Data Protection Information
of About You SE & Co KG, Domstraße 10, 20095 Hamburg (as at: December 2023).
In the following Privacy Policy, we inform you about the processing of personal information carried out by About You SE & Co KG, Domstraße 10, 20095 Hamburg (“ABOUT YOU” and/or “Controller”) in accordance with the General Data Protection Regulation (“GDPR”) and the Federal Data Protection Act (“BDSG”). Our Privacy Policy applies to the following websites, applications and other services (hereinafter collectively referred to as “Services”): www.corporate.aboutyou.de.
Please read our Privacy Policy carefully. If you have any questions or comments about our Privacy Policy, please contact us at [email protected].
Contents
You can easily jump directly to the section you are interested in by clicking on the respective chapter headings.
- 1. Name and Contact Details of the Controller
- 2. Contact Details of the Data Protection Officer
- 3. Purposes of Data Processing, Legal Bases and Legitimate Interests pursued by the Controller or a Third Party and Categories of Recipients
- 3.1 Accessing our Websites/Applications
- 3.2 Personal User Experience
- 3.2.1 Identification on Third Party Sites
- 3.2.2 Personalized Ads and Content
- 3.2.3 Market Research
- 3.2.4 Product Development
- 3.2.5 Performance
- 3.3 Making Contact
- 3.4 Data Processing for Application Purposes
- 4. No Obligation to Provide Data
- 5. Recipients of Personal Data
- 6. Storage Period and Data Deletion
- 7. Recipients outside the EEA
- 8. Your Rights
1. Name and Contact Details of the Controller
This Privacy Policy applies to data processing by
About You SE & Co KG,
Domstraße 10, 20095 Hamburg
Phone: +49 40 638 569 – 0
E-Mail: [email protected]
legally represented by: ABOUT YOU Verwaltungs SE, which in turn is represented by the Management Board members Tarek Müller, Hannes Wiese and Sebastian Betz.
Chairman of the Supervisory Board: Sebastian Klauke
Website: www.corporate.aboutyou.de
for the following Services: www.corporate.aboutyou.de
2. Contact Details of the Data Protection Officer
You can contact the Data Protection Officer of the Controller at
About You SE & Co KG
Attn: Sebastian Herting – Data Protection Law Firm
Domstraße 10
20095 Hamburg Germany
E-Mail: [email protected]
reach.
3. Purposes of Data Processing, Legal Bases and Legitimate Interests pursued by the Controller or a Third Party and Categories of Recipients
3.1 Accessing our Websites/Applications
3.1.1 Log Files
Each time you access Services, information is sent to the server of our Service by the respective Internet browser of your respective end device and temporarily stored in log files. The data records stored in the log files contain the following data: date and time of access, name of the page accessed, IP address of the requesting device, device type, cfRayId, referrer URL (origin URL from which you came to our Service), the amount of data transferred, loading time, product and version information of the browser used in each case and the name of your internet access provider. We process the log files in order to be able to provide our Services reliably and securely.
Insofar as we process personal data (e.g. the IP address), the legal basis for this is Art. 6 (1) f) GDPR. Our legitimate interest arises from the
- – Ensuring a smooth connection setup,
- – To ensure convenient use of our Services,
- – Evaluation of system security and stability.
It is not possible to draw any direct conclusions about your identity from the information and we will not do so. The information is stored and automatically deleted once the aforementioned purposes have been achieved. The standard periods for deletion are based on the criterion of necessity.
Insofar as we use cookies or similar technologies in connection with the processing of log files described above, this is absolutely necessary in order to provide the Services you have requested. We may use these cookies without your consent on the basis of Section 25 (2) No. 2 of the German Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia (“TTDSG”).
3.1.2 Cookies and Tracking
General Information
In our Services we and our partners use cookies or similar technologies (together also referred to as “Cookies”). Cookies are small text files that can be stored on your respective end device (laptop, tablet, smartphone, etc.) when you visit and/or use our Services. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the Cookie that results in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity and/or can draw conclusions about your person.
Some of the Cookies used are deleted again at the end of the browser session (so-called session Cookies). We can use such Cookies to improve the security of our Services, for example, by preventing bot attacks.
