Privacy policy

For applicants

Privacy policy for applicants

 

Last updated: 18 December 2023

 

Information on the collection of personal data from applicants within the Trenkwalder Germany Group (Art. 13, Art. 14 GDPR)

 

This privacy policy provides a framework for personal data processed by Trenkwalder Personaldienste GmbH and our subsidiaries and affiliates (“Trenkwalder Germany”) in accordance with the provisions of the European Union’s General Data Protection Regulation (GDPR) and the new version of the German Federal Data Protection Act (BDSG - new). These include: Trenkwalder Personaldienste GmbH, Trenkwalder Business Solution GmbH and Trenkwalder Personaldienste Medical Care GmbH. Further information on the individual companies, the persons responsible for data processing and the contact details of each company can be found on our homepage within the privacy policy.

 

1.   Name and contact details of the data protection officer

 

Please contact the data protection officer if you have any questions about the processing of your personal data within Trenkwalder Germany:


Trenkwalder Personaldienste GmbH
Helene Yagolnitser, data protection officer

Werner-Eckert-Str.6,

81829 Munich

Please use the following email address for your enquiries as the data subject according to the GDPR: info@trenkwalder.com

 

2.   Which data categories do we use and where do they come from?

The categories of personal data processed notably include:

  • your master data (e.g. first name, surname, titles);

  • contact data (e.g. your private address, email address, (mobile) telephone number);

  • this may also include special categories of personal data, such as health data, if you include this information in your CV;

  • career history and educational background; list of projects;

  • language skills and other job-related skills;

  • social insurance number, national identification number or other identification number issued by the authorities;

  • date of birth;

  • gender;

  • bank account information;

  • nationality and work permit status;

  • information about services;

  • tax information;

  • information from references; and

  • information in your CV or application, information you provide about your professional interests and other information about your qualifications;

and, provided that it is required by law or explicit consent has been given:

  • disabilities and health-related information;

  • results of drug tests, criminal and other background checks. The following data may also be collected and processed:

  • user name and password if you register on our websites;

  • information that you provide us with about friends or other persons together with the request that we contact them (the data controller shall assume that the other person has previously given their consent for this communication);

  • other information that you provide us with, e.g. in surveys or via the “contact” feature on our pages.

If an employment or service contract is concluded with you, we will collect, process and store personal data in accordance with the provisions of the new version of the Federal Data Protection Act (BDSG - new), in particular in accordance with Section 26 BDSG -new, that you have provided to us as an employee or independent consultant or that arise during your employment or service contract if this is necessary to fulfil our contractual and/or legal obligations. Your personal data is usually collected directly from you as part of the application process.

 

In certain configurations, your personal data is also collected by other places (notably authorities) due to legal regulations. In addition, we may have received data from third parties (e.g. employment agencies). 
If we do not collect your personal data directly from you in individual cases, we will inform you in advance. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by email, or via an online form on the website.

 

3.   Legal basis and purpose of data processing

 

We process, collect and store personal data notably for the following purposes:

a. to provide you with job offers and projects and to offer you work;
b. to provide you with additional services, such as training and further education measures, professional advice and support in professional reorientation;
c. To determine your suitability as an applicant or freelancer and your job-related skills;
d. to carry out data analyses, such as (i) analysing our database of applicants and employees; (ii) assessing individual performance and skills, including work-related skills assessment; (iii) identifying skilled-worker shortages; (iv) using information to show potential opportunities to individuals; and (v) analysing pipeline trends in hiring practices;
e. to provide you with information about potentially available positions;
f. to provide information about special events, promotions, programmes, offers, surveys, competitions and market research;
g. to respond to individual enquiries;
h. to operate, assess and improve our business (including developing, improving, analysing and improving our services; managing our communications; performing data analytics; performing accounting, auditing and other internal functions);
i. to protect against fraud and other unlawful activities, claims and other liabilities; and
j. to comply with and enforce applicable legal requirements, relevant industry standards, contractual obligations and our policies.


We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG - new) and all other relevant legislation (e.g. Works Constitution Act - BetrVG, Working Hours Act - ArbZG, etc.).

The primary purpose of data collection and processing is to handle the application process. The primary legal basis for this is Art. 6 Para. 1 b) GDPR in connection with Section 26 Para. 1 BDSG - new.

