1. Home»
  2. Data protection information»

Data protection information for applicants

at Jörg Vogelsang GmbH & Co. KG

DATA PROTECTION INFORMATION FOR OUR APPLICANTS (M/F/D) OUR HANDLING OF YOUR DATA AND YOUR RIGHTS INFORMATION ACCORDING TO ART. 13, 14, 21 OF THE GENERAL DATA PROTECTION REGULATION (GDPR)

The following information provides you as an applicant (m/f/d) with an overview of the processing of your personal data by us and your rights.

1. WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHO CAN I CONTACT?

The data controller is

Jörg Vogelsang GmbH & Co. KG
Spannstiftstr. 2
58119 Hagen

You can reach our data protection officer at:

GDI Gesellschaft für Datenschutz und Informationssicherheit mbH

Dipl.-Inform. Olaf Tenti (Certified Computer Scientist)
Körnerstr. 45, 58095 Hagen
Telephone:  +49 (0) 2331/356832-0
E-mail: datenschutz@gdi-mbh.eu

2.WHICH SOURCES AND DATA DO WE USE?

We process data that you transmit to us as part of your application or that we receive from third parties with your permission (e.g., the German Federal Employment Agency (Bundesagentur für Arbeit)). This processing is carried out in order to initiate an employment relationship and is therefore necessary before an employment contract can be concluded.

In particular, the following personal data and categories of data are processed for the purposes mentioned under Clause 3:

  • Data about your person (e.g., first name, last name, address, contact details, marital status)
  • Data on your qualifications (e.g., educational and professional qualifications, certificates, language skills, additional qualifications)
  • Data on your curriculum vitae (e.g., type, start, end, location and duration of school education, training, studies, further education and professional activities)
  • Other documents submitted and resulting information

We may also process personal data about you that we have obtained from publicly accessible sources (e.g., information in social networks such as Xing or LinkedIn).

3. WHY DO WE PROCESS YOUR DATA (PURPOSE OF PROCESSING) AND ON WHAT LEGAL BASIS?

In the following, we will inform you about the purposes for which we process your data and the legal basis on which we do so.

3.1       PURPOSES OF THE EMPLOYMENT RELATIONSHIP

We process your data to decide whether to establish an employment relationship with you. The legal basis for processing is therefore Art. 88 GDPR in conjunction with Section 26 (1) of the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)).

We would like to assess all applicants solely on the basis of their qualifications and therefore ask that you refrain from providing information on racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership, genetic data, biometric data for the unique identification of a natural person, health data or data on sex life or sexual orientation in your application wherever possible.

3.2       ON THE BASIS OF YOUR CONSENT

If you have given us your consent to the processing of personal data, in particular the processing of any special categories of personal data provided, we process the data provided in accordance with Art. 6 (1) a GDPR or, in the case of special categories of personal data, Art. 9 (2) a GDPR.

This stipulation applies in particular to your possible consent to the further storage of the data in an applicant pool, even in the event that your current application is rejected in case we have a renewed need at a later date.

Consent can be revoked at any time with effect for the future. Processing that took place before the revocation is not affected here. A revocation can be sent to the entity named in Clause 1.

3.3       AS PART OF THE BALANCING OF INTERESTS

We may also use your data on the basis of a balancing of interests to protect our legitimate interests or those of third parties (see Art. 6 (1) f GDPR). This use may be carried out in particular for the following purposes:

  • General business management
  • Assertion of legal claims and defense in legal disputes
  • Prevention and investigation of criminal offenses
  • Safeguarding of IT security and IT operations

Our interest in the respective processing arises from the respective purposes and is otherwise of an economic nature (efficient fulfillment of tasks, sales, avoidance of legal risks).

4. WHO RECEIVES MY DATA?

Your data will only be passed on if a legal basis permits such a transfer. The data mentioned under Clause 2 will be transmitted to public bodies and institutions if there is a legal obligation to do so or if you have given your consent to this transmission. Such government agencies may include, in particular, the tax authorities, the customs administration, as well as trade supervisory authorities.

Within our company, only those departments will receive your data that need it to fulfill our contractual and legal obligations or to fulfill their respective tasks

Furthermore, personal data may be transmitted for the purpose of and within the scope of data processing (Art. 28 GDPR), in particular to IT service providers.

5. HOW LONG IS THE DATA STORED?

We process your personal data for the selection of a suitable candidate for the vacant position. The data will then be deleted, at the latest when no more civil law claims can be asserted against us, specifically ones that arise in connection with the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz (AGG)). If we do not delete the data immediately, we will block the data.

6. WILL DATA BE TRANSFERRED TO A THIRD COUNTRY?

Your data will only be transferred to countries outside the European Economic Area – EEA (third countries) if and insofar as is necessary for the execution of the contractual relationship or required by law (e.g., accounting, administration) or if you have given us your consent.

If we use software from providers based in third countries or software from providers with subcontractors/service providers in third countries as part of the application process, your data or parts of your data may be transferred to third countries (e.g., to the United States), depending on the purpose of processing.

An adequacy decision within the scope of Art. 45 (3) GDPR exists in regard to the United States. Companies and organizations in the United States that have certified themselves for the EU-U.S. Data Privacy Framework can now transfer personal data from the EU without the need for further protective measures. This adequacy decision therefore serves as the basis for the transfer of data to the service providers we use in the United States.

If there is no adequacy decision within the context of Art. 45 (3) GDPR or the company or organization in the United States has not certified itself for the EU-U.S. Data Privacy Framework, we conclude standard data protection clauses issued by the EU Commission within the scope of Art. 46 (2) c GDPR with the respective service providers to protect your data. Furthermore, some of our service providers have implemented binding corporate rules (BCR) for their group of companies or the same group of companies within the context of Art. 47 GDPR, which have been approved by the respective competent supervisory authority.

7. WHAT OTHER DATA PROTECTION RIGHTS DO I HAVE?

You have the right of access (Art. 15 GDPR, Section 34 BDSG), to rectification (Art. 16 GDPR), to erasure (Art. 17 GDPR, Section 35 BDSG), to restriction of processing (Art. 18 GDPR), to objection (Art. 21 GDPR) and to data portability (Art. 20 GDPR) under the respective legal requirements.

You also have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR, Section 19 BDSG).

8. TO WHAT EXTENT IS THERE AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES?

We do not use automated decision-making in accordance with Art. 22 GDPR to decide on the establishment of an employment relationship with you. If we use these procedures in individual cases, we will inform you of this circumstance separately if required by law.

9. TO WHAT EXTENT IS MY DATA USED FOR PROFILING?

We do not process your data with the aim of evaluating certain personal aspects (so-called profiling).

10. DO I HAVE AN OBLIGATION TO PROVIDE DATA?

You are neither legally nor contractually obliged to provide personal data as part of the application process. We would like to point out that our ability to assess your skills and knowledge depends on the data provided. If you do not provide any data, our assessment may not reflect your actual suitability for the position to be filled so that you may not be considered for employment.

As part of any recruitment process, we collect certain data that we need to fulfill the contract (e.g., to pay a salary) or that we are legally obliged to collect (e.g., social security data).

11. WHAT RIGHTS TO OBJECTION DO I HAVE? (ART. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, to the processing of your personal data based on Article 6 (1) f GDPR (data processing on the basis of a balancing of interests) at any time; this stipulation also applies to profiling based on this provision within the scope of Article 4 (4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

The objection can be made informally and should preferably be addressed to the contact options listed under Clause 1.

Date: 3/17/2025