Privacy notice for job applicants
The EU General Data Protection Regulation (GDPR), which entered into force on 25 May 2018, is a Regulation of the European Union that creates a directly applicable, Europe-wide legal basis for the processing of personal data by public authorities and businesses. The European Union has adopted the GDPR with a view to extending the protection of personal data, thus enhancing each individual’s right to informational self-determination. At GloreSoft, we take the protection of personal data very seriously. We process your personal data in compliance with the statutory provisions regarding data protection, in particular, the provisions of the GDPR and the German Federal Data Protection Act (BDSG). By providing the following information, we comply with our statutory obligation to inform you in accordance with Articles 12 et seq. GDPR of the purpose and the relevant contacts in connection with our data processing activities and to enable you to exercise your statutory rights in connection with such data processing.
GloreSoft provides flexible staffing solutions that are tailored according to need by temporarily assigning or permanently placing technology experts in the area of IT services. This includes placing staff for direct employment by our customers (permanent placement services), assigning staff assigned to temporary work (temporary employment) (hereinafter referred to collectively as “our personnel services”).
This information sheet is for candidates and job applicants who apply for particular vacancies or submit unsolicited applications within the scope of our personnel services, are eligible for the relevant positions or are employed in such positions (hereinafter referred to collectively as “applicants”). By contrast, separate privacy notices apply to employees working in GloreSoft’s own business and applicants seeking such employment.
- Data controller
The data controller responsible for the processing of your personal data is GloreSoft GmbH Würmstr 55, 82166 Gräfelfing firstname.lastname@example.org +49 89 726 55 007 (hereinafter: GloreSoft).
- Contact details of the data protection officer
You can reach the company data protection officer of GloreSoft using the following contact details:
+49 89 726 55 007
Please do not hesitate to contact our data protection officer if you have any questions, complaints or comments regarding data protection at GloreSoft
- Processing purposes and legal bases
5.1 Conclusion and performance of a contract
Within the scope of our personnel services, we process personal data concerning you as an applicant for the purpose of providing such personnel services and for the conclusion of the related contractual relationships between you and GloreSoft and/or our customers and, in the event of an according employment and/or appointment, for the performance and, where applicable, termination of the relevant contractual relationships (in particular, within the context of specialised permanent placements/assignments as a temporary worker and employment as an interim/project manager).
The data concerning you that GloreSoft processes for this purpose includes, without limitation, your master data (name, address, date of birth, etc.), your application documents (CV, references and photograph), including any information provided in this context about your person and your qualifications (in particular, your education, professional career, knowledge and skills) and, where applicable, any further data that is of relevance to your application (for example, your preferred areas of employment and activity, your salary expectations, work permit, etc.). If you are a member of a professional contact network (for example, XING or LinkedIn), we additionally store the link to your profile published on such network. This allows us to better compare such data with the data provided directly by you, thus enabling us to address your need for placement and/or employment even better. Furthermore, GloreSoft may have to ask you for a police clearance certificate as part of its contractual obligation to its customers to carefully select suitable candidates; in this case, we store the certificate only with your consent. We process the aforesaid data to assess your suitability for the vacancy to be filled and, where applicable, also in order to be able to offer you further jobs that are tailored to your person and qualifications.
In the event that you are assigned as a temporary worker and/or as an interim/project manager, we additionally process such of your data as is needed for your assignment to customers of GloreSoft, for example, your work report, your times of absence due to illness or holiday and your social security and tax data needed for payroll accounting, for the purposes of implementing the relevant contractual relationship. In addition, we store the evaluation of your work performance that we receive from our customers (customer feedback). Any data processing performed by our customers is carried out by them on their own responsibility; for information in this regard, please directly contact the respective customer for whom you work as part of a specialised permanent placement/an assignment as a temporary worker and/or as an interim/project manager.
It cannot be ruled out that the data provided by you during the application process or otherwise collected by us contains special categories of personal data. This may include information about your religious or philosophical beliefs, the existence of a disability or other health-related information. Special categories of personal data are only processed where this is required by law; for example, we may process information about times of absence and sick notices to assert health insurance claims, data regarding church membership that is relevant for tax purposes or data collected in connection with a suspicion of criminal activity.
As part of the relevant application/personnel processes, we primarily process data that you provide to us yourself. Furthermore, we may also receive data for the aforesaid purposes from the following further sources:
- Previous employers, to the extent that you have given your consent to us contacting them within the framework of your application process;
- Customers, to the extent that they employ you as part of a specialised permanent placement/an assignment as a temporary worker and/or as an interim/project manager.