Other Cookies remain on your end device and enable us to recognize your end device on your next visit (so-called persistent or cross-session Cookies). These Cookies are used, for example, to show you personalized ads and content in our Services.
Consent to the Use of Cookies
We use most Cookies on the basis of your consent. We ask you for this consent in our Consent Management Plattform (“CMP” and/or “Preference Center”). There it is described as “Store and/or retrieve information on your device”. If you give your consent, this is the legal basis for the use of Cookies (Section 25 (1) TTDSG in conjunction with Art. 6 (1) a) GDPR). We store the decision you have made in this respect as to whether you wish to give your consent so that we can implement it accordingly. An exception to this consent requirement only applies to Cookies that are absolutely necessary for the provision of a Service expressly requested by you. We set these Cookies without your consent on the basis of Section 25 (2) No. 2 TTDSG.
Consent to the Processing of your Data based on Cookies
In our CMP we also ask you – where necessary – for your consent to the processing of your data based on these Cookies. In doing so, we request consent not only for us, but also for the processing of such data by our partners.
In our CMP you will find in particular detailed information on the purposes for which we and our Partners would like to process your data on the basis of your consent, as well as a list of our partners with further information on the data processing they wish to carry out on the basis of your consent.
The decision you make in the CMP as to whether or to what extent you wish to give your consent to the processing of your data based on Cookies, we store it under a so-called Consent ID (e.g. d13b5c50-6x7a-4d7b-9962-3846c8abba), which you can also find at the end of our Privacy Policy in order to be able to implement it accordingly. This pseudonymous consent ID is generated individually for you as a website user in order to provide legal proof of the settings you have made in our CMP and the consents given/withdrawn therein, stating the date/ time. You can view the consent ID at any time in our CMP at any time under the “Settings” section.
The legal basis for any data processing that takes place is Art. 6 (1) f) GDPR. We have a legitimate interest in processing your decision to give your consent so that we do not have to ask you each time you access our Services whether you wish to give your consent.
If you have given your consent to the processing of your data, Art. 6 (1) a) GDPR is the legal basis for this data processing.
Reference to the Right of Withdrawal
You can revoke your consent(s) in whole or in part at any time with effect for the future by changing your settings in our CMP here and clicking on “Ok” or by clicking on “Reject”. You can also always find our CMP at the bottom of the page under the link “Preference Center (Consent Management)”. Your revocation does not change the legality of the data processing carried out on the basis of the consent(s) until the revocation.
3.2 Personal User Experience
We and our partners want to offer you the most personal user experience possible on our Services. In our CMP
we therefore ask for your consent for the processing purposes described in the following Sections 3.2.1. to 3.2.4. The legal basis for the data processing described in these Sections is Art. 6 (1) a) GDPR.
In addition, we process your personal data in order to provide our Services securely and reliably and in the form requested by you. You can find more information on this in Section 3.2.5. The legal basis for the data processing described there is Art. 6 (1) f) GDPR. We have a legitimate interest in offering our Services you have expressly requested securely and reliably.
3.2.1 Identification on Third Party Sites
For certain Services, we need to be able to assign users to our own- or Third Party sites, e.g. to show you advertisements for our products and Services on Third Party sites. For this purpose, we or our partners assign a pseudonymous identifier (ID). In addition, we and our Partners can assign you on Third Party sites with the help of your pseudonymized e-mail address or telephone number.
You can find out which information we or the respective Partners would like to use on the basis of your consent in the partner list.
The legal basis for data processing is Art. 6 (1) a) GDPR.
3.2.2 Personalized Ads and Content
In order to offer you the full ABOUT YOU experience, we and our Partners use certain information (e.g. browser information, click path, date and time of visit, geographical location, IP address, usage data, websites visited) with your consent to present you with ads and content tailored to you on our Services and on Third Party sites, which may be based on your preferences, for example.
You can find out which information we or the respective Partners would like to use on the basis of your consent in the partner list.
The legal basis for data processing is Art. 6 (1) a) GDPR.
