Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Processing of personal data by the Controller responsible for the online application process

Data Protection at the application process with Personio and the talent pool of the ABI

In the following we will be informing you about the controller responsible for the processing of your personal data and the controller’s data protection officer (Section A) as well as your rights regarding the processing of your personal data (Section B).
Furthermore, we have detailed information below on the processing of your personal data (Section C) and information regarding the use of cookies (Section D) on https://audi-business-innovation-gmbh.jobs.personio.de/.  
The terminology applied throughout this privacy notice, such as "Controller", has the meaning as attributed to it under Article 4 GDPR (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC General Data Protection Regulation ("GDPR")).

Information regarding the Controller

I.  Name and contact details of the controller

The controller of the Internet presence https://audi-business-innovation-gmbh.jobs.personio.de/ is:
 

Audi Business Innovation GmbH
Helmut-Dietl-Straße 2
81671 Munich
Germany
Email: karriere.businessinnovation@audi.de 


- hereinafter referred to as “We” -

II. Contact details of the controller’s data protection officer

You may contact our data protection officer as follows:                          
Audi Business Innovation GmbH

Mr. Andreas Buchberger
Data Protection Officer 
Helmut-Dietl-Straße 2
81671 Munich
Germany
Email: data.privacy.abi@audi.de

Information Regarding the Rights of Data Subjects

As the data subject, you have the following rights regarding the processing of your personal data:

  • the right of access to information (Article 15 of the GDPR);
  • the right to the correction of data (Article 16 of the GDPR);
  • the right to erasure ("right to be forgotten" - Article 17 of the GDPR);
  • the right to the restriction of processing (Article 18 of the GDPR);
  • the right to data portability (Article 20 of the GDPR);
  • the right to object (Article 21 of the GDPR);
  • the right to withdraw a consent (Article 7 para. 3 of the GDPR);
  • the right to lodge a complaint with a supervisory authority (Article 57 para. 1 lit. f of the GDPR).


To exercise your rights, you may contact our data protection officer (Section A.II.).

Information regarding the specific modalities and mechanisms which facilitate the exercise of your rights, especially in relation to the exercise of your rights to data portability and to object, is available (where applicable) from the information on the processing of personal data in Section C of this privacy notice.

Below we provide you with detailed information of your rights regarding the processing of your personal data.

I. Right of Access to Information

As the data subject, you have a right of access to information subject to the prerequisites laid down in Article 15 of the GDPR.

This means in particular that you have the right to request confirmation from us as to whether we process personal data concerning you. If this is the case, you also have the right to be informed of these personal data and such information as specified under Article 15 para. 1 of the GDPR. This includes, but is not limited to, information pertaining to the purposes of the processing; the categories of personal data that are processed; and the recipients or categories of recipient(s) to whom personal data have been or will be disclosed (Article 15 para. 1 lit. a, b, and c of the GDPR).

To view the full scope of your right of access to information, please refer to Article 15 of the GDPR which can be prompted with this link.

II. Right to Rectification

As the data subject, you have a right to the rectification of data subject to the prerequisites laid down in Article 16 of the GDPR.

This means in particular that you have the right to request that we rectify incorrect personal data concerning you and complete any incomplete personal data without delay.

To view the full scope of your right to rectification, please refer to Article 16 of the GDPR which can be prompted with this link.

III. Right to Erasure ("right to be forgotten")

As the data subject, you have a right to erasure ("right to be forgotten") subject to the prerequisites laid down in Article 17 of the GDPR.

This means that in principle, you have the right to request that we promptly erase the personal data concerning you and that we are obliged to erase these personal data without delay provided that one of the reasons as specified under Article 17 para. 1 of the GDPR applies. This may be the case, for example, if personal data are no longer required in relation to the purposes for which they were collected or otherwise processed (Article 17 para. 1 lit. a of the GDPR).

Insofar as we made the personal data public and if we are obliged to erase them, we are equally obliged (subject to the available technology and cost of implementation) to take reasonable measures, even of technical nature, so as to inform other data controllers processing such personal data that a data subject requested that they erase all links to these personal data or copies or replications of said personal data (Article 17 para. 2 of the GDPR).

In the exceptional case, the right to erasure ("right to be forgotten") does not apply insofar as processing is necessary for reasons specified in Article 17 para. 3 of the GDPR. This may be the case, for example, if processing is necessary to comply with a legal obligation or to establish, exercise or defend legal claims (Article 17 para. 3 lit. a and e of the GDPR).

