Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Information on the processing of your applicant data


This notice provides you with information about the processing of your personal data by Forliance GmbH and your rights under data protection law in the context of the application process.


Who is the controller of the data processing? 


The controller for data processing in accordance with Art. 4 No. 7 GDPR is 

 

Forliance GmbH

Eifelstraße 20

53119 Bonn

E-mail: info@forliance.com


You can contact our data protection officer, Dr. Marschall (GDPC GbR), by mail at the above address with the addition “Data Protection Officer” or by email at datenschutz@forliance.com.


What data categories do we use and what is their origin?


The personal data categories processed include, in particular, your reference data (such as first name, last name, name additions such as academic degrees/titles, nationality), contact details (such as private address, (mobile) phone number, e-mail-address), and data relating to the entire application process (cover letter, references, questionnaires, interviews, and any performance evaluations, qualifications, and previous activities, legal evidence).


Your personal data is generally collected directly from you during the recruitment process. In addition, we may receive or process data from third parties (e.g., from online job platforms or from your public LinkedIn profile) if you have applied to us via these channels or have provided your LinkedIn profile as a source during the application process (optional/voluntary). If you have submitted your personal data to us through these platforms, you can find further information on data processing at these platforms as well.


For what purposes and on what legal basis is data processed?


We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and all other relevant laws (e.g., BetrVG, AGG, etc.).

First and foremost, data processing serves to carry out and handle the application process and to assess the extent to which you are suitable for the position in question, including related purposes such as processing for the purpose of contacting you and thus for the purpose of contract-related communication (including scheduling appointments) with you. As a result, the processing of your applicant data is necessary to decide on the establishment of an employment relationship. The primary legal basis for this is Art. 6 (1) (b) GDPR.

The processing of special categories of personal data – insofar as this is not necessary for the application process – is based on your consent in accordance with Art. 9 (2) (a) GDPR.


Processing upon successful application

Once you have been offered an employment, we process your personal data in order to draw up your employment contract. To this end, all information relevant to the contract (such as your name, address, title, start/end date of contract, place of work, salary, bank details, health insurance, etc.) is processed and forwarded internally to the responsible employees in human resources management and to our external tax advisor. Your data is processed for the purpose of drawing up the employment contract on the basis of Art. 6 (1) (1) (b) GDPR.

As part of your employment, we also process special categories of personal data (such as your religious affiliation for church tax purposes) and, depending on your position, personal data relating to criminal convictions and offenses (such as your police clearance certificate). We process this data for the establishment and implementation of your employment contract on the basis of Art. 9 (2) (b), Art. 10 (1) (2), Art. 6 (1) (b) GDPR.

If your application is successful, we will continue to process the data you have provided to us for the upcoming employment relationship. We will inform you separately about data processing in the context of the subsequent employment contract upon hiring.


Processing based on our legitimate interests – Art. 6 (1) (f) GDPR

Beyond the actual fulfillment of the (preliminary) contract, we process your data—if necessary—to protect our legitimate interests or those of third parties. Your data will only be processed if and to the extent that there are no dominant interests on your part that prevent such processing, in particular for the following purposes: building and facility security (e.g., through access controls). In addition, the disclosure of personal data may be necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution, or the enforcement of civil law claims.

Processing to comply with statutory requirements – Art. 6 (1) (c) GDPR

As everyone involved in economic activity, we are also subject to a variety of legal obligations. These are primarily legal requirements (e.g., Works Constitution Act, Social Security Code, commercial and tax laws), but may also include regulatory or other official requirements (e.g., employers' liability insurance association). The purposes of processing may include identity and age verification, ensuring occupational safety, fulfilling tax control and reporting obligations, and archiving data for data protection and data security purposes, as well as for auditing by tax advisors/auditors, tax authorities, and other authorities.

If we process your personal data for a purpose other than that for which it was collected, we will provide you with information about this other purpose prior to such processing (Art. 13 (3) GDPR).


Who receives your data?


Your application data will be always treated confidentially. Within our company, only those persons and departments (e.g., human resources managers) who need your personal data for recruitment decisions and to fulfill our contractual and legal obligations will receive it. Your application will be reviewed by the human resources department upon receipt. Suitable applications will then be forwarded internally to the department managers responsible for the respective vacancy.

 

In addition, we may transfer your personal data to recipients outside the company. These include our processors in accordance with Art. 28 GDPR (host and service providers, such as our website host, including the career platform on our careers page, or – in individual cases – external companies that support us in the application process and human resources work), who provide us with purely administrative/technical support in processing your personal data. We use Personio GmbH as a processor for our career page. The data transmitted as part of your application is transferred using TLS encryption and stored and processed in our personnel/applicant management software (database) from Personio GmbH (https://www.personio.de/impressum/). In this context, Personio is our processor in accordance with Art. 28 GDPR. The basis for processing is a contract for order processing between us as the responsible body and Personio.


What data protection rights are you entitled to as a data subject?


You can request information about the data stored about you free of charge at the above address. In addition, under certain prerequisites, you can request the correction or deletion of your data. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, commonly used, and machine-readable format.


Right to object

 

If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.


How long will your data be stored?


We will delete your personal data no later than six months after completion of the application process. The storage for this period serves to defend against legal claims (in particular under the AGG) and is based on Art. 6 (1) (f) GDPR. This does not apply if legal provisions prevent deletion or if further storage is necessary for the purposes of providing evidence or if you have consented to longer storage. When deleting your data, we remove the personal reference so that the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (e.g., proportion of women or men in applications, number of applications per period, etc.). It is therefore impossible to draw any conclusions about your person.

If we are unable to offer you a position, but believe that your profile may be of interest for future vacancies, we will process and store your personal application data in our applicant database (talent pool), provided that you wish us to do so and have given us your express consent. If you have agreed to be included in our talent pool, we will process your data for a period of twelve months after the end of the application process in order to identify any other interesting positions and job offers for you and to inform you of these in the event of a suitable offer. Inclusion in the talent pool is voluntary and has no influence on the outcome of the relevant application process. You can revoke your consent at any time with future effect without giving reasons, e.g., by sending an email to the contact details provided. In this case, your data will be deleted from our talent pool immediately.


How do we transfer data to countries outside the European Union?

The use of Microsoft O365 does not exclude the transfer of your personal data to countries outside the European Union (third countries). However, this transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g., binding internal company data protection regulations or agreement to the EU Commission's standard contractual clauses) are in place. The service provider Microsoft USA is certified under the current EU-US Privacy Framework in accordance with Art. 45 GDPR. Detailed information on this and on the level of data protection at our service providers in third countries can be requested using the contact information above.


Are you obligated to provide your data?


As part of your application, you must provide the personal data necessary for the application process and suitability assessment. Without this data, we will not be able to carry out the application process and determine whether to establish an employment relationship.


Would you like to complain about how your data is being handled?


You have the option of contacting the above-mentioned data protection officer or a data protection supervisory authority. The supervisory authority responsible for us is:


Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf

Telephone: 0211/38424-0

Fax: 0211/38424-10

E-Mail: poststelle@ldi.nrw.de


This notice reflects the legal situation as of August 2024. We reserve the right to amend our privacy policy in line with changes in regulations or judicial decisions.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.