The protection of your personal data is very important to us. For this reason, we handle your data responsibly in all data processing operations and take into account the legal requirements of data protection, in particular the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
This privacy policy provides you with an overview of the following information:
Which of your data is collected, stored and processed via our websites (hereinafter also referred to as "offer")?
How, to what extent and for what purposes is this data used?
What security measures are taken to protect your data?
How can you obtain information about the information provided to us and, if applicable, assert other data subject rights to which you are entitled against us?
1. Contact details of the person responsible
e.solutions GmbH
Despag-Straße 4a
85055 Ingolstadt
Phone: +49 8458 3332-100
Fax: +49 8458 3332-333
www.esolutions.de
Contact details of our data protection officer:
Claudia Langer
Chief Data Protection Officer
e.solutions GmbH
Despag-Straße 4a
85055 Ingolstadt, Germany
E-mail: datenschutzbeauftragter@esolutions.de
2. Purposes of data processing
You can apply for advertised positions via our job portal. The purpose of data processing is the selection of applicants for possible employment at e.solutions GmbH. In order to receive and process your application, we must collect the following applicant data:
Salutation,
First name and surname,
Address,
E-mail address,
Curriculum vitae,
German and English language skills.
If you voluntarily provide us with further data, we will use it exclusively for the purpose of processing your application and carrying out the application procedure.
If your application is an unsolicited application, we also record the following applicant data:
Desired contract type,
Desired area of responsibility.
You can also voluntarily provide us with additional information, such as your salary expectations, your notice period or additional documents (references, cover letter, etc.).
We will review your application and contact you if necessary, in particular to arrange appointments or clarify any questions.
If you apply for a job at e.solutions, we will not pass on your applicant data to third parties. If you have any questions about data protection in the application process (e.g. about your rights under data protection law), please contact our data protection officer directly at datenschutzbeauftragter@esolutions.de.
We store your applicant data after receipt of your application. If we accept your application and subsequently employ you, we will store your applicant data for as long as is necessary for your employment and to the extent that we are legally obliged to do so.
If we reject your application, we will store your applicant data for a maximum of six months after your application has been rejected, unless you give us your consent to store it for longer. We will contact you by telephone to find out whether you are interested in having your application considered for another vacancy. If you express this interest in the telephone call, you will receive a confirming e-mail from us afterwards. We will store your data for a further six months after completion of this additional application process. After this period has expired, the data will be deleted automatically.
In the event that we have not advertised another specific position at this time, you have the option of saving your applicant data in our talent pool. We will contact you by e-mail to find out whether your profile can be considered for future open positions. The data will only be saved after we have received your written confirmation. We will store your applicant data for a maximum of six months from the date of consent. After this period has expired, the data will be deleted automatically.
Whenever you contact us (e.g. via contact form or e-mail), your details will be stored for the purpose of processing the enquiry and in the event that follow-up questions arise.
3. Legal bases of the processing
The legal bases for the processing of your applicant data are
Art. 6 para. 1 lit. b GDPR for the establishment and execution of the employment contract that may be concluded,
Art. 6 para. 1 lit. c GDPR (in conjunction with the respective legal obligation to which we are subject) for the fulfilment of legal obligations to which the employer is subject,
Art. 6 para. 1 lit. f GDPR to protect the legitimate interests of e.solutions or a third party, unless your interests or fundamental rights and freedoms prevail,
§ Section 26 para. 2 sentence 1 BDSG (in conjunction with Art. 6 para. 1 lit. a GDPR) on the basis of your consent.
Insofar as special categories of personal data (e.g. Health data, Art. 9 para. 1 GDPR), the processing is carried out on the basis of Section 26 para. 3 sentence 1 BDSG (in conjunction with Art. 9 para. 2 lit. b GDPR) for the exercise of rights or fulfilment of legal obligations arising from labour law, social security and social protection law or on the basis of your consent in accordance with Section 26 para. 2 and 3 BDSG (in conjunction with Art. 9 para. 2 lit. a GDPR).
