Processing of (personal) data by the entity in charge of the online application process
Information on data protection regarding the processing of applicant data
Thank you for your interest in our company. The protection and security of your personal data is of particular concern to us. Therefore, we are happy to fulfill our legal obligation and inform you below about the collection and processing of your personal data in the event of an application.
All information applies both to applications for positions advertised by us and to unsolicited applications. Please read all information carefully before sending us your application. By sending us an application, you confirm that you have understood the following information and that you agree with the respective content.
1. Who is responsible and who can you contact?
We – tonies GmbH - collect or process your personal data and are therefore the responsible party in terms of the General Data Protection Regulation (GDPR). You can reach us at the following contact details:
tonies GmbH
Oststra0e 119, 40210 Duesseldorf, Germany
represented by the managing directors: Patric Faßbender, Marcus Stahl
service hotline: 0211 / 73710100
Fax: 0211 / 542 540 99
E-mail: post@boxine.de
The contact details of our data protection officer are:
Mr. Philipp Herold
Rudolf-Diesel-Strasse 10, 23617 Stockelsdorf, Germany
Telephone: 0451 /16085221
E-mail: info@meindatenschutzbeauftragter.de
2. What personal data do we process for what purpose and where does the data come from?
2.1 In the context of an application process, we process the data that you have provided to us and that is necessary for us to carry out the application process after we have received your application. In particular, this is:
2.2 Insofar as this is necessary for the contractual relationship with you and the application you have submitted, we may process data permissibly received from other agencies or other third parties. In addition, we process personal data that we have permissibly obtained, received or acquired from publicly accessible sources (such as commercial and association registers, civil registers, the press, the Internet and other media), ans insofar as this is necessary and we are permitted to process this data in accordance with the statutory provisions. The relevant personal data categories here would be:
Within our company, those internal departments or organizational units receive your data that need them to fulfill our contractual and legal obligations (such as managers and technical managers who are looking for a new employee or are involved in the decision on filling a position, accounting, company doctor, occupational safety, employee representation, if applicable, etc.) or in the context of processing and implementing our legitimate interest. Your data will only be passed on to external bodies for the following purposes:
4. What is the legal basis for processing your data?
We process your personal data in the context of the application process only to the extent that an applicable legal provision allows us to do so, i.e. in particular in compliance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG).
4.1 Purposes for the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR, § 26 para. 1 BDSG).
Your personal data is processed for the purpose of processing your application in response to a specific job advertisement or as an unsolicited application, and in this context in particular for the following purposes: examination and assessment of your suitability for the vacant position, performance and behavioral evaluation to the extent permitted by law, if necessary for registration and authentication for the application via our website, if necessary for the preparation of the employment contract, verification of the employment contract, if necessary for the preparation of the employment contract, verification of the employment contract, if necessary for the preparation of the employment contract. for the preparation of the employment contract, verifiability of transactions, orders and other
agreements as well as for quality control through appropriate documentation, measures for the fulfillment of general due diligence obligations, statistical evaluations for corporate management, travel and event management, travel booking and travel expense accounting, authorization and badge management, cost recording and controlling, reporting, internal and external communication, accounting and tax assessment of company services (e.g. canteen meals), accounting and tax assessment of company services (e.g. canteen meals). (e.g., cafeteria meals), billing via company credit card, occupational health and safety,
contract-related communication (including scheduling appointments) with you, assertion of legal claims and defense in legal disputes; ensuring IT security (including system and plausibility tests) and general security, including Building and facility security, ensuring and exercising domiciliary rights by means of appropriate measures such as video surveillance, if necessary, for the protection of third parties and our employees as well as for the prevention and preservation of evidence in the event of criminal acts; ensuring the integrity, prevention and investigation of criminal acts; authenticity and availability of data, control by
supervisory bodies or control authorities (e.g. audit).
4.2 Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR).