To view the full scope of your right to erasure / right to be forgotten, please refer to Article 17 of the GDPR which can be prompted with this link.

IV. Right to the Restriction of Processing

As the data subject, you have a right to the restriction of processing subject to the prerequisites laid down in Article 18 of the GDPR.

This means that you have the right to request that we restrict the processing provided that one of the reasons as specified under Article 18 para. 1 of the GDPR applies. This may be the case, for example, if you contest the accuracy of the personal data. In such a case, processing will be restricted for such period that we require to verify the accuracy of the personal data (Article 18 para. 1 lit. a of the GDPR).

Restriction means the marking of stored personal data with the aim of limiting their processing in the future (Article 4 para. 3 of the GDPR).

To view the full scope of your right to the restriction of processing, please refer to Article 18 of the GDPR which can be prompted with this link.

V. Right to Data Portability

As the data subject, you have a right to data portability subject to the prerequisites laid down in Article 20 of the GDPR.

This means that in principle, you have the right to receive the personal data concerning you and which you provided to us in a structured, commonly-used and machine-readable format and that you have the right to transmit these data to another controller without hindrance on our behalf, provided the data were processed based on a consent pursuant to Article 6 para. 1 lit. a or Article 9 para. 2 lit. a of the GDPR or for the performance of a contract pursuant to Article 6 para. 1 lit. b of the GDPR and processing was conducted using automated means (Article 20 para. 1 of the GDPR).

Information as to whether processing is based on a consent pursuant to Article 6 para. 1 lit. a or Article 9 para. 2 lit. a of the GDPR or a contract pursuant to Article 6 para. 1 lit. b of the GDPR is defined in the information regarding the legal basis for processing, Section C of this privacy notice.

In exercising your right to data portability, you also have the right in principle to request that we transmit the personal data directly to another controller insofar as is technically feasible (Article 20 para. 2 of the GDPR).

To view the full scope of your right to the restriction of processing, please refer to Article 20 of the GDPR which can be prompted with this link.

VI. Right to Object

As the data subject, you have a right to object subject to the prerequisites laid down in Article 21 of the GDPR.

We expressly point out your right to object as a data subject at the time of our initial communication with you the latest. Below we provide you with detailed information of this:

1. Right to object for reasons resulting from the specific situation of the data subject

As the data subject, you have the right to object at any time to the processing of personal data concerning you for reasons resulting from your personal situation by virtue of Article 6 para. 1 lit. e) or f) of the GDPR; this equally applies to any profiling based on this provision. Information as to whether processing is based on Article 6 para. 1 lit. e) or f) of the GDPR is defined in the information regarding the legal basis for processing, Section C of this privacy notice.

If you object for reasons resulting from your specific situation, we will no longer process the personal data concerning you unless we can provide proof of compellingly legitimate grounds for such processing which override your interests, rights and freedoms, or such processing serves to establish, exercise or defend legal claims. To view the full scope of your right to object, please refer to Article 21 of the GDPR which can be prompted with this link.

2. Right to object to direct marketing


If the personal data concerning you are processed for direct marketing purposes, you have the right to object to the processing of personal data that concern you for the purposes of such marketing; this applies equally to profiling provided that it is tied to such direct marketing.

Information as to whether and to which extent personal data are processed for purposes relating to direct marketing is defined in the information regarding the purposes of processing, Section C of this privacy notice.

If you object to the processing for purposes relating to direct marketing, we will no longer process personal data concerning you for these purposes.

To view the full scope of your right to object, please refer to Article 21 of the GDPR which can be prompted with this link.

VII. Right to Withdraw Consent

If processing is based on a consent issued pursuant to Article 6 para. 1 lit. a or Article 9 para. 2 lit. a of the GDPR, you as the data subject have the right according to Article 7 para. 3 of the GDPR to withdraw your consent at any time. Your withdrawal of the consent does not affect the lawfulness of any processing carried out by virtue of a consent that was issued prior to such withdrawal. We shall notify you accordingly prior to issuing such consent.

Information as to whether processing is based on a consent pursuant to Article 6 para. 1 lit. a or Article 9 para. 2 lit. a of the GDPR is defined in the information regarding the legal basis for processing, Section C of this privacy notice.

VIII. Right to complain to the supervisory authority

As a data subject, you have the right to lodge a complaint with the competent supervisory authority under the conditions of Article 57 para. 1 lit. f of the GDPR.

