This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the associated websites, functions and content as well as external online presences, such as our social media profile (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Name/Organization: PMG Projektraum Management GmbH
Managing Directors: Mike Riegler, Stefan Finkenzeller
Street: Kühbachstraße 7
Zip-Code, City and Country: 81543 München, Deutschland
Telephone: +49 (0) 89 330 37 82-0
Types of data processed:
Basic data (e.g. names, addresses)
Contact data (e.g. e-mail)
Content data (e.g. texts)
Usage data (e.g. websites visited, interest in content, access times)
Meta-/Communications data (e.g. device information, IP addresses)
Categories of persons affected by the processing:
Customers, interested parties, suppliers
Visitors and users of the online offer
In the following, we also refer to these data subjects collectively as “users”.
This website is hosted by an external service provider (Hetzner Online GmbH). The personal data recorded on this website is stored on the host’s servers. This can be for example, but not limited to IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access and other data generated via a website.
Usage of the hosting company is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
The hosting company will only process your data insofar as this is necessary to fulfill its performance obligations and follow our instructions with regard to this data.
Conclusion of a contract for order processing
In order to ensure data protection compliant processing, we have concluded an order processing contract with the hosting company.
This site uses a so-called “Content Delivery Network” (CDN) from jsDelivr.
A CDN is a service with the help of which the content of our online offer, in particular large media files such as graphics or scripts, can be delivered more quickly with the help of regionally distributed servers connected via the Internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.
For this purpose, the browser you use must connect to the servers of the CDN. In this way, the CDN obtains knowledge that our website has been accessed via your IP address.
The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimization of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.
Data protection officer:
We have appointed a data protection officer for our company:
Telephone: +49 611 950008-40
1. Relevant statutory foundations
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
3. Safety/Security measures
3.1. In accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, we make suitable technical and organizational measures to ensure a level of protection appropriate to the risk; The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, ensuring availability and their separation. Furthermore, we have set up procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data threats. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
3.2. The security measures include, in particular, the encrypted transmission of data between your browser and our server.
4. Cooperation with contract processors and third parties
4.1. If we disclose data to other persons and companies (contract processors or third parties) as part of our processing, transmit data to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties, such as to payment service providers, according to Art. 6 para. 1 lit. b) GDPR is required to fulfill the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
4.2. If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
5. Note on data transfer to the USA and other third countries
Our website includes tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data can be transferred to these third countries and processed there. We would like to point out that no data protection level comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to surrender personal data to security authorities without you as the person concerned being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret service) process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
6. Rights of data subjects
6.1. You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
6.2. You have according to Art. 16 GDPR the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
6.3. In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, in accordance with Art. 18 GDPR the processing be limited.
6.4. You have the right to request that you receive the data concerning you, that you have provided to us in accordance with Art. 20 GDPR and to request that it be transmitted to other controllers.
6.5. In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.
7. RIGHT OF WITHDRAWAL
You have the right to revoke your consent in accordance with Art. 7 para. 3 GDPR with effect for the future.
8. RIGHT TO OBJECT
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection can in particular be made against processing for direct marketing purposes.
9. Provision of contractual services
9.1. We process inventory data (e.g. names and addresses as well as contact details of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
10.1. When contacting us (using the contact form, email, telephone or fax), the information provided by the user is processed to process the contact request and to process it in accordance with Art. 6 para. 1 lit. b) GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6 para. 1 lit. f) GDPR) or on your consent (Art. 6 para. 1 lit. a) GDPR) if this was requested. We do not pass this data on without your consent.
10.2. User information can be saved in our customer relationship management system (“CRM system”) or a comparable request organization.
10.3. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
11. Registration on this website
11.1 You can register on this website in order to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be given in full. Otherwise we will refuse the registration. For important changes, for example in the scope of the offer or for technically necessary changes, we will use the e-mail address given during registration to inform you in this way.
11.2 The data entered during registration are processed for the purpose of implementing the user relationship established by the registration and, if necessary, to initiate further contracts (Art. 6 para. 1 lit. b) GDPR). The data recorded during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.
12. Collection of access data and log files
12.1. We collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR. The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
12.2. For security reasons (e.g. to investigate acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been fully clarified.
13.1 Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.
13.2 In some cases, cookies from third-party companies can also be stored on your device when you enter our website (third-party cookies). These enable us or you to use certain third-party services (e.g. cookies for processing payment services). Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertising.
13.3 Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you want (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring the web audience) on the basis of Art. 6 para. 1 lit. f) GDPR, unless a different legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the relevant will be saved.
13.4 Cookies exclusively on the basis of a consent (Art. 6 para. 1 lit. a) GDPR); the consent can be revoked at any time.