Beyond the actual fulfillment of the (preliminary) contract, we may process your data if it is necessary to protect the legitimate interests of us or third parties. Your data will only be processed if and insofar as there are no overriding interests on your part that speak against such processing, such as in particular for the following purposes: measures for the further development of existing systems, processes and services; comparisons with European and international anti-terrorism lists insofar as they go beyond the legal obligations; enrichment of our data, e.g. by using or researching publicly available data. This includes the use of or
research into publicly available data where necessary; benchmarking; the development of scoring systems or automated decision-making processes; building and facility security (e.g. through access controls and video surveillance), where this goes beyond general due diligence requirements; internal and external investigations, security checks;
4.3. Purposes within the scope of your consent (Art. 6 para. 1 a GDPR).
Processing of your personal data for certain purposes (e.g. obtaining references from previous employers or using your data for subsequent vacancies) may also be based on your consent. You can revoke this consent at any time. You will be informed separately about the purposes and consequences of revoking or refusing consent in the relevant text of the consent. In principle, the revocation of consent is only effective for the future. Processing that took place before the revocation is not affected by this and remains lawful.
5. Will your data be transferred to a third country or an international organization?
Data is transferred to countries outside the European Economic Area EU/EEA (so-called third countries) if it is necessary to fulfill a contractual obligation to you (e.g. application for a job abroad), or if it is in the legitimate interest of us or a third party, or if you have given us your consent.
In this context, the processing of your data in a third country may also be carried out in connection with the involvement of service providers as part of commissioned processing. If the EU Commission has not issued a decision on an adequate level of data protection for the
country in question, we will ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection requirements by means of appropriate contracts. Information on the appropriate or adequate guarantees and the possibility of how and where to obtain a copy of these can be obtained on request from the company data protection officer or the HR department responsible for you.
6. How long will your data be stored?
In principle, we process and store your data for the duration of your application. This also includes the initiation of a contract (pre-contractual legal relationship).
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage and documentation are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship. If you are not hired, the original application documents will be returned to you after six months.
Electronic data will be deleted accordingly after six months. If we wish to store your data for longer for subsequent vacancies or if you have placed your data in an applicant pool, the data will be deleted at a later date; you will be informed of the details in connection with the respective process.
If the data is no longer required for the 4 ulfilment of contractual or legal obligations and rights, it will be deleted on a regular basis, unless its – temporary – further processing is necessary for the 4 ulfilment of the purposes listed in section 4.2 due to an overriding legitimate interest of our company. Such an overriding legitimate interest exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage. In these cases, we may also store your data after the end of our contractual relationship for a period agreed with the purposes and, if necessary, use it to a limited extent. In principle, a restriction of processing takes the place of deletion in these cases. In other words, the data is blocked against the otherwise usual use by
appropriate measures.
7. What data protection rights do you have?
Under certain conditions, you can assert your data protection rights against us. Every data subject has the right to information according to Art. 15 GDPR, the right to correction according to Art. 16 GDPR, the right to deletion according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability from Art. 20 GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
If possible, your requests to exercise your rights should be addressed in writing to the above address or directly to our data protection officer.
8. To what extent are you obliged to provide us with your data?
You only need to provide the data that is necessary for processing your application or for a pre-contractual relationship with us, or which we are required to collect by law. Without this data, we will generally not be able to continue the application and selection process. If we request additional data from you, you will be informed separately about the voluntary nature of the information.
9. Is there automated decision-making in individual cases (including profiling)
We do not use any purely automated decision-making processes pursuant to Article 22 of the GDPR. If we should use such a procedure in individual cases in the future, we will inform you separately, provided this is required by law.
10 Information about your right to object Art. 21 GDPR
10.1 You have the right to object at any time to the processing of your data that is carried out on the basis of Art. 6 (1) f GDPR (data processing on the basis of a balance of interests) or Art. 6 (1) e GDPR (data processing in the public interest). However, the prerequisite for your objection is that there are reasons arising from your particular personal situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. Of course, you can withdraw your application at any time.