Please note that CVs, references or other data submitted by you for the purposes of your application may also contain particularly sensitive data (Art. 9 (1) GDPR). We therefore recommend that you do not provide any particularly sensitive data. If you provide us with this type of information, we will only use it to hold your documents and process your application in accordance with this information.
4. Logfiles
We (or our web space provider) process data about every access to the website (so-called server log files or system and usage data). The access data includes: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, referrer URL (the previously visited page), IP address and the requesting provider] We only use the log data for statistical evaluations for the purpose of operation, security and optimisation of the website. However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence. The legal basis for the processing of personal data in log files is Art. 6 para. 1 lit. f GDPR.
5. Forwarding of data
If you apply for a specific job vacancy with us, we will forward your application internally to the relevant specialist department so that they can process and evaluate it.
If you send us an unsolicited application, we will give access to those departments that may be interested in your application. This serves the purpose of evaluating the content of your application.
Any other transfer of the data collected by us takes place when:
You have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that there is an overriding interest worthy of protection in not disclosing the data,
we are legally obliged to pass on data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, or
this is legally permissible and required in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.
Some of the data processing described in this data protection notice may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centres that store our website and databases, IT service providers that maintain our systems and consulting companies. If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects, guarantee an appropriate level of data protection and are carefully monitored by us.
In addition, data may be passed on in connection with official enquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement.
6. Storage duration
We generally keep your applicant data for six months from the date of application,
after you have received our notification of the decision to fill the advertised position, or
after you have informed us that you are withdrawing your application,
in order to be able to respond to complaints under the General Equal Treatment Act (AGG) if necessary. If a legal dispute with arises in this context, we will retain your applicant data beyond this six-month period until the conclusion of the legal dispute.
We also retain your data after the application process if
a balanced prognosis makes further storage necessary due to a future legal dispute with you,
a legal dispute with you is certain, or
a legal dispute with you is already taking place.
In the cases listed last, we will retain your applicant data until the conclusion of the associated legal dispute at the longest.
7. Security
We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge of it. These are adapted in line with the current state of the art.
8. Third-party services
Application via the website form with onlyfy (by Xing)
If you apply for a vacant position on our website, you will be redirected to a page where you can provide us with your application details and send them to us. We offer this website with the help of our service provider New Work SE, Am Strandkai 1, 20457 Hamburg (hereinafter referred to as "New Work SE"). New Work SE provides the application form and the technical infrastructure on our behalf. In this context, New Work SE processes the log files mentioned in section 4 of this privacy policy on our behalf and sets a session cookie (PHPSESSID), which is required for the provision of the application page with the form and which loses its validity when the window with the form is closed.
Application documents that you have submitted in full will be displayed in our applicant management system Onlyfy. We process the application documents received in our applicant management system as part of the application process on the basis of our legitimate interests in receiving and using the application data for the application process in accordance with Art. 6 para. 1 lit. f GDPR.
onlyfy one
We use the onlyfy one (by XING) service from New Work SE, Am Strandkai 1, 20457 Hamburg, Germany, to process and manage applications. We can use onlyfy one to publish job adverts, identify interesting talents (e.g. also from the XING professional network), receive and manage applications and exchange information with talents and applicants. Among other things, New Work SE provides recommendations from talents and displays them in our company account and generates recruiting-relevant information and analyses based on data that New Work SE processes in onlyfy one and, for example, in other XING applications or outside.
With regard to some data processing, New Work SE and we are joint controllers within the meaning of Art. 26 para. 1 sentence 1 GDPR. With regard to the data processing for which New Work SE is solely responsible or is responsible within the framework of joint responsibility with us (see also the table in this section here), you can find more detailed information in XING's privacy policy at https://privacy.XING.com/de/datenschutzerklaerung. A list of the sub-processors used by New Work SE who are recipients of the data processed within the scope of joint controllership can be found here .
