Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Afinum Man­age­ment GmbH (here­inafter re­ferred to as “Afinum”, “we” or “us”), The­atin­er­str. 7, D-80333 Mu­nich, Ger­many, tel: +49 89 255433-01, fax: +49 89 255433-99, email: info@afinum.de, takes the pro­tec­tion of your data very se­ri­ously. Per­sonal data means any in­for­ma­tion re­lat­ing to an iden­ti­fied or iden­ti­fi­able nat­ural per­son such as a name or an email ad­dress. As the re­spon­si­ble data con­troller, we will only process this data in line with ap­plic­a­ble law, in par­tic­u­lar the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR) and the Fed­eral Data Pro­tec­tion Act (Bun­des­daten­schutzge­setz – BDSG).

This pri­vacy no­tice ap­plies to our pro­cess­ing of your per­sonal data in busi­ness com­mu­ni­ca­tion and when you visit our web­site.

1. Pur­poses of the pro­cess­ing
We process your per­sonal data for the fol­low­ing pur­poses:

1.1 Ac­cess to our web­site
Your browser au­to­mat­i­cally trans­mits cer­tain data each time you visit our web­site, for ex­am­ple your IP ad­dress and in­for­ma­tion about your browser. We process your per­sonal data in or­der to make our web­site avail­able to you (Art. 6 (1) f GDPR. We also store this in­for­ma­tion in log files for seven days to de­tect any dis­rup­tions and for se­cu­rity rea­sons, for ex­am­ple to de­tect any at­tacks (Art. 6 (1) f GDPR).

1.2 Newslet­ter
This web­site uses MailChimp to send out newslet­ters, a ser­vice pro­vided by Rocket Sci­ence Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, At­lanta, GA 30308, USA. MailChimp has self-cer­ti­fied its ad­her­ence to the EU-US Pri­vacy Shield prin­ci­ples. This “Pri­vacy Shield” is an agree­ment be­tween the Eu­ro­pean Union (EU) and the USA to en­sure com­pli­ance with Eu­ro­pean data pro­tec­tion stan­dards.

We are able to analyse our newslet­ter cam­paigns us­ing MailChimp. If and when you open an email sent via MailChimp, a file con­tained in the email (web bea­con) con­nects to MailChimp’s servers in the USA. This makes it pos­si­ble to tell whether a newslet­ter mes­sage has been opened and which links have been clicked. Tech­ni­cal data is also col­lected (e.g. time of page view, IP ad­dress, browser type and op­er­at­ing sys­tem). These data can­not be as­signed to the re­spec­tive newslet­ter re­cip­i­ent. They are only used for the sta­tis­ti­cal analy­sis of newslet­ter cam­paigns. The re­sults of this analy­sis may be used to tai­lor fu­ture newslet­ters to the in­ter­ests of the re­cip­i­ents.

If you do not wish an analy­sis by MailChimp you will have to un­sub­scribe to the newslet­ter which you can do us­ing the link in each newslet­ter mes­sage or di­rectly on our web­site.

This data pro­cess­ing is car­ried out on the ba­sis of your con­sent (Art. 6 (1) a GDPR), which you may with­draw at any time by un­sub­scrib­ing to the newslet­ter as de­scribed above. Such a with­drawal will not af­fect the law­ful­ness of data pro­cess­ing op­er­a­tions car­ried out in the past. For fur­ther de­tails please re­fer to MailChimp’s pri­vacy no­tice at: https://mailchimp.com/legal/terms/.

1.3 Con­tact query and job ap­pli­ca­tions
If you con­tact us by tele­phone, email or by us­ing our con­tact form, we will process your data in or­der to an­swer your re­quest (Art. 6 (1) f GDPR). If we have on­go­ing busi­ness re­la­tions with you we will process your data in or­der to carry out these busi­ness re­la­tions (Art. 6 (1) b GDPR). If you send us job ap­pli­ca­tion doc­u­ments we will process these in or­der to carry out the se­lec­tion process (Art. 6 (1) b GDPR in con­nec­tion with sec­tion 26 (1) BDSG).