10.2 We do not plan to use your personal data for direct marketing purposes. Nevertheless, we must inform you that you have the right to object to advertising at any time; this also applies to profiling, insofar as it is connected with such direct advertising. We will observe this objection for the future.
The objection can be made form-free and should preferably be addressed to:
Ms. Tanja Bell
Teamlead People & Culture
tonies GmbH
Oststraße 119
40210 Duesseldorf
Germany
Thank you for your interest in our company. The protection and security of your personal data is of particular concern to us. Therefore, we are happy to fulfill our legal obligation and inform you below about the collection and processing of your personal data in the event of an application.
All information applies both to applications for positions advertised by us and to unsolicited applications. Please read all information carefully before sending us your application. By sending us an application, you confirm that you have understood the following information and that you agree with the respective content.
1. Who is responsible and who can you contact?
We – tonies GmbH - collect or process your personal data and are therefore the responsible party in terms of the General Data Protection Regulation (GDPR). You can reach us at the following contact details:
tonies GmbH
Oststra0e 119, 40210 Duesseldorf, Germany
represented by the managing directors: Patric Faßbender, Marcus Stahl
service hotline: 0211 / 73710100
Fax: 0211 / 542 540 99
E-mail: post@boxine.de
The contact details of our data protection officer are:
Mr. Philipp Herold
Rudolf-Diesel-Strasse 10, 23617 Stockelsdorf, Germany
Telephone: 0451 /16085221
E-mail: info@meindatenschutzbeauftragter.de
2. What personal data do we process for what purpose and where does the data come from?
2.1 In the context of an application process, we process the data that you have provided to us and that is necessary for us to carry out the application process after we have received your application. In particular, this is:
- your personal data (in particular name, name affixes and date of birth);
- your contact details;
- the information you provided as proof of your qualifications; and
- documents submitted to us by you for this purpose and their content (e.g. letter of application, curriculum vitae, certificates, proof of employment, references, residence permit, work permit).
2.2 Insofar as this is necessary for the contractual relationship with you and the application you have submitted, we may process data permissibly received from other agencies or other third parties. In addition, we process personal data that we have permissibly obtained, received or acquired from publicly accessible sources (such as commercial and association registers, civil registers, the press, the Internet and other media), ans insofar as this is necessary and we are permitted to process this data in accordance with the statutory provisions. The relevant personal data categories here would be:
- Address and contact data (registration and comparable data, such as e-mail address
- and telephone number).
- Information about you on the Internet or in social networks
- Video data
Within our company, those internal departments or organizational units receive your data that need them to fulfill our contractual and legal obligations (such as managers and technical managers who are looking for a new employee or are involved in the decision on filling a position, accounting, company doctor, occupational safety, employee representation, if applicable, etc.) or in the context of processing and implementing our legitimate interest. Your data will only be passed on to external bodies for the following purposes:
- for purposes where we are obliged or entitled to disclose, report or pass on data in order to comply with legal requirements (e.g. tax authorities) or where the
- disclosure of data is in the public interest (cf. Section 4.4);
- to the extent that external service companies process data on our behalf as order processors or function transferees (e.g. credit institutions, external data centers, travel agency/travel management, printers or companies for data disposal, courier services, postal services, logistics);
- on the basis of our legitimate interest or the legitimate interest of the third party for the purposes mentioned in section 4.2 (e.g. to authorities, credit agencies, lawyers, courts, appraisers, affiliated companies and committees and supervisory bodies);
- if you have given us permission to transfer data to third parties.
4. What is the legal basis for processing your data?
We process your personal data in the context of the application process only to the extent that an applicable legal provision allows us to do so, i.e. in particular in compliance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG).