 

As part of your application – whether online via our portals, via email or in person at the office – we obtain consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR to process your data. Please refer to the following section. 

If necessary, we also process your data on the basis of Art. 6 Para. 1 Sentence 1 lit. f GDPR to protect our legitimate interests or those of third parties (e.g. authorities). This applies in particular to the investigation of criminal offenses (legal basis Section 26 Para. 1 Sentence 2 BDSG) or in the corporate group for purposes of group management, internal communication and other administrative purposes (what is known as “small group privilege”.
Furthermore, in individual cases we are obliged under the European anti-terrorism regulations 2580/2001 and 881/2002 to check your data against “EU terror lists” to ensure that no funds or other economic resources are made available for terrorist purposes.
If we wish to process your personal data for a purpose not mentioned above, we shall inform you in advance.

 

 

4.   Consent

 

As described above, as part of your application – whether online via our portals, via email or in person at the office – we obtain consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR to process your data. The consent text is worded as follows:

 

“I consent to the processing, storage and transfer of my personal data, including the special categories of personal data provided by me in accordance with Art. 9 GDPR (e.g. information on my marital status or health data) by the Trenkwalder Group and its aforementioned subsidiaries and affiliates for the purpose of providing temporary, fixed-term or permanent job and employment opportunities, for the purpose of sending out job advertisements for vacancies and for the purpose of assessing (also by automated means) profiles and professional skills to evaluate individual development and career plans. My data will be stored for a period of twelve months and then deleted unless I expressly consent to further storage. If absolutely necessary in individual cases, I also consent to the transfer of my personal data outside the European Union and/or within the subsidiaries and affiliates of the Trenkwalder Group. I can refuse my consent without giving reasons and revoke my consent at any time for the future. The revocation does not affect the legality of the processing carried out up to that point. Further information can be found in the privacy policy on the homepage.”

 

You can revoke this consent at any time without giving reasons in writing by sending an email to info@trenkwalder.com.

 

Please note that we will no longer be able to consider your application once your consent has been revoked.

 

5.   Data access

 

We will only share personal data that we have collected about you in accordance with this privacy policy and generally applicable data protection requirements.

We will share your information on an individual basis: (i) with subsidiaries and affiliates; (ii) if you are an applicant or freelancer, with customers who have vacancies or projects or who are interested in appointing our applicants or freelancers; and (iii) with other persons, such as recruitment consultants and subcontractors, with whom we work to find you a job or project.

 

Furthermore, we may disclose your personal information (i) if we are legally required to do so; (ii) to law enforcement authorities or other government officials on the basis of a lawful disclosure request; and (iii) if we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation on suspected or actual fraudulent or illegal activity. We also reserve the right to transfer any personal data we possess about you if we sell or transfer all or part of our business or assets (including in the event of reorganisation, dissolution or liquidation).

 

We also use various service providers to fulfil our contractual and legal obligations. If necessary, you can request a list of the contractors and service providers we use, which are not just temporary business relationships.

 

6.   Rights of data subjects

 

As a data subject, you can assert the following rights in accordance with Art. 15 – Art. 22 GDPR:


a) The right to information: data subjects have the right to request information about the personal data we process about them to check whether their personal data is being processed in accordance with the law.

d) The right to rectification: data subjects have the right to request the rectification of inaccurate or incomplete data stored about them to protect the accuracy of this information and to adapt it to the data processing.

c) The right to erasure: data subjects have the right to request that the data controller erases information about them and no longer processes this data.

d) The right to restriction of processing: data subjects have the right to request that the data controller restricts the processing of their data.

e) The right to data portability: data subjects have the right to request data portability, which means that the data subject can receive the personal data originally provided in a structured and commonly used format or that the data subject can request the transfer of the data to another data controller.

 

f) The right to object: data subjects who provide personal data to a data controller have the right to object to data processing at any time for a number of reasons, as set out in the General Data Protection Regulation, without having to justify that decision.

g) The right to not be the object of automated individual decision-making: data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subjects or similarly significantly affects them.

 

h) The right to lodge a complaint with a supervisory authority: data subjects have the right to lodge a complaint with a supervisory authority, notably in the Member State of their main residence, place of work or place of the alleged violation if the data subjects believe that the processing of their personal data violates the GDPR. 

If processing is based on consent in accordance with Art. 7 GDPR, data subjects may revoke their consent at any time.