Information on the Processing of Personal Data

I. Legal Basis and Purpose of Processing Your Data

We process your personal data in compliance with the provisions set forth in   the GDPR (GDPR) as well as the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) for various purposes. The specific purposes of data processing are primarily dependent on the individual request, the selected product or the individual service that has been opted for.

The processing of your personal data is based on one of the legal reasons specified below:

you issued your prior consent (Art. 6 para. 1, subparagraph 1 lit. a GDPR);

processing is necessary in order to comply with the performance of a contract with you or to take steps prior to entering into a contract at your request (Art. 6 para. 1, subparagraph 1 lit. b GDPR);

processing is necessary to comply with a legal obligation under EU law or the legislation of an EU Member State (Art. 6 para. 1, subparagraph 1 lit. c GDPR);

processing is necessary for the purposes of the legitimate interests pursued by Audi Business Innovation GmbH or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data (Art. 6 para. 1, subparagraph 1 lit. f  GDPR).

If, in the exceptional case, we process special categories of personal data (data that identify the race or ethnicity, political opinions, religious or ideological convictions or the affiliation to a trade union; the processing of genetic data, biometrical data to clearly identify a natural person; health data or data on a person’s sexual life or sexual orientation) concerning you, one of the following legal grounds must be relevant in addition:

you issued your express prior consent (Art. 9 para. 2, lit. a GDPR);

processing is necessary to protect your vital interests or those of another natural person and the data subject is unable to issue his or her consent because of physical or legal reasons (Art. 9 para. 2 lit. c GDPR);

processing encompasses personal data which you manifestly made public (Art. 9 para. 2 lit. e GDPR);

processing is necessary to establish, exercise or defend legal claims (Art. 9 para. 2 lit. f GDPR);

processing is necessary for reasons of substantial public interest, on the basis of EU or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject (Art. 9 subparagraph 2 lit. g GDPR).

Please observe your rights to object to the processing of data for purposes relating to direct marketing or personal reasons and your right to withdraw a consent given (see Section B, especially paragraph VI. about your right to object).

II. Personal Data on the Website

In connection with the website https://audi-business-innovation-gmbh.jobs.personio.de/ various personal data are processed for different purposes.

Insofar as we as the so-called controller decide alone or jointly with others on the purposes and means of processing personal data, you are given information below that particularly regards

the personal data or categories of personal data that are processed;

the purposes for which the personal data are to be processed;

legal basis for processing and, insofar as processing is based on Article 6 para. 1 lit. f of the GDPR, the legitimate interests which we or a third party pursue;

where applicable, the recipient or the categories of recipient of the personal data;

where applicable, our intention to transmit the personal data to a third country or to an international organisation as well as the presence or absence of an adequacy decision by the Commission or, in the event of transmissions pursuant to Article 46 or Article 47 of the GDPR or Article 49 para. 1 subparagraph 2 of the GDPR, a reference to suitable or reasonable guarantees and the possibility of how a copy of them can be obtained or where they are available;

the storage period of personal data or, if this is not possible, the criteria that establish this period.

III. Website log files

Every time the website https://audi-business-innovation-gmbh.jobs.personio.de/ is accessed, general log data are automatically written to what are known as log files. As these data are usually pseudonymised, they cannot be traced back to any natural person. Without these data, it would not be technically possible to deliver and display some of the software content. It is also absolutely essential that we process these data for reasons of security, especially for access, input, transfer and storage control. Furthermore, the anonymised information may be used for statistical purposes and to optimise the website and technology. In addition, the log files may be subsequently reviewed and evaluated if there is reason to suspect illegal use of the software. The legal basis for this is set out in Art. 6 para. 1 lit. f GDPR.

The following information is automatically transferred:

Internet Protocol (IP) address of the end device from which the website was accessed;

Internet address of the website from which the website was accessed (known as the origin or referrer URL);

Name of the service provider via which the website was accessed;

Name of the files and/or information retrieved;

Date, time and duration of the visit;

Data volume transferred;

Operating system and information on the browser used, including installed add-ons (e.g. for the Flash Player);

HTTP status code (e.g. “request successful” or “requested file not found”).

The aforementioned data are stored without your complete IP address in the log files so that they cannot be traced back to your IP address.

