Privacy Policy for Applicants
Privacy Policy for Applicants
Dear applicant,
we are pleased that you are interested in us and would like to apply for a job with us. Enclosed you will find information on how we handle the personal data of your application. In the following, we explain what data we collect about you, what this is required for, who receives this data, how long it is stored and what rights you have in relation to your data.
1. Controller
The company responsible for processing your personal data as outlined in this privacy policy is:
QMware GmbH
Barthstraße 18
80339 Munich
Germany
Tel: +49 89 065-780
Email: meet@qm-ware.com
QMware GmbH is a member of QMware Group. Other companies belonging to QMware Group are:
• QMware AG, Kornhausstrasse 25, 9000 St. Gallen, Switzerland
• QMware Austria GmbH, Kranichberggasse 6, 1120 Vienna, Austria
2. Data protection officer
You can contact our data protection officer as follows:
QMware GmbH
Data Protection Officer
Barthstraße 18
80339 Munich
Germany
Email: GDPR@qm-ware.com
3. What Data do we process?
We only process personal data that we receive from you in the context of your application. These are in particular the following data:
• Personal data (first and last name, date of birth, address, diploma)
• Communication data (telephone number, mobile number, e-mail, street address, ZIP / postal Code, city, state / province / region, country, phone number)
• Your LinkedIn Profile
• Best time to call you
• Existence of a valid working permit for EU / Switzerland
• Your previous employers including dates, position and phone number
• Application data in your resume (for example date of birth, place of birth, marital status, nationality, data on education, information on professional career, certificates and qualifications, curriculum vitae, preferred start date, under certain circumstances photo of the applicant and stated hobbies)
• Data in the course of the interview
• Other data that is voluntarily provided to us in the application process (category “Tell Us About Yourself” e.g. voluntary work, hobbies, etc.)
We need the information in the fields marked with “required” to process your application, to confirm receipt of your application electronically and to communicate with you. You can only send us your application if you have completed these fields. If you do not provide us with your data or do not provide it in full, this will not have any adverse consequences for you, but in this case we will generally not be able to process your application or will only be able to do so with a delay.
4. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
The purpose of the data processing is the application procedure to be carried out, such as the management of your application documents, the assessment of your qualifications, the conduct of interviews and the hiring decision. The legal basis results from
a) Your consent pursuant to Article 6 (1) (a) GDPR
Insofar as you have given us consent to process personal data for specific purposes (e.g. for inclusion in the applicant pool), data processing is based on your consent. This consent is voluntary and you can withdraw it at any time with effect for the future. Your data will then be deleted or will no longer be used after the expiry of legal retention obligations. If you withdraw your consent, the processing of your data that took place until the revocation remains lawful.
b) Article 6(1)(b), 88(1)(2) GDPR in conjunction with § 26(1) s. 1 BDSG
We process your personal data according to Article 6(1)(b), 88(1)(2) GDPR in conjunction with § 26(1)(1) German Federal Data Protection Act (BDSG) in order to be able to carry out the application procedure. This includes, for example, the administration of your application documents, the evaluation of your qualifications, the conduct of job interviews and the hiring decision. The provision of personal data is contractual requirement for the application process.
c) Article 6(1)(f) GDPR
If necessary, we process your data to protect the legitimate interests of us or third parties (measures for building and facility security, for example, access controls, ensuring IT security, asserting legal claims and defense in legal disputes).
Within the scope of our legitimate interests and for internal administrative purposes, we may share applicant data within other members of QMware Group (as defined under Section 1).
d) Article 9(2)(h) GDPR in conjunction with § 22(1)(b) BDSG
In addition, the processing of health data for the assessment of your ability to work in accordance with Article 9(2)(h) GDPR in conjunction with § 22(1)(b) BDSG may be necessary.
5. Source of the personal data
We process personal data that we have received from you in the context of your application and, if applicable, from publicly accessible sources if the purpose of publication so provides, such as from professional networks.
6. Categories of recipients
The following recipients receive your personal data:
• Within our company, we will only pass on your personal data to those departments and persons who need this data to fulfil the purposes described above.
• In addition, we pass on your data to companies and employees of companies that process data on our behalf and in accordance with our instructions (processors). We use such service providers in the following areas of IT and telecommunications. The categories of recipients in this case are internet service providers and providers of applicant management systems and software.
• We may share applicant data with other companies of QMware Group (as defined under Section 1)
• Any other transfer of data to recipients outside the company is only carried out to the extent that the transfer is necessary to fulfil legal obligations.
7. Transfer to third countries
Personal data may be transferred to Switzerland but not to other third countries outside of EU or EEA.
Transfer of personal data to Switzerland may be based on an adequancy decision of the European Commission, available via EUR-Lex database under https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32000D0518.
8. How long is your personal data stored?
We store your personal data for six months in accordance with § 61b(1) ArbGG in conjunction with § 15(4) AGG. The period begins with the receipt of the letter of rejection. This does not apply if you give us your consent to longer storage (e.g. inclusion in an application pool).
9. Which data protection rights do I have?
a) Right to withdraw your consent under data protection law in accordance with Article 7(3) GDPR
You can withdraw your consent to the processing of your personal data at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
b) Right of information according to Article 15 GDPR in conjunction with § 34 BDSG
You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have the right to be informed about these personal data and to receive further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.
c) Right of correction and completion under Article 16 GDPR
You have the right to demand the correction of incorrect data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.
d) Right of deletion (“right to be forgotten”) in accordance with Article 17 GDPR in conjunction with § 35 BDSG
You have the right of deletion, as far as the processing is not necessary.
This is the case, for example, if your data are no longer necessary for the original purposes, if you have revoked your declaration of consent under data protection law or if the data have been processed unlawfully.
e) Right to restrict processing under Article 18 GDPR
You have the right to limit the processing, for example if you believe that personal data is incorrect.
f) Right to data transferability under Article 20 GDPR
You have the right to receive the personal data concerning you in a structured, common and machine-readable format.
g) Right of objection under Article 21 GDPR in conjunction with § 36 BDSG
You have the right to object to data processing on grounds relating to particular situations. However, this only applies in cases where we process data to fulfill a legitimate interest. If you can present such a reason and we cannot assert compelling legitimate grounds for the processing which override your interests, we will no longer process this data for the respective purpose.
h) Automated case-by-case decision including profiling according to Article 22 GDPR
You will not be subject to any decision based solely on automated processing of your data, including profiling, which produces legal effects concerning you or similarly significantly affects you.
i) Complaint to a data protection supervisory authority under Article 77 GDPR
You can lodge a complaint with a data protection supervisory authority at any time, for example if you believe that data processing is not in compliance with data protection regulations.
Competent data protection supervisory:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Germany
Postal address: Postfach 1349, 91504 Ansbach, Germany
Phone: 0981/180093-0
Fax: 0981/180093-800
Email: poststelle@lda.bayern.de
Homepage: https://www.lda.bayern.de