provide/use to use the tools (email address and/or phone number). Conference tools also record the duration of the conference, the start and end (time) for each participation in the conference, the number of participants and other context information related to the communication process (metadata).

The provider of the tool processes all technical data required to facilitate online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.

If content is exchanged, uploaded or otherwise provided within the tool, related data is also stored on the provider's servers. This content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have full influence on the data processing operations conducted by the tools used. Our options are largely governed by the corporate policy of the respective provider. Please refer to the privacy policies for the tools used listed below to learn more about data processing by the conference tools.

Purpose and legal bases

The conference tools are used to communicate with prospective or existing contractual partners and to offer certain services to our customers (Art. 6 (1) lit. b GDPR). We also use the tools to simplify and facilitate communication with us and our company (legitimate interest in accordance with Art. 6 (1) lit. f GDPR). If we request your consent, use of the respective tool takes place on the basis thereof and you can withdraw the consent you have granted at any time with future effect.

Retention period

Data collected directly by us from the video and conference tools will be deleted from our systems as soon as you ask us to delete it, withdraw your consent to its storage or the purpose for which it is stored no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected by these provisions.

We do not have any influence on the retention period for your data saved by the operators of conference tools for their own purposes.
You can learn more about the processing that takes place in relation hereto by contacting the providers of the conference tools directly.

Conference tools used by PKF

We use the following conference tools:

Microsoft Teams

We use Microsoft Teams, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
Please consult the Microsoft Teams privacy policy for more information on data processing: https://www.microsoft.com/en-gb/privacy/privacystatement

Our company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing that takes place in the USA. Every company certified under the DPF is committed to upholding these data protection standards.
Click the link below to learn more from the provider: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active.

Commissioned data processing

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This agreement is required by data protection regulations and ensures that the data controller solely processes personal data from our website visitors in line with our instructions and in accordance with the GDPR.
 

8. In-house services

Applicant data management

You can apply for a job at our company by email, post or using the online application form, for example. Learn more about the extent and purpose of the processing and use of your personal data collected during the application process. We warrant that the collection, processing and use of your data takes place in compliance with the pertinent data protection legislation and all other statutory provisions and that your data is treated as strictly confidential.

Scope and purpose of data collection

When you send us an application, we process the related personal data (e.g. contact and communication information, application documents, notes taken during interviews, etc.) to the extent required to make a decision on whether to hire you. This processing takes place on the legal basis of Section 26 of the Federal Data Protection Act (initiating an employment relationship), Art. 6 (1) lit. b GDPR (entering into a contract) and, if you have provided your consent, Art. 6 (1) lit. a GDPR. Previously granted consent may be withdrawn at any time. Your personal data will only be forwarded to employees at our company involved in processing your application. If your application is successful, the data you have submitted will be stored in our data processing system in order to conduct the employment relationship as per Section 26 of the Federal Data Protection Act and Art. 6 (1) lit. b GDPR.

Retention period

If your application is unsuccessful, you reject a job offer or withdraw your application, we reserve the right to store the data you have disclosed up to 6 months after the application period ends (rejection or application withdrawn) on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR). After this 6-month period, your data will be erased and physical application documents destroyed.We primarily store this data as evidence in the event of legal action. If it becomes apparent that data will be required beyond the end of the retention period (due to an impending or pending legal dispute, for example), the data will only be deleted once the purpose for its ongoing storage no longer applies.

However, longer storage may occur if you have granted your express consent (Art. 6(1) lit. a GDPR) or where erasure is not yet permitted in line with statutory retention periods.

Inclusion in the application pool

If we don’t make you a job offer, you can still opt to be included in our applicant pool. If you decide to join the applicant pool, all documents and information provided in the application process will be saved so we can contact you if we have a suitable vacancy.

Inclusion in the applicant pool only takes place on the basis of your express consent (Art. 6 (1) lit. a GDPR). Consent is granted on a voluntary basis and is not related to the ongoing application process. The data subject reserves the right to withdraw their consent at any time. In this scenario, their data will automatically be deleted from the applicant pool in the absence of any statutory retention requirements to the contrary.

Data from the applicant pool is irrevocably deleted within 2 years of you granting your consent.