IV. Application process via our online application tool

1. Details of the personal data processed


Categories of personal data processed: Data that you save in our online application tool during the application process (“application data”).
Personal data included in the categories: Mandatory information, which is indicated with an asterisk (*): Full name, email address, address, phone number, date of birth, gender and relevant documents providing information on your CV and work references. There is also the option to provide further information voluntarily. 
Data sources: Applicants.
Obligation to provide the data: There is no obligation to provide the data. However, we will not be able to consider your application if you fail to do so.
Duration of storage: We store your data and application until the application process has been completed. You may withdraw your application at any time. If your application is unsuccessful or you end the application process, we erase your data and documents if these are no longer required for the purpose for which they were collected. By default, this takes place six months after the completion of the application process unless statutory retention obligations prevent this.

2. Details of the processing of the personal data


Purpose of the processing of the personal data: We collect your data in order to process your application and quickly give you feedback. The personal data and any information relevant to the role, CV, references and other attachments and information in the application are stored and processed for the sole purpose of processing your application and for making contact and holding interviews with you. If your application is successful, we will continue to process and use the data and files you provided within the framework of your employment relationship with us.
Automated decision-making: There is no automated decision-making with regard to your application during the screening process or at any further stage in the selection process. Employees in our HR department will compare your profile and the vacancy.
Legal basis and any legitimate interests: The processing is required in order to conduct the application process on your application and therefore with the view to concluding an employment contract (Art. 6 para. 1 lit. b GDPR, Art. 88 GDPR in conjunction with Section 26 para. 1 BDSG).
Recipients: Relevant employees at ABI who are involved in the application process. Personio GmbH as the provider of the online application tool and Amazon Web Services, Inc. as the hosting provider for Personio GmbH.

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations

 

Recipient: Personio GmbH, Seidlstraße 3, 80335 Munich, Germany. 
Role of the recipient: Processor to ABI pursuant to Art. 28 GDPR.
Registered office of the recipient: EU.
Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organisations: -

Recipient: Amazon Web Services, Inc., 410 Terry Avenue North Seattle, WA 98109 USA. Amazon Web Services is the hosting provider for Personio GmbH. It implements technical and organisational security measures to protect your data collected against accidental and intentional manipulation, loss, destruction and unauthorized third-party access. The hosting takes place in Europe.
Role of the recipient: Processor to Personio GmbH pursuant to Art. 28 GDPR.
Registered office of the recipient: USA.
Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organisations: Standard Contractual Clauses.

Recipient: Relevant ABI employees in the HR and other departments involved in the application process. All of the people involved in processing the application are ABI employees and are obligated to maintain confidentiality under their employment contract. 
Role of the recipient: Controller.
Registered office of the recipient: EU.
Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organisations: -

V. Application via post

If you send your application to us via post, staff in our HR department create a Personio account for you using the information contained in the documents sent by mail. In this case, your data are also processed pursuant to Section C. IV. If your application is not considered or you end the application process, the documents are returned to you by post and the account is deleted pursuant to Section C. IV. 1.

VI. Talent pool

If you withdraw your application or if we are not in a position to consider your application, but we find you and your profile interesting, we may offer to add you to our digital applicant database, or “talent pool”. To this end, we will ask you via email whether you are interested in being added to our talent pool. We process the information provided by you during the application process within the context of the talent pool to notify you of specific role-based vacancies and consider you in application processes again. Role-based vacancies are vacancies that suit your professional profile. If you wish to be added to our talent pool, you are free to reply to our email request and thereby consent to us adding you to the talent pool. Of course, you may withdraw your consent to being added to the talent pool at any time with effect for the future, without giving reasons.

1. Details of the personal data processed


Categories of personal data processed: Data we have collected during your application process.
Personal data included in the categories: This may include, in particular, the following data: first name, last name, address, phone number, email address and other data, including personal data, which you provide to us in your application and the attached documents or provide as part of the application process. 
Data sources: Your application documents.
Obligation to provide the data: There is no obligation to provide the data. However, if the data is not provided, we will not be able to include you in our talent pool.
Duration of storage: We store your data for up to 24 months after the end of your application process. You can contact us at any time using the contact details provided in Section A. I. and withdraw your consent or request the deletion of your data. If there are no statutory retention periods to prevent the deletion of your data due to the withdrawal of your consent or your deletion request, we will delete your data immediately after your withdrawal or after your deletion request.

2. Details of the processing of the personal data


Purpose of the processing of the personal data: Creation and expansion of our talent pool.
Automated decision-making: There is no automated decision-making.
Legal basis and any legitimate interests: Consent (Art. 6 para. 1 lit. a GDPR). We process your data on the basis of your consent given via email.  
Recipients: Audi Business Innovation GmbH.