3.2.3 Market Research
With your consent, we and our Partners use certain information about the interaction with content and ads on our Services and on Third Party sites to better understand how they are received by our users. To do this, we combine data sets (such as user profiles, statistics, market research and analytics data) that provide information about how you and other users interact with content and ads. We can use this information to identify common characteristics, e.g. to determine which content is relevant for which target groups.
You can find out which information we or the respective Partners would like to use on the basis of your consent in the partner list.
The legal basis for data processing is Art. 6 (1) a) GDPR.
3.2.4 Product Development
With your consent, we and our Partners use information about your activities on our Services and on Third Party sites (e.g. your interaction with ads or content) because it helps us to improve our products and Services and to develop new products and Services based on user interactions, the type of target group, etc. This purpose does not include the development or improvement of user profiles or user identifiers.
You can find out which information we or the respective Partners would like to use on the basis of your consent in the partner list.
The legal basis for data processing is Art. 6 (1) a) GDPR.
3.2.5 Performance
We need certain information in order to provide our Services securely and reliably. To do this, we monitor and prevent unusual and potentially fraudulent activity (e.g. in relation to advertising, ad clicks by bots) and ensure that systems and processes function properly and securely. The information may also be used to resolve any issues you or we have with the delivery of content and ads or your interaction with them. In addition, we need certain information to provide you with our Services in the form you have requested.
You can find out what information we or the respective Partners use for these purposes in the partner list.
The legal basis for data processing is Art. 6 (1) f) GDPR. We have a legitimate interest in offering our Services you have expressly requested securely and reliably.
3.3 Making Contact
You have the option of contacting us in several ways. By e-mail, by telephone or by post. When you contact us, we use the personal data that you voluntarily provide to us in this context solely for the purpose of contacting you and processing your request.
The legal basis for this data processing is Art. 6 (1) a), Art. 6 (1) b) Art. 6 (1) c) GDPR and Art. 6 (1) f) GDPR. We have a legitimate interest in responding to inquiries from our users that are of a general nature and not directly related to a contractual relationship.
3.4 Data Processing for Application Purposes
3.4.1 Registration/Application
When you register on our careers website, we process the data required for registration and application. This includes
- – First name, last name
- – Date of birth
- – E-mail address
- – Address
- – Phone number
- – Links to Personal Profiles on Other Social Networks/Platforms
- – Information as part of the application, such as: school-leaving certificate, information on training (studies, doctorate, etc.), references, information on previous career, information on other qualifications (languages, PC skills, voluntary activities, portfolio, work samples)
- – Application photo, if applicable
- – Information on desired salary
- – Information on the earliest possible start date/cancellation period
- – Other information contained in documents that you provide to us as part of your application.
The legal basis for this data processing is Art. 6 (1) a) and b) GDPR, i.e. you voluntarily provide us with the data on the basis of your consent and your application request for the implementation of pre-contractual measures. The legal basis is also Art. 6 (1) f) GDPR, whereby our legitimate interest arises from the examination of the information with regard to the recruitment decision. For Germany, Section 26 BDSG also applies as the legal basis.
Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily disclosed as part of the application process, they are also processed in accordance with Art. 9 (2) b) GDPR (e.g. health data, such as severely disabled status or ethnic origin).
ABOUT YOU has its career platform operated by SmartRecruiters GmbH, Dircksenstrasse 47, 10178 Berlin (“SmartRecruiters”), which provides software for processing and managing application data. SmartRecruiters processes the data solely and exclusively on behalf of ABOUT YOU.
3.4.2 Making an Appointment
As part of the application process, we use Google’s calendar services (“Google Calendar”) to coordinate appointments. Google is operated by Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland (“Google Ireland”). To make an appointment with you for a job interview, we will provide you with a link generated by us, which will automatically take you to our calendar overview. After selecting your appointment, confirming it and entering your contact details (name and email address) required for making the appointment, you will receive an email confirming the appointment. We use this data for the purpose of planning, conducting and, if necessary, following up on the interview and for the duration of the application process.
The legal basis for this data processing is Art. 6 (1) a) and b) GDPR.
Google Ireland processes the data solely and exclusively on behalf of ABOUT YOU.
3.4.3 Professional Social Platforms
We operate social media pages on the professional social platforms LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”) and XING, operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (“XING”) and in this context process data of the users active there in order to communicate with them, offer information about us or draw attention to career opportunities.