 

7.   Storing your data

 

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. The following also applies with regard to storing applicant data: 

  • If we or a customer concludes a contract of employment with an applicant, the data transmitted shall be stored for the purposes of the employment contract in accordance with the statutory provisions.

  • If no employment contract is concluded with the applicant or the applicant is not given a placement, the application documents shall be automatically erased two months after the announcement of the rejection decision, unless erasure precludes other legitimate interests of the data controller. Other legitimate interests in this sense include retaining evidence for use in proceedings under the German Equal Opportunities Act (AGG).

  • The applicant’s consent is obtained for longer storage to be able to propose further job or project offers matching the applicant’s qualifications and skills even after the end of the first application phase during which the applicant could not be placed. We will, of course, contact you beforehand and obtain your consent after completion of the first application phase and in the event of a suitable offer. If consent is given for longer storage, the data will not be deleted until this period has expired, unless the applicant gives us renewed consent for further storage. You can revoke your consent at any time for the future without giving reasons.

8.   Data transfer

The GDPR guarantees the same high level of data protection within the European Union. Therefore, we rely on European partners wherever possible when selecting our service providers if your personal data will be processed. We shall only have data processed outside the European Union in exceptional cases when using third-party services. We shall only authorise the processing of your data in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that your data may only be processed on the basis of special guarantees, such as the EU Commission’s officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations, the “standard data protection clauses”.

 

9.   Obligation to provide data

 

You must provide any personal data that is required to establish the employment contract or that we are legally obliged to collect as part of the application process. In individual cases, the applicant is legally obliged to provide certain data (e.g. health certificate, police clearance certificate, etc.). Without this data, we or our customer for whom the placement is being carried out will not be able to perform the employment contract with you.

 

10.                 Automated decision-making

Automated decision-making, including profiling, does not take place.

 

11.                 Online application process

 

11.1 General information/voluntary participation 

In addition to face-to-face interviews at offices, we also offer our applicants the opportunity to conduct an interview online. To do so, we use the Microsoft solutions Skype, Teams, Zoom or WhatsApp.

Participation in online interviews is voluntary. You have the option of breaking off an interview at any time, refusing further interviews and withdrawing your consent to participate in the online interview without suffering any disadvantages. Online interviews are not recorded or saved.

It should be noted that the Trenkwalder Group also offers you the opportunity to take part in the interview in the form of a face-to-face interview on site or as a telephone call. If you decide on a face-to-face interview or a telephone call, this will have no detrimental effect on your application.

The interview will only be conducted by those responsible for filling vacancies within the Trenkwalder Group. These persons will ensure that the confidentiality of your personal data is maintained within the scope of the intended purpose. Ensuring the highest possible protection of your personal data is important to the company. All personal data collected and processed by us as part of an application is protected against unauthorised access and manipulation by technical and organisational measures.

11.2 Processed data/legal basis/revocation

The categories of personal data processed as part of the Teams interview notably include: name, image transmission (and, therefore, the transmission of your face), transmission of your voice. The online interview is not recorded and/or stored.

Furthermore, the following personal data is collected by the system when using Microsoft Teams/Skype: IP addresses, email addresses, names, log files, log data, metadata (e.g. IP address, time of participation, etc.), profile data (e.g. your user name, if you provide this information on a voluntary basis).

Data processing as part of the Teams interview is based on the consent you have given, which can be revoked at any time for the future, Art. 6 Para. 1 Sentence. 1 lit. a GDPR.

You have the option of breaking off an interview at any time, refusing further interviews and withdrawing your consent to participate in the Teams or Zoom interview without suffering any disadvantages. You can submit your revocation by email.

We also process the data collected by the system on the basis of a legitimate interest in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR. Our legitimate interest for data processing is: conducting online interviews.

11.3 Data transfer

We use Teams to conduct the online interviews. Microsoft Teams is part of Microsoft Office 365. Microsoft Teams is a productivity, collaboration and exchange platform for individual users, teams, communities and networks that is used across company organisations. It includes a video conferencing function.

Microsoft Office365 is a software provided by the company
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland

Microsoft Teams is part of the Office 365 cloud application, for which a user account must be created.