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations


Recipient: Audi Business Innovation GmbH, Hochbrückenstr. 6, 80331 Munich, Germany.
Role of the recipient: Controller.
Registered office of the recipient: EU.
Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organisations: -

VII. Tech-Check

If you are applying for roles that require technical skills, knowledge of software development, or experience with pipelines, test automation, and continuous integration and deployment in cloud environments (CI/CD), we would like to find out if your knowledge and skills fit our role profile during the application process. In this context, we therefore carry out a so-called tech check. This includes an initial technical consultation as well as a coding challenge, in which you have the chance to present your skills and knowledge and thus convince us of your role fit.

1. Details of the personal data processed


Categories of personal data processed: Data we have collected during your application process.
Personal data included in the categories: This may include, in particular, the following data: first name, last name, address, phone number, email address and other data, including personal data, which you provide to us in your application and the attached documents or provide as part of the application process. 
Data sources: Your application documents.
Obligation to provide the data: There is no obligation to provide the data. However, if the data is not provided, we will not be able to include you in our talent pool.
Duration of storage: We store your data for up to 24 months after the end of your application process. You can contact us at any time using the contact details provided in Section A. I. and withdraw your consent or request the deletion of your data. If there are no statutory retention periods to prevent the deletion of your data due to the withdrawal of your consent or your deletion request, we will delete your data immediately after your withdrawal or after your deletion request.

2. Details of the processing of the personal data


Purpose of the processing of the personal data: Implementation of an initial technical consultation along with a coding challenge to check the role fit.
Automated decision-making: There is no automated decision-making.
Legal basis and any legitimate interests: The processing is required in order to conduct the application process on your application and therefore with the view to concluding an employment contract (Art. 6 para. 1 lit. b GDPR, Art. 88 GDPR in conjunction with Section 26 para. 1 BDSG).
Recipients: Audi Business Innovation GmbH. 
 

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations


Recipient: Audi Business Innovation GmbH, Hochbrückenstr. 6, 80331 Munich, Germany.
Role of the recipient: Controller.
Registered office of the recipient: EU.
Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organisations: -

Recipient: Futurepath GmbH, Lützowufer 6-9, 10785 Berlin, Germany.
Role of the recipient: Processor to ABI pursuant to Art. 28 GDPR.
In order to carry out the initial technical interview and the coding challenge, employees of the processor will receive the surname, first name, e-mail address, address and curriculum vitae (CV) of the applicant who has applied for the role. The Processor will then independently arrange an appointment with the applicant to carry out the Tech Check, for which the Processor will contact the applicants via e-mail. Following the tech check, the processor sends the result of the tech check to ABI.
Registered office of the recipient: EU.
Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organisations: -

Use of cookies

In some cases, so-called cookies are used on the website https://audi-business-innovation-gmbh.jobs.personio.de/. These are small text files that are stored on the device you use to access this recruiting site. Basically, cookies are used to ensure security when visiting a website ("strictly necessary"), to implement certain functionalities such as standard language settings ("functional"), to improve the user experience or performance on the website ("performance") or to display target group-based advertising ("marketing").
As a matter of principle, only technically necessary, functional and performance cookies are used on this website, in particular for the implementation of certain default settings such as e.g. the language, to identify the application channel or to analyze the performance of a job advertisement through which a user came to this recruiting page.
The legal basis for setting cookies that are upon your wish necessary to provide our services is Section 25 para. 1 no. 2 of the German Telecommunication-Telemedia-Data-Protection-Law (Telekommunikations-Telemedien-Datenschutz-Gesetz – “TTDSG”). Your consent is not necessary. Should we set cookies, that are not necessary to provide our services to you, we rely on your consent (Section 25 para. 1 first sentence TTDSG) as the legal basis for setting cookies.
The legal basis for the processing of the information read by the cookies may either be your consent (Article 6 para. 1 lit a of the GDPR) or our legitimate interest (Article 6 para. 1 lit f of the GDPR).
You can withdraw your consent for the setting of cookies that not require consent or for the reading of cookies at any time. Your withdrawal of the consent does not affect the lawfulness of any processing carried out by virtue of a consent that was issued prior to such withdrawal. You can find more details and information concerning the option to withdraw in Section D.V.

Storage period: Up to 1 month or until the end of the browser session.

Version and Amendments to this Privacy Notice


This privacy notice was last updated in March 2024.
Technical advancements and/or changed legal and/or official requirements may require an update of this privacy notice.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.