If you contact us via our social media pages, we process personal data resulting from your user profile as well as any data that you may have voluntarily provided to us for the purpose of processing your request, in particular to answer your inquiry. We can then respond to your request via our respective social media pages.
In many cases, the legal basis for this processing is Art. 6 (1) b) GDPR and Art. 6 (1) f) GDPR on the basis of legitimate interests in public relations and communication. Furthermore, we have a legitimate interest in actively searching for suitable candidates for advertised vacancies.
We have no influence on the processing of your personal data by the respective providers of the professional social platforms. Rather, platform operators can control data processing in the context of the use of their respective services. This includes, for example, the storage and use of Cookies on your device and the analysis of your behavior in social networks.
Further information on data processing by LinkedIn can be found here and by XING here.
3.4.4 Additional Data Processing
In the event of a positive decision, we will transfer your data to the regular personnel administration process, where it will be retained and stored in accordance with legal requirements.
If you apply for a specific advertised position, we will delete your data in accordance with the legal requirements in the event of a negative decision (usually six months after sending the negative decision).
In the case of an unsolicited application, your data will be stored for a maximum period of six months. If we do not make a positive decision for you after this period and you do not take any further action, the data provided will be deleted automatically. If you receive a negative decision from us before the end of this six-month period, we will delete your data in accordance with the legal basis in the event of a negative decision (usually six months after the negative decision is sent).
3.4.5 Job Offers by E-Mail
Newsletter
As part of our Services, we offer you the opportunity to be informed about current job offers by e-mail. In order to ensure that no errors have been made when entering your e-mail address, we use the so-called double opt-in procedure (DOI procedure): After you have entered your e-mail address in the registration field and given your consent to receive current job information, we will send you a confirmation link to the e-mail address you have provided. Only when you click on this confirmation link will your e-mail address be added to our mailing list for sending our newsletter. The legal basis for this processing is Art. 6 (1) a) GDPR.
We use the software solution of Rocket Science Group, LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA (“Mailchimp”) to send the newsletter. As a Processor, Mailchimp processes your data exclusively on our behalf and not for its own purposes.
You can withdraw your consent at any time with effect for the future by sending a message to [email protected] or by using the unsubscribe option at the end of each newsletter.
RSS Feed
We offer you the opportunity to be informed about current job offers via RSS feed. An RSS feed is a more modern form of the classic newsletter, which you can read either with your browser or with a special program (RSS reader). You can manage and deactivate your subscribed RSS feeds at any time in the settings of your browser/reader.
The legal basis for this data processing is Art. 6 (1) a) GDPR.
4. No Obligation to Provide Data
In principle, you are not obliged to provide us with your personal data. However, the use of certain areas of our Services may require the provision of personal data, in particular the purchase of goods. If you do not wish to provide us with the data required for this, you will unfortunately not be able to use the relevant areas of the Services.
5. Recipients of Personal Data
5.1 Disclosure of Data to Third Parties
We will only pass on your data to Third Parties outside ABOUT YOU if this is legally permissible (e.g. because we or the Third Party have a legitimate interest in passing it on, we are legally obliged to pass it on or on the basis of your consent).
In addition to the Third Parties named in our Privacy Policy and in our CMP, we may disclose personal data to a Third Party in particular in the following cases
- – If we are obliged to do so due to legal requirements or by enforceable official or court order in individual cases (vis-à-vis authorities)
- – In connection with legal disputes (with courts or our lawyers) or tax audits (with auditors)
- – When we work together with tax consultants
- – In connection with possible criminal acts to the competent investigating authorities
- – In the event of a sale of the business (to the purchaser)
If we pass on your data to Third Parties on the basis of your consent, the explanation can also be provided when consent is obtained.
5.2 Disclosure to Processors
We use so-called Processors in some areas of the processing of your data. A Processor is a natural or legal person who processes personal data on our behalf and on the basis of our instructions, whereby we remain responsible for the data processing. Processors do not use the data for their own purposes but carry out the data processing exclusively for the Controller.
