Processing of (personal) data by the entity in charge of the online application process
1. Name and address of the person responsible
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:
GMBC Holding GmbH
Kaiser-Wilhelm-Str. 93
20355 Hamburg
Germany
2. Name and address of the data protection officer
The data protection officer of the data controller is:
German Data Protection Consult GmbH
Christoph Heinrich
www.deutsche-datenschutz-consult.de
Stresemannstrasse 29
22769 Hamburg Germany
Phone: +49 40 228 60 70 402
Email: privacy@gmbcgroup.com
3. Applications
3.1 Collection of personal data
As part of the application process, we only collect personal data that you provide to us directly or that is transmitted to us by third parties acting on our behalf.
We may contact candidates directly or through external providers commissioned by us. These activities are carried out on the basis of Section 26 (1) of the German Federal Data Protection Act (BDSG) and our legitimate interest in identifying qualified candidates in accordance with Article 6 (1) (f) of the GDPR.
3.2 Cooperation with external recruitment service providers
To support our recruitment processes, we work with:
Carl Rieck Assecuradeur Hamburg GmbH
Sachsenfeld 4
20097 Hamburg
This service provider supports us in:
3.3 Electronic applications
If you apply electronically (e.g. by email or via our recruitment platform), your personal data will be processed exclusively for the purpose of processing your application and preparing pre-contractual measures.
3.4 Location of data processing
Your personal data will be processed exclusively in data centres in the Federal Republic of Germany, unless expressly stated otherwise.
If our recruitment service provider processes personal data, we ensure that the processing takes place within the EEA or is protected by lawful transfer mechanisms in accordance with Chapter V of the GDPR.
3.5 Legal basis
Your application data is processed on the basis of Section 26 (1) of the Federal Data Protection Act (BDSG).
If further processing is necessary after the application process to assert or defend legal claims, the processing may be carried out on the basis of Art. 6 (1) lit. f GDPR.
3.6 Storage and deletion of data
If your application is rejected, your personal data will be deleted six months after the position has been filled, provided that there are no legal retention obligations to the contrary.
If we wish to retain your profile for future job opportunities, we will ask for your express consent. Without your consent, your data will be deleted within the retention period applicable under legitimate interest.
If you agree to be included in our applicant pool, processing will be based on Art. 6 (1) (a) GDPR. Your data will be stored for a maximum of two years and then deleted. You can revoke your consent at any time by sending an email to privacy@gmbcgroup.com.
If you are hired, the relevant data will be transferred from the applicant system to our personnel information system.
4. Your rights
You can request information about processing operations relating to your personal data. You also have the right to request rectification, restriction of processing, portability and/or erasure of your personal data. If you have exercised your right to erasure, restriction of processing or rectification, you may also request that the recipients of your data be informed accordingly.
Furthermore, you can complain to a supervisory authority about processing operations and object to the processing of your personal data.
5. No automated decision making
We would like to point out that in the context of using our services and making use of our benefits/services, you will not be subject to any decision based exclusively on automated processing - including profiling - which produces legal effects vis-à-vis you or similarly significantly affects you.
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:
GMBC Holding GmbH
Kaiser-Wilhelm-Str. 93
20355 Hamburg
Germany
2. Name and address of the data protection officer
The data protection officer of the data controller is:
German Data Protection Consult GmbH
Christoph Heinrich
www.deutsche-datenschutz-consult.de
Stresemannstrasse 29
22769 Hamburg Germany
Phone: +49 40 228 60 70 402
Email: privacy@gmbcgroup.com
3. Applications
3.1 Collection of personal data
As part of the application process, we only collect personal data that you provide to us directly or that is transmitted to us by third parties acting on our behalf.
We may contact candidates directly or through external providers commissioned by us. These activities are carried out on the basis of Section 26 (1) of the German Federal Data Protection Act (BDSG) and our legitimate interest in identifying qualified candidates in accordance with Article 6 (1) (f) of the GDPR.
3.2 Cooperation with external recruitment service providers
To support our recruitment processes, we work with:
Carl Rieck Assecuradeur Hamburg GmbH
Sachsenfeld 4
20097 Hamburg
This service provider supports us in:
- identifying and pre-selecting applicants,
- conducting initial screenings,
- providing support with communication and scheduling,
- processing applications via platforms or systems operated by the provider.
- a processor in accordance with Art. 28 GDPR or
- a joint controller in accordance with Art. 26 GDPR if both parties jointly determine certain elements of the processing.
- strict purpose limitation,
- confidentiality,
- technical and organisational measures in accordance with Art. 32 GDPR
- and GDPR-compliant processing on our behalf.
3.3 Electronic applications
If you apply electronically (e.g. by email or via our recruitment platform), your personal data will be processed exclusively for the purpose of processing your application and preparing pre-contractual measures.
3.4 Location of data processing
Your personal data will be processed exclusively in data centres in the Federal Republic of Germany, unless expressly stated otherwise.
If our recruitment service provider processes personal data, we ensure that the processing takes place within the EEA or is protected by lawful transfer mechanisms in accordance with Chapter V of the GDPR.
3.5 Legal basis
Your application data is processed on the basis of Section 26 (1) of the Federal Data Protection Act (BDSG).
If further processing is necessary after the application process to assert or defend legal claims, the processing may be carried out on the basis of Art. 6 (1) lit. f GDPR.
3.6 Storage and deletion of data
If your application is rejected, your personal data will be deleted six months after the position has been filled, provided that there are no legal retention obligations to the contrary.
If we wish to retain your profile for future job opportunities, we will ask for your express consent. Without your consent, your data will be deleted within the retention period applicable under legitimate interest.
If you agree to be included in our applicant pool, processing will be based on Art. 6 (1) (a) GDPR. Your data will be stored for a maximum of two years and then deleted. You can revoke your consent at any time by sending an email to privacy@gmbcgroup.com.
If you are hired, the relevant data will be transferred from the applicant system to our personnel information system.
4. Your rights
You can request information about processing operations relating to your personal data. You also have the right to request rectification, restriction of processing, portability and/or erasure of your personal data. If you have exercised your right to erasure, restriction of processing or rectification, you may also request that the recipients of your data be informed accordingly.
Furthermore, you can complain to a supervisory authority about processing operations and object to the processing of your personal data.
5. No automated decision making
We would like to point out that in the context of using our services and making use of our benefits/services, you will not be subject to any decision based exclusively on automated processing - including profiling - which produces legal effects vis-à-vis you or similarly significantly affects you.