Processing of (personal) data by the entity in charge of the online application process
Responsible Body
The responsible body according to Art. 4 Para. 7 GDPR is:
knowis AG
Dr. Gessler-Str. 8
93051 Regensburg
Phone: +49 941 409 249 0
E-Mail: info@knowis.de
You can contact our Data Protection Officer at:
E-Mail: datenschutz@knowis.de
Personal Data and Earmarking
The subject of data protection is personal data (Art. 4 No. 1 GDPR). These are individual details about personal or factual circumstances, such as name, address, e-mail address, or telephone number, which you provide to us as part of the application process:
- Personal master data (e.g., applicant name, address, date of birth)
- Communication data (e.g., telephone, e-mail)
- Results of selection processes (e.g., tests, interviews)
- Process data (e.g., status, dates)
The following data is collected when you apply through the integrated web form on the careers page (Fields in the form marked with an asterisk (*) are mandatory fields and shall be filled in):
- Salutation
- Name (first and last name)
- email address
- Query "What area are you interested in?"
- Salary expectation
- Channel, how you became aware of us
- Social media profiles (LinkedIn/Xing)
- Optional: Message
The data transmitted as part of your application will be sent via TLS encryption.
Your personal data is stored electronically and used exclusively for the purpose of processing your application:
- to decide on the establishment of an employment relationship (Art. 6 Para. 1 lit. b GDPR, Art. 88 GDPR, § 26 BDSG)
- to fulfill legal obligations (Art. 6 Para. 1 lit. c GDPR)
- to defend against asserted legal claims (Art. 6 Para. 1 lit. f GDPR)
- for further processing in the event of an employment relationship (Art. 88 GDPR, § 26 BDSG)
Use of Data
During the application process only authorized HR employees, the respective department, and the Management Board have access to your relevant data during the application process. Your data will be used exclusively by a restricted group of persons. We will not disclose your personal data in any form to third parties or persons commissioned by us unless we are obliged to disclose it under mandatory statutory regulations (e.g. to government institutions).
Commissioned Data Processing
On the basis of a separate agreement on the processing of personal data, your personal data will be collected, processed and used on our behalf by the companies:
- Microsoft
- Personio
as part of commissioned data processing in accordance with Art. 28 GDPR in accordance with the relevant legal requirements. However, this does not involve the transmission of your personal data to third parties in the sense of data protection law. We remain responsible to you under data protection law.
Deletion
The general statutory retention and deletion periods apply. We delete or anonymize your data as required by the relevant legal provisions within 6 months of the conclusion of the respective staffing procedure. In the case of anonymization, the data is only available to us as so-called metadata for statistical evaluations without a direct reference to persons (for example, the proportion of applications from women or men, number of applications per period, etc.).
Your records will be deleted according to the statutory provisions as set out in our deletion concept. Our company will then no longer be able to access and use your personal data. If, however, an employment relationship is established, we will transfer the relevant data to the personnel file.
The Transfer to Third Countries
Our storage location is restricted to data centers in the European Union. Therefore, data is not processed outside the European Union (EU). However, from a technical point of view, we cannot completely rule out routing or support services outside the European Union at the Microsoft processor. A secure level of data protection will be ensured by the conclusion of amended EU standard data protection clauses and through technical-organizational measures.
Right of Access and Correction, Right to Object
Every person concerned has the right to information under Art. 15 GDPR, the right to correction under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to object in accordance with Art. 21 GDPR.
You can determine yourself, which information you provide to us. You are responsible for the entire content of your online application, such as photos, and you must ensure compliance with legal requirements, such as trademarks, copyrights, personal rights, or other rights of third parties.
According to Art. 20 GDPR you have the right to data portability and according to Art. 77 GDPR the right to complain to a data protection supervisory authority.
If the processing of data takes place based on your personal consent, you are entitled according to Art. 7 GDPR to revoke your consent to the use of personal data at any time. Send this revocation by e-mail to karriere@knowis.de. Please note that the revocation will only take effect in the future. Processing that takes place before the revocation is not affected.
Talent Pool
If you cannot be offered a suitable position at the time of your application, you have the opportunity to give your consent to the collection, processing, and use of your data in the talent pool even after the completion of the application process. This is done to establish contact for professional purposes and for possible consideration in the event of a later placement. You agree to this use separately by email.
If you give your consent, the data will be stored for a further 6 months, beyond the legally permissible 6 months after the recruitment process has been completed. Your data will therefore be stored in the company for a maximum of 12 months after the recruitment process has been completed.
Thank you for your interest in our LinkedIn company page. We would like to give you an overview of the data that we collect, use, and store there.
Description and Scope of the Processing of Personal Data
For users based in the EU, processing takes place via LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland.
We would also like to point out that LinkedIn processes data in the USA. Due to the invalidity of the Privacy Shield Agreement, there is an increased risk associated with data processing.