You can find the agreement concluded between us and New Work SE here . In the following, we inform you about the essentials of the agreement concluded with New Work SE and the scope of joint responsibility and the allocation of responsibilities for the fulfilment of obligations under the GDPR. As part of the joint responsibility between New Work SE and us, the following types of data are processed in accordance with the agreement concluded with New Work:
Master data (e.g. name, contact details, date of birth, etc.);
Qualification data (CVs etc.);
voluntary information (application photo or other information, additional questions depending on the respective job advertisement, etc.);
Communication data;
special categories of personal data in accordance with Art. 9 para. 1 GDPR, e.g. information on health (e.g. severely disabled status) or information that allows conclusions to be drawn about sexual orientation or ethnic origin or religion;
Usage data, including by means of cookies and similar technologies;
Data in the context of support services (e-mail address, name, context of the enquiry, other personal data, etc.)
The aforementioned types of data are processed in connection with the following processing steps as part of joint controllership under the responsibility of the following parties:
Processing step | Responsibility |
Storage of applicant data in our applicant management system | We |
Display and recommendation of talents in our applicant management system | New Work SE |
Collection of usage data, tracking, also by means of cookies and similar technologies | New Work SE |
Transfer of data that is generated or processed in our applicant management system, including usage data / automatically collected data, also by means of tracking technologies and cookies, for New Work SE's own purposes | New Work SE |
Provision of "Insights": Generating and providing recruiting-relevant information and analyses based on data from our account | New Work SE |
Product support for talents or applicants with regard to the products and services covered, including information on product changes, etc. | New Work SE |
Selection and implementation of third-party tools that are made available to us for use as part of the products and services covered and related processing of data by processors and/or disclosure of data | New Work SE |
The party responsible for one of the above-mentioned processing steps is responsible among the joint controllers for the existence of a legal basis under the GDPR and for the fulfilment of the rights of data subjects under Art. 15 GDPR (right of access), Art. 16 GDPR (right to rectification), Art. 17 GDPR (right to erasure), Art. 18 GDPR (right to restriction of processing), Art. 20 GDPR (right to data portability) and Art. 21 GDPR (right to object).
New Work SE is solely responsible for the fulfilment of the right under Art. 22 para. 3 GDPR (right to obtain human intervention, to express one's own point of view and to challenge the decision in the case of automated decisions in individual cases with legal/detrimental effect). Irrespective of the responsibilities agreed between us and New Work for the fulfilment of data subject rights, it is possible for you to contact the company of your choice to assert your data subject rights. In practice, however, it is certainly more expedient if you contact New Work SE in particular, since - as shown in the table - we are only responsible for storing data on applicants in our account.
In addition, New Work SE is also solely responsible for compliance with the requirements of Art. 25 GDPR (data protection through technology design and data protection-friendly default settings) and for carrying out a risk assessment of the processing operations. In addition, New Work SE is also responsible for notification in connection with data breaches in accordance with Art. 34 para. 1 GDPR, provided that such a data breach is not caused by a technical implementation and configuration by us.
We use onlyfy one on the basis of our legitimate interests in processing and managing applications, receiving recommendations for potential applicants from New Work SE, communicating with applicants via onlyfy one and receiving recruiting-relevant information and analyses based on data from our applicant management system. The legal basis is Art. 6 para. 1 lit. f GDPR. If you provide us with special categories of personal data as part of your application, , the processing is carried out on the basis of Section 26 para. 3 sentence 1 BDSG (in conjunction with Art. 9 para. 2 lit. b GDPR) to exercise rights or fulfil legal obligations under labour law, social security and social protection law or on the basis of your consent in accordance with Section 26 para. 2 and 3 BDSG (in conjunction with Art. 9 para. 2 lit. a GDPR).
Sanctions list check
Before sending a contractual offer of employment, we are legally obliged to check whether you are on a sanctions list. For this purpose, we use the SanScreen programme from the service provider BEX Components AG, Gartenstraße 97, 73430 Aalen. For the verification we need a copy of your identity card / passport and your current home address. We then compare this data with the sanctions lists using our service provider's programme. The data processing takes place on the basis of Art. 6 para. 1 lit. c) GDPR.