The legal basis for the above-described processing of your data results from point (b) of Article 6(1) GDPR, point (b) of Article 9(2) and Article 88 GDPR, and Section 26(1), sentence 1, and (3) German Federal Data Protection Act (BDSG).
5.2 Consent (career support)
As a specialised personnel service provider, GloreSoft offers applicants a permanent professional partnership and career support. Within the scope of this permanent professional partnership, GloreSoft uses your personal data (in particular, your email address and telephone number) also upon completion of the concrete application process and your assignments, if any, as part of a specialised permanent placement/assignment as a temporary worker and/or as an interim/project manager to contact you at regular intervals and support you during your further career if you have given us your relevant consent. Of course, you can revoke the consent that you have given at any time with effect for the future.
The legal basis for the processing of your data as part of our career support results from point (a) of Article 6(1) GDPR, Article 88 GDPR, and Section 26(2) German Federal Data Protection Act (BDSG).
5.3 Further processing purposes and legal bases
To the extent necessary, we process personal data concerning you on a statutory legal basis, in particular, within the framework of your assignment as a temporary worker and/or as an interim/project manager, for the following purposes:
Investigation of criminal offences: when actual indications, which need to be documented, give reason to suspect that a criminal offence has been committed within the scope of the employment relationship and the processing of your personal data is necessary to investigate such offence and you do not have an overriding interest worth protecting in your data not being processed (Article 88 GDPR, Section 26(1), sentence 2 German Federal Data Protection Act (BDSG)).
Performance of legal obligations: in the form of documentation, reporting and notification obligations, the handling of inquiries from law enforcement agencies or other public authorities and the defence or assertion of legal claims (point (c) of Article 6(1) GDPR).
Conducting, under certain circumstances, virtual works meetings of employees and the works council using technical equipment, whereby the virtual works meeting is not recorded. In order to determine attendance, the name, address and associated business of the person attending the meeting are stored. The individual voting results are not stored. Participation in the works meeting is voluntary for the employees and takes place at the invitation of the works council, so that data processing of the data required for participation is only carried out with the consent of the person by registering for participation.
The legal basis for the processing of your data in the context of a works meeting is derived from Article 6 Section. 1 sentence 1 lit. a GDPR, Art. 88 GDPR, Article 26 Section 2 BDSG. Of course, you can revoke your consent at any time for the future.
To the extent that the processing of data for the purposes set out below does not occur for the implementation of the respective contractual relationship, we additionally process data on a statutory legal basis due to a legitimate interest (point (f) of Article 6(1) GDPR) or based on your consent for the following purposes:
Maintaining business processes and ensuring compliance, for example, operating, managing and enabling the use of information technology and communication systems, exchanging information on the intranet/extranet, protecting trade and business secrets and business property, including the IT infrastructure, against loss and risks, such as viruses, spam and other attacks and risk scenarios, project management, ensuring business continuity, creating audit trails and other reporting tools, budgeting, financial management and reporting, other internal administrative purposes within our Group, managing mergers and takeovers, as well as reorganisations and sales, preventive measures to prevent criminal conduct and administrative offences or the violation of company rules. In this connection, we have carefully examined your interests requiring protection which relate to the processing of such data. Where data is processed based on a weighing of interests, you generally have the right to object to such processing. In this case, however, we reserve the right to continue the processing if we arrive at the conclusion after another examination that our legitimate interest in processing such data overrides your interests or your fundamental rights and freedoms. (Please also note your rights as a data subject in this regard, as set out in Section 10 below.)
Initially, in principle, only our employees who are engaged in applicant management from an HR, sales or technical perspective gain knowledge of your personal data.
Should the occasion arise, we additionally transfer your master data, your application documents and a candidate profile concerning you that has been developed on this basis to our customers for the provision of our personnel services in order to present you as a candidate. Such transfer is made exclusively to customers who wish to work with you based on your qualifications and interests.
GloreSoft carries out its core activities without support from other, external service providers. Some of our customers request, however, that further service providers be involved to assist with the selection of suitable candidates or with the order processing. We enter into data protection agreements with such service providers to contractually ensure that personal data is handled in an appropriate manner.
Furthermore, we transfer personal data concerning you – in particular, if you are an employee providing temporary work – to institutions that need such data to perform their respective tasks. This especially includes: public institutions, such as the social security institutions, the German pension insurance bodies, the employers’ liability insurance association, the health insurance companies and the tax office, in order to comply with our obligations under social security and tax law, among other things.