Social networks can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on LinkedIn triggers numerous data protection-related processing operations. In detail:
If you are logged in to your LinkedIn account and visit our social media presence, LinkedIn can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account on LinkedIn. In this case, this data is recorded, for example, using cookies that are stored on your device or by registration of your IP address. With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside LinkedIn. If you have an account on LinkedIn, the interest-based advertising can be displayed on all devices on which you are, or were, logged in. Please also note that we cannot trace all processing operations on LinkedIn. Therefore, further processing operations may be carried out by LinkedIn. Details can be found in the LinkedIn Terms of Use and Privacy Policy.
Please refer to LinkedIn's data protection information to find out which specific data is collected and how it is used:
https://www.linkedin.com/legal/privacy-policy
Purpose and Legal Basis of the Processing
We use the social network for our own presentation of the company, for initial professional contact with potential applicants and for advertising vacancies.
The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in contact options with potential employees and customers. The analysis processes initiated by LinkedIn may be based on different legal bases that must be provided by LinkedIn (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
Duration of Storage
After the purpose and at the end of our use of LinkedIn, the data collected in this context will be deleted.
Right to Object
The right to object to the processing of your data within our company includes any data within the social network LinkedIn. This can be, for example, chat histories in the context of professional contact.
Thank you for your interest in our presence on Xing, a platform of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. We would like to give you an overview of the data that we collect, use and, store there.
Description and Scope of the Processing of Personal Data
Social networks can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on Xing triggers numerous data protection-related processing operations. In detail:
If you are logged in to your Xing account and visit our social media presence, Xing can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account on Xing. In this case, this data is recorded, for example, using cookies that are stored on your device or by registration of your IP address. With the help of the data collected in this way, Xing can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of Xing. If you have an account on Xing, interest-based advertising can be displayed on all devices on which you are, or were, logged in. Please also note that we cannot track all processing operations on Xing. Xing may therefore carry out further processing operations. Details can be found in Xing's terms of use and data protection provisions.
Please refer to Xing's data protection information to find out which specific data is collected and how it is used:
https://privacy.xing.com/en/privacy-policy
Purpose and Legal Basis of the Processing
We use the social network for our own presentation of the company, for initial professional contact with potential applicants, and for advertising vacancies.
The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in contact options with potential employees and customers. The analysis processes initiated by Xing may be based on different legal bases that Xing must provide (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
Duration of Storage
After the purpose and at the end of the use of Xing by us, the data collected in this context will be deleted.
Right to Object
The right to object to the processing of your data within our company includes any data within the social network Xing. This can be, for example, chat histories in the context of professional contact.
Stackoverflow
Thank you for your interest in our presence on stackoverflow, a platform of Stack Exchange Inc. 110 William Street, 28th Floor, New York, NY 10038 US. We would like to give you an overview of the data that we collect, use, and store there.
We would also like to point out that stackoverflow processes data in the United States. Due to the invalidity of the Privacy Shield Agreement, there is an increased risk associated with data processing.
Description and Scope of the Processing of Personal Data
Social networks can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on stackoverflow triggers numerous data protection-related processing operations. In detail:
If you are logged in to your stackoverflow account and visit our social media presence, stackoverflow can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account on stackoverflow. In this case, this data is recorded, for example, using cookies that are stored on your device or by registering your IP address. With the help of the data collected in this way, stackoverflow can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of stackoverflow. If you have an account on stackoverflow, the interest-related advertising can be displayed on all devices on which you are, or were, logged in. Please also note that we cannot track all processing processes on stackoverflow. Therefore, further processing operations may be carried out by stackoverflow. Details can be found in the stackoverflow terms of use and data protection provisions.
Please refer to stackoverflow's data protection information to find out which specific data is recorded and how it is used:
https://stackoverflow.com/legal/privacy-policy
Purpose and Legal Basis of the Processing
We use the social network for our own presentation of the company, for initial professional contact with potential applicants, and for advertising vacancies.
The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in contact options with potential employees and customers. The analysis processes initiated by stackoverflow may be based on different legal bases that have to be provided by stackoverflow (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
Duration of Storage
After the purpose and at the end of the use of stackoverflow by us, the data collected in this context will be deleted.
Withdrawal of Consent
The right to object to the processing of your data within our company includes any data within the stackoverflow social network. This can be, for example, chat histories in the context of professional contact.
Withdrawal of Consent
The right to object to the processing of your data within our company includes any data within the stackoverflow social network. This can be, for example, chat histories in the context of professional contact.
Final Provisions
We reserve the right to amend this privacy policy to always comply with the current legal requirements or reflect changes in the application process or similar. The present privacy policy will then apply for a renewed visit to the recruiting page or a renewed application.
You can find the current privacy policy at https://www.knowis.com/privacy-policy.