Video interviews with Microsoft Teams
We use the online video conferencing system Microsoft Teams ("MS Teams"), which is provided to us by our contractual partner Microsoft Ireland Operations Limited (One Microsoft Place, South Country Business Park, Leopardstown Dublin 18, DP18 P521, Ireland, "Microsoft"), to conduct video interviews. Microsoft and the sub-processors named here are recipients of the data that we process when you communicate with our employees via MS Teams.
We process the following data when you communicate with our employees via MS Teams:
Information about the MS Teams account, the MS Teams version and the settings;
Information on meetings and their participants;
Status information (offline, inactive, active, in a meeting, etc.);
personal data as part of video and audio quality data;
personal data as part of text, video and audio files;
personal data as part of analyses and reports that can be created in MS Teams.
The legal basis for data processing is our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR. Our legitimate interests consist in the provision and use of a common tool for video interviews and the conduct of such interviews to avoid travelling and the flexible conduct of interviews as well as the provision of translations in the form of Microsoft Live subtitles in Teams for better comprehensibility. Microsoft also processes the data for the here on page 6 under "Processing for business activities initiated by the provision of the products and services to the customer" as an independent controller.
When using MS Teams, data is transferred to the USA and other countries in which Microsoft or sub-processors of Microsoft are based. Such data transfers between a Microsoft company based in the EU and sub-processors commissioned by Microsoft or Microsoft companies based in third countries are based on the EU standard data protection clauses, Module 3 (Implementing Decision (EU) 2021/914 of 4 June 2021) or, in the case of data transfers to the USA, additionally on the basis of the adequacy decision and Microsoft's certification under the Data Privacy Framework (the certification is available at the following URL: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active). As the EU Standard Data Protection Clauses are agreed by Microsoft with other companies, you must contact Microsoft to obtain a copy of the EU Standard Data Protection Clauses. You can do this, for example, in the form at the following URL: https://www.microsoft.com/de-de/privacy/privacy-support-requests.
Analysing key figures for the application process with Microsoft Power BI
In order to review the effectiveness of our recruiting measures and improve individual business processes as well as to measure certain factors in this context (e.g. candidate experience or budget planning), we collate various data and create reports using Microsoft Power BI ("Power BI"). These reports enable us to analyse and evaluate our recruiting measures more efficiently. The Power BI service is provided to us by our contractual partner Microsoft Ireland Operations Limited (One Microsoft Place, South Country Business Park, Leopardstwon Dublin 18, DP18 P521, Ireland, "Microsoft").
We process the following data via Power BI for the above-mentioned purposes:
Applicant data (surname, first name, address, date of birth, nationality, e-mail address);
Data on the application process (application channel, result of the application process, number of applications, number of hires / rejections, number of interviews, reasons for rejection).
The legal basis for data processing is our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in the regular review of the effectiveness of our recruiting channels and the preparation of reports for various stakeholders in the company. As part of the evaluation, we would also like to derive key company figures for the measurability of certain factors (e.g. candidate experience or budget planning) and ultimately improve our business processes.
9. Your rights
You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing to you as part of the information request and provide you with an overview of the data stored about you.
If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected.
You can also request the deletion of your data. If deletion is not possible in exceptional cases due to other legal provisions, the data will be blocked so that it is only available for this legal purpose.
You can also have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. You also have the right to data portability, i.e. we will send you a digital copy of the personal data you have provided on request.
To exercise your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection.
You also have the right to object to data processing based on Art. 6 para. 1 sentence 1 lit. e or f GDPR or for direct marketing purposes.
Finally, you have the right to lodge a complaint with the data protection supervisory authority responsible for us. You may exercise this right before a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. The responsible supervisory authority in Bavaria is Bavarian State Office for Data Protection Supervision, Promenade 27, 91522 Ansbach.
Right of cancellation and objection
In accordance with Art. 7 (2) GDPR, you have the right to withdraw your consent at any time. As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Insofar as we process your data on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your data in accordance with Art. 21 GDPR and to give us reasons that arise from your particular situation and which, in your opinion, outweigh your interests worthy of protection.
If you wish to exercise your right of cancellation or objection, simply send an informal message to the contact details given above.