1.4 Fur­ther pro­cess­ing
We also process your data to safe­guard and de­fend our rights (Art. 6 (1) f GDPR) or be­cause we are re­quired to do so by law (Art. 6 (1) c GDPR).

2 Cook­ies
We use cook­ies on our web­sites to make our of­fer more user-friendly, ef­fec­tive and safe. Cook­ies are small text files which are de­posited on your com­puter and stored by your browser.

The only cook­ies we use are tech­ni­cally es­sen­tial ses­sion cook­ies, which are au­to­mat­i­cally deleted af­ter the end of your visit to our web­site. You can con­trol cook­ies via your browser set­tings. You may, for in­stance, choose to be no­ti­fied about the stor­ing of cook­ies and to only al­low cook­ies in spe­cific sit­u­a­tions, as well as gen­er­ally or in a spe­cific sit­u­a­tion ex­clude the use of cook­ies and au­to­mat­i­cally delete them with each clo­sure of your browser. Please note that the de­ac­ti­va­tion of cook­ies may im­pair the func­tion­al­ity of this web­site.

3. Se­cu­rity
Afinum en­deav­ours to take all the tech­ni­cal and or­gan­i­sa­tional se­cu­rity mea­sures to safe­guard your data from un­in­ten­tional or un­law­ful dele­tion, al­ter­ation, unau­tho­rised use or trans­fer.

Our em­ploy­ees are obliged to ob­serve con­fi­den­tial­ity and data pro­tec­tion.

4. Era­sure of data and re­ten­tion
We will only store the per­sonal data we re­ceive for the pe­riod of time re­quired for the spec­i­fied pur­pose or pre­scribed by law. Once the data is no longer nec­es­sary for the pur­pose orig­i­nally processed for or if a stor­age pe­riod ex­pires, the data will be deleted.

In de­tail, the fol­low­ing ap­plies:

Per­sonal data in log files are deleted at the lat­est af­ter seven days.
We delete your ap­pli­ca­tion data at the lat­est six months af­ter the po­si­tion has been filled.
We delete other data re­lat­ing to your con­tact queries at the lat­est af­ter one year.
The dele­tion of cook­ies of ser­vice providers is based on their own data pro­tec­tion guide­lines.

5. Your rights
You may re­voke your con­sent at any time free of charge with ef­fect for the fu­ture. All you need to do is to send a com­mu­ni­ca­tion in text form to one of the ad­dresses listed in this no­tice.

The same ap­plies to your ob­jec­tion – which may be made at any time – to us us­ing your per­sonal data if the le­gal ba­sis for this pro­cess­ing is Art. 6 (1) f GDPR.

You may at any time re­quest in­for­ma­tion about the per­sonal data re­lat­ing to you which we process, its rec­ti­fi­ca­tion or era­sure or the re­stric­tion of our pro­cess­ing. You also have a statu­tory right to data porta­bil­ity.

Fi­nally, you may also file a com­plaint about our data pro­cess­ing ac­tiv­i­ties with the re­spon­si­ble su­per­vi­sory data pro­tec­tion au­thor­ity if in your opin­ion our pro­cess­ing ac­tiv­i­ties do not com­ply with data pro­tec­tion laws.

6. In­ter­na­tional data trans­fer and cat­e­gories of re­cip­i­ents
Un­less oth­er­wise stated in this pri­vacy no­tice, we and our ser­vice providers process per­sonal data within the Eu­ro­pean Union. In ad­di­tion to those al­ready men­tioned in this no­tice, re­cip­i­ents to whom we may dis­close your data in­clude host­ing providers and postal ser­vice providers.

7. Data pro­tec­tion of­fi­cer
If you have any ques­tion re­gard­ing the pro­cess­ing of your per­sonal data, please con­tact our data pro­tec­tion of­fi­cer:

PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 München
datenschutzbeauftragter@datenschutzexperte.de

When contacting the Data Protection Officer, please state the company to which your enquiry relates.

Please refrain from enclosing sensitive information such as a copy of an identity card with your request.







Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.