Insofar as the Processors are not already named in this Privacy Policy, these are in particular the following categories of Processors:
- – IT service provider (sending e-mails and newsletters)
6. Storage Period and Data Deletion
ABOUT YOU only stores personal data for as long as is necessary for the purposes stated in this Privacy Policy, in particular to fulfill our contractual and legal obligations. We may also store your personal data for other purposes if and for as long as further storage for certain purposes is permitted by law.
7. Recipients outside the EEA
We also pass on personal data to third parties or Processors based in countries outside the European Economic Area (“EEA”). In this case, we ensure that the recipient either has an adequate level of data protection or has your express consent before transferring the data.
An adequate level of data protection exists, for example, if the European Commission has adopted a so-called adequacy decision for the respective country (Art. 45 GDPR). For the USA, the European Commission has decided that an adequate level of data protection exists there if the data recipient participates in the EU-U.S. Data Privacy Framework (DPF) and has a current certification for this. If the recipients of your personal data are located in the USA and participate in the DPF, we therefore rely on this adequacy decision (Art. 45 GDPR).
Alternatively, we ensure an adequate level of data protection by agreeing the so-called EU standard contractual clauses of the European Commission with recipients (Art. 46 GDPR). In this case, we carry out transfer impact assessments and agree additional protective measures with the recipient or implement them where necessary. Specifically, we agree Module 1 of the EU standard contractual clauses with recipients who are (independent) Controllers and Module 2 of the EU standard contractual clauses with recipients who act as our Processors.
These are third parties or Processors in the following countries: USA (we rely on the “DPF” in this respect). You can obtain a copy of the specifically agreed regulations to ensure an adequate level of data protection from us. To do so, please contact [email protected] or to the contact information set out in Section 2. contact information.
8. Your Rights
8.1 Overview
In addition to the right to revoke your consent given to us, you have the following additional rights if the respective legal requirements are met:
- – The right to information about your personal data stored by us (Art. 15 GDPR), in particular you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected directly from you;
- – The right to rectification of inaccurate or completion of incomplete data (Art. 16 GDPR),
- – The right to erasure of your data stored by us (Art. 17 GDPR), provided that the applicable requirements for this are met and, in particular, no statutory or contractual retention periods or other statutory obligations or rights to further storage are to be observed by us,
- – The right to restrict the processing of your data (Art. 18 GDPR) if the accuracy of the data is contested by you (for a period enabling us to verify the accuracy of the personal data); the processing is unlawful but you oppose its erasure; we no longer need the data, but you require it for the establishment, exercise or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR (pending the verification whether our legitimate grounds override yours),
- – The right to data portability in accordance with Art. 20 GDPR, i.e. the right, in the case of processing based on your consent (Art. 6 (1) a) GDPR) or for the performance of a contract (Art. 6 (1) b) GDPR), which is carried out using automated procedures, to receive data stored by us about you in a common, machine-readable format or to request that it be transferred to another Controller (the latter, insofar as this is technically feasible),
You can assert the aforementioned rights to which you are entitled at [email protected].
You also have the right to lodge a complaint with a supervisory authority. In particular, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
8.2 Rights of Objection
You have the right to object at any time to the processing of your personal data for advertising purposes (“advertising objection”).
In addition, you have the right to object to data processing on the basis of Art. 6 (1) f) GDPR for reasons arising from your particular situation. We will then stop processing your data unless we can – in accordance with the legal requirements – demonstrate compelling legitimate grounds for further processing that outweigh your rights, or the processing serves to assert, exercise or defend legal claims.
You can assert your rights of objection at [email protected].
8.3 Right of Withdrawal
Insofar as we process data on the basis of your consent, you have the right to withdraw your consent at any time. Your revocation does not affect the legality of the data processing carried out on the basis of the consent(s) until the revocation.
You can generally assert your right to object at [email protected].
You can revoke your consent to the use of Cookies or the processing of your personal data based on them in whole or in part at any time by changing your settings in our CMP here and clicking on “Ok” or by clicking on “Reject”. You can also always find our CMP at the bottom of the page under the link “Preference Center (Consent Management)”.
Consent-ID:
Download Privacy Policy as PDF
Print Privacy Policy
Download PDF-Reader