The data processing with Office 365 takes place on servers in data centres in the European Union in Ireland and the Netherlands.  We have concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR. Accordingly, we have agreed extensive technical and organisational measures with Microsoft for Office 365 that correspond to state-of-the-art technology in IT security, e.g. with regard to access authorisation and end-to-end encryption concepts for data lines, databases and servers.

There are EU standard contracts (standard data protection clauses) in place with Microsoft in the event of access by Microsoft from outside the European Union in individual cases authorised by us. We have implemented additional measures as described above in the form of state-of-the-art technical and organisational measures, such as access authorisation and encryption concepts for data lines, databases and servers, to guarantee an appropriate level of data protection when transferring personal data to a third country, such as the USA, in this specific case.

Microsoft reserves the right to process customer data for its own legitimate business purposes. We have no influence on this data processing by Microsoft. To the extent Microsoft Teams processes personal data in connection with legitimate business purposes, Microsoft is an independent controller for these data processing activities and as such is responsible for compliance with all applicable data protection regulations. Please refer to the relevant Microsoft policy if you require information about processing by Microsoft.

 

14.Application via WhatsApp (PitchYou)

 

If you use our application-via-WhatsApp feature, the legal basis for the communication is your consent, which can be revoked at any time (Art. 6 Para. 1 a GDPR. The application-via-WhatsApp feature is provided to us by the IT service provider PitchYou from SBB Software und Beratung GmbH in Germany, Naila (Bahnhofstraße 7, 95119 Naila, Germany), which can access your data for this purpose as a data processor. A data processing contract has been concluded with PitchYou in accordance with Art. 28 GDPR. 

PitchYou provides multi-stage deletion to protect the rights of data subjects. Nevertheless, we would like to point out that we have no influence on data processing by WhatsApp. Data processing is subject to WhatsApp’s privacy policy, which you must agree to in advance. We would hereby like to point out that the information you provide will be stored and processed in the USA. We would also like to point out that data processing by WhatsApp is associated with security risks. The USA is currently regarded as a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you being informed about this data processing and without you having the option of a legal remedy against this data processing by the US authorities.

The legal basis for processing is the voluntary consent given to us within the meaning of Art. 6 Para. 1 Sentence 1 lit. a GDPR in conjunction with Section 26 BDSG for conducting the application process.

You may revoke the consent expressly given above at any time with effect for the future by sending us a message via WhatsApp. Any processing that takes place before you revoke your consent will not be affected.

Information on WhatsApp’s privacy policy: https://www.whatsapp.com/legal?eea=0#privacy-policy

Further information on PitchYou’s privacy policy can be found at: https://www.pitchyou.de/datenschutz as well as https://www.pitchyou.de/pitchyou-dsgvo 

Information on consenting to the use of WhatsApp can be found at: https://www.pitchyou.de/datenschutz-whatsapp

 

15.   MessengerPeople

 

We use a tool from MessengerPeople GmbH to communicate with you via a messenger service (WhatsApp). Communication only takes place if the person applying to us sends a corresponding opening message and is voluntary. By sending an opening message, you agree to the validity of our data protection provisions. In particular, you consent to your personal data (surname and first name, telephone number, messenger ID, IP address, profile picture and message history) being stored, processed and used to send messages to you as part of the use of the respective messenger service (WhatsApp).

We use MessengerPeople GmbH, Seidlstraße 8, 80335 Munich, Germany, as a technical service provider and processor to provide this communication service. Further information can be found in the respective privacy policies of the messenger service (WhatsApp, www.whatsapp.com/legal/privacy-policy-eea) and MessengerPeople GmbH (https://www.messengerpeople.com/de/datenschutzerklaerung/)

The legal basis for processing is the voluntary consent given to us within the meaning of Art. 6 Para. 1 Sentence 1 lit. a GDPR in conjunction with Section 26 BDSG for conducting the application process. Communication and document exchange via WhatsApp is always voluntary and is only one possible option. It is always possible to communicate via other communication channels (e.g. email). Consent can be revoked at any time with effect for the future directly via the respective WhatsApp chat. 

Information on data protection when using MessengerPeople and WhatsApp https://www.messengerpeople.com/de/whatsapp-datenschutz-alles-was-du-wissen-musst/ 

You will find MessengerPeople’s privacy policy at: 
https://www.messengerpeople.com/de/datenschutzerklaerung/ 

Previous: For the use of our websiteBack to main page