Finally, we transfer personal data in individual cases to our legal or tax advisors, who, due to their professional legal status, have a special obligation to maintain confidentiality and secrecy.
Your data is not transferred to third countries outside the European Union (EU)/the European Economic Area (EEA).
- Duration of storage and erasure of your personal data
At GloreSoft, we store your personal data during the initiation and the course of the contractual relationship as long as this is necessary for the conclusion and/or implementation of the respective contractual relationship.
If, in the area of permanent placement, you submit a job application for a particular vacancy, we will erase your data upon expiry of three months after your application has been rejected or you have been successfully hired by our customer, unless you have given your consent to continued storage of your data as part of our career support.
If you work as a temporary worker we erase your personal data when the contractual relationship between you and GloreSoft has ended, all mutual claims have been fulfilled and there are no longer any statutory obligations to retain such data, for example, under the German Commercial Code (HGB) (Sections 238, 257(4) German Commercial Code (HGB)) or the German Tax Code (AO) (Section 147(3) and (4) German Tax Code (AO)), or other statutory legal bases for storage (for example, your consent to continued storage of your data as part of our career support, see above).
- Data security
At GloreSoft, we protect personal data by taking appropriate technical and organisational measures to ensure an adequate level of protection and safeguard the privacy rights of applicants. The purpose of the measures taken is, inter alia, to prevent unauthorised access to the technical facilities used by us and to protect personal data from being accessed by unauthorised third parties.
- Obligation to provide your data
For some of the personal data that you disclose to us as an applicant, the provision of such data is required by law or the contract and/or is necessary for the creation and/or the proper implementation of the relevant contractual relationships. Consequently, you are obliged to provide us with such personal data. Please note that if you do not provide us with such personal data, we may be unable to take your application into consideration in the relevant application processes and/or unable to perform individual contractual obligations.
- Your rights as a data subject
10.1 Access, rectification, erasure, etc.
Upon request, we provide you with information about whether any personal data concerning you has been stored by us and, if so, what personal data, as well as with information about, inter alia, the categories of recipients to whom we have transferred such data, where applicable. In addition, you may exercise the following further rights in accordance with the statutory provisions: rectification, erasure, restriction of processing (blocking for certain purposes), as well as the right to data portability.
10.2 Right to object (to direct advertising, among other things)
If the requirements stipulated in Article 21 GDPR are met, you may object to your personal data being processed, in particular where such processing is based on a weighing of interests (point (f) of Article 6(1) GDPR). This also concerns the cases, if any, where we process your personal data in particular cases for direct advertising purposes. In this context, we weigh our interest in contacting you for advertising purposes against your right to informational self-determination. If you do not wish to receive any advertising from GloreSoft, you may object at any time to your data being processed for advertising purposes.
Information about your right to object under Article 21 GDPR
- You have the right to object at any time to processing of your data which is based on point (f) of Article 6(1) GDPR (data processing based on a weighing of interests) if there are grounds to object relating to your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is done for the establishment, exercise or defence of legal claims.
- In individual cases, we also process your personal data for direct advertising purposes. If you do not wish to receive any advertising, you have the right to object at any time. We will observe such objection with effect for the future.
We will stop processing your data for direct advertising purposes if you object to your data being processed for these purposes.
The objection can be made without observing any particular form and, if possible, should be addressed to:
Würmstr 55, 82166
+49 89 726 55 007
10.3 Right to revoke
You have the right to revoke any consent to the processing of your personal data (for example, for permanent career support) that has been given. As a result of the revocation of your consent, the processing of your data for the purposes covered by such consent is discontinued. A revocation does not affect the lawfulness of the processing carried out in the past. We will store information about your revocation for documentation and evidentiary purposes.
10.4 Right to lodge a complaint
You have the right to turn to a competent supervisory authority if you have any complaints. The supervisory authority responsible for GloreSoft is Bavarian Datenschutzbeauftragter (http://www.datenschutz-bayern.de/).
10.5 Other concerns
Our data protection officer will be happy to help you with any further questions or concerns regarding data protection. Any inquiries in this regard or exercise of your above rights should, if possible, be made in writing to our above-stated address or be addressed directly to our data protection officer, for example by email to email@example.com
- Automated decision-making/profiling
There is no automated decision-making and/or profiling.