13.5 You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted. Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in the context of this data protection declaration and, if necessary, request your consent.
14. Consent with Borlabs Cookie
14.1 Our website uses the Borlabs consent technology to obtain your consent to the storage of certain cookies in your browser or for the use of certain technologies and for their data privacy protection compliant documentation. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).
14.2 Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.
14.3 The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
15. Google Analytics
15.1 This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their device. Google Analytics uses technologies that enable the user to be recognized for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
15.2 The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
15.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet. In doing so, pseudonymous user profiles can be created from the processed data.
15.4 We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
15.5 You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on how Google Analytics handles user data in Google’s data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de.
15.6 Data stored by Google at user and event level that are linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymized after 26 months or deleted. You can find details on this under the following link: https://support.google.com/analytics/answer/7667196?hl=de
15.7. You can find more information on the use of data by Google, setting and objection options on the Google website here: https://www.google.com/intl/de/policies/privacy/partners (“Google uses data when you use websites or apps of our partners”), https://policies.google.com/technologies/ads (“Data usage for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you advertisements”).
15.8 The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
16. Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to play advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
17. Google Tag Manager
17.1 We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool with the help of which we can integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not save cookies and does not carry out any independent analyzes. It is only used to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which can also be transferred to the parent company of Google in the United States.
17.2 Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on this website. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a) GDPR and § 25 (1) TTDSG; the consent can be revoked at any time.
18.1 If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.
18.2 This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter: “CleverReach”). CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) will be stored on CleverReach’s servers in Germany or Ireland.
18.3 Our newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. Among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) has taken place after clicking the link in the newsletter. Further information on data analysis by the CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
18.4 The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
18.5 If you do not want an analysis by CleverReach, you have to unsubscribe from the newsletter. We provide a link for this in every newsletter message.
18.6 The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. This does not affect data that we have saved for other purposes.
18.7 After you have been removed from the newsletter distribution list, your email address will be stored in a blacklist by us or the newsletter service provider, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. The storage in the blacklist is not limited in time. You can object to the storage provided that your interests outweigh our legitimate interests.
For more information, see the CleverReach data protection policy at: https://www.cleverreach.com/de/datenschutz/.
18.8 We have concluded an order processing contract with the provider of CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.
19. Adobe Fonts
19.1 In order to ensure the uniform depiction of certain fonts, this website uses fonts called Adobe Fonts provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
19.2 When you access pages of this website, your browser will automatically load the required fonts directly from the Adobe site to be able to display them correctly on your device. As a result, your browser will establish a connection with Adobe’s servers in the United States. Hence, Adobe learns that your IP address was used to access this website. According to the information provided by Adobe, no cookies will be stored in conjunction with the provision of the fonts.
19.3 Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
19.4 Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.
For more information about Adobe Fonts, please read the policies under: https://www.adobe.com/privacy/policies/adobe-fonts.html.
Adobe’s Data Privacy Declaration may be reviewed under: https://www.adobe.com/privacy/policy.html.
20. Audio and video conferencing
20.1. We use online conference tools for communication with our customers. The individual tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be recorded and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide / use to use the tools (email address and / or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that are required to process online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.
If content is exchanged, uploaded or made available in any other way within the tool, it is also stored on the server of the tool provider. Such content includes in particular cloud recordings, chat / instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.
Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely based on the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed under this text.
20.2. The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR). If consent has been requested, the relevant tools are used on the basis of this consent; the consent can be revoked at any time with effect for the future.
20.3. The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
20.4 Conference tools used
21. Social Media
21.1 We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
21.2 Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).
21.3 If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
21.4 The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.
21.5 Individual social networks
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.
We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.
22. Handling of applicant data
22.1 If you send us an application, we process your related personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.), insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 of the Federal Data Protection Act according to German law (initiation of an employment relationship), Art. 6 para. 1 lit. b) GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a) GDPR. The consent can be revoked at any time. Your personal data will only be passed on to persons within our company who are involved in processing your application. If the application is successful, the data you submit will be stored in our data processing systems on the basis of § 26 of the Federal Data Protection Act and Article 6 para. 1 lit. b) GDPR for the purpose of carrying out the employment relationship.
22.2 If we cannot make you a job offer, you reject a job offer or withdraw your application, we reserve the right to store the data you have transmitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f) GDPR) for up to 6 months to be kept with us from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for evidence purposes in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), it will only be deleted when the purpose for further storage no longer applies. Longer storage can also take place if you have given your consent (Art. 6 para. 1 lit. a) GDPR) or if statutory retention requirements prevent deletion.
Last update: 02/2023