4.1 Purposes for the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR, § 26 para. 1 BDSG).
Your personal data is processed for the purpose of processing your application in response to a specific job advertisement or as an unsolicited application, and in this context in particular for the following purposes: examination and assessment of your suitability for the vacant position, performance and behavioral evaluation to the extent permitted by law, if necessary for registration and authentication for the application via our website, if necessary for the preparation of the employment contract, verification of the employment contract, if necessary for the preparation of the employment contract, verification of the employment contract, if necessary for the preparation of the employment contract. for the preparation of the employment contract, verifiability of transactions, orders and other
agreements as well as for quality control through appropriate documentation, measures for the fulfillment of general due diligence obligations, statistical evaluations for corporate management, travel and event management, travel booking and travel expense accounting, authorization and badge management, cost recording and controlling, reporting, internal and external communication, accounting and tax assessment of company services (e.g. canteen meals), accounting and tax assessment of company services (e.g. canteen meals). (e.g., cafeteria meals), billing via company credit card, occupational health and safety,
contract-related communication (including scheduling appointments) with you, assertion of legal claims and defense in legal disputes; ensuring IT security (including system and plausibility tests) and general security, including Building and facility security, ensuring and exercising domiciliary rights by means of appropriate measures such as video surveillance, if necessary, for the protection of third parties and our employees as well as for the prevention and preservation of evidence in the event of criminal acts; ensuring the integrity, prevention and investigation of criminal acts; authenticity and availability of data, control by
supervisory bodies or control authorities (e.g. audit).
4.2 Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR).
Beyond the actual fulfillment of the (preliminary) contract, we may process your data if it is necessary to protect the legitimate interests of us or third parties. Your data will only be processed if and insofar as there are no overriding interests on your part that speak against such processing, such as in particular for the following purposes: measures for the further development of existing systems, processes and services; comparisons with European and international anti-terrorism lists insofar as they go beyond the legal obligations; enrichment of our data, e.g. by using or researching publicly available data. This includes the use of or
research into publicly available data where necessary; benchmarking; the development of scoring systems or automated decision-making processes; building and facility security (e.g. through access controls and video surveillance), where this goes beyond general due diligence requirements; internal and external investigations, security checks;
4.3. Purposes within the scope of your consent (Art. 6 para. 1 a GDPR).
Processing of your personal data for certain purposes (e.g. obtaining references from previous employers or using your data for subsequent vacancies) may also be based on your consent. You can revoke this consent at any time. You will be informed separately about the purposes and consequences of revoking or refusing consent in the relevant text of the consent. In principle, the revocation of consent is only effective for the future. Processing that took place before the revocation is not affected by this and remains lawful.
5. Will your data be transferred to a third country or an international organization?
Data is transferred to countries outside the European Economic Area EU/EEA (so-called third countries) if it is necessary to fulfill a contractual obligation to you (e.g. application for a job abroad), or if it is in the legitimate interest of us or a third party, or if you have given us your consent.
In this context, the processing of your data in a third country may also be carried out in connection with the involvement of service providers as part of commissioned processing. If the EU Commission has not issued a decision on an adequate level of data protection for the
country in question, we will ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection requirements by means of appropriate contracts. Information on the appropriate or adequate guarantees and the possibility of how and where to obtain a copy of these can be obtained on request from the company data protection officer or the HR department responsible for you.
6. How long will your data be stored?
In principle, we process and store your data for the duration of your application. This also includes the initiation of a contract (pre-contractual legal relationship).
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage and documentation are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship. If you are not hired, the original application documents will be returned to you after six months.
Electronic data will be deleted accordingly after six months. If we wish to store your data for longer for subsequent vacancies or if you have placed your data in an applicant pool, the data will be deleted at a later date; you will be informed of the details in connection with the respective process.
If the data is no longer required for the 4 ulfilment of contractual or legal obligations and rights, it will be deleted on a regular basis, unless its – temporary – further processing is necessary for the 4 ulfilment of the purposes listed in section 4.2 due to an overriding legitimate interest of our company. Such an overriding legitimate interest exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage. In these cases, we may also store your data after the end of our contractual relationship for a period agreed with the purposes and, if necessary, use it to a limited extent. In principle, a restriction of processing takes the place of deletion in these cases. In other words, the data is blocked against the otherwise usual use by
appropriate measures.
7. What data protection rights do you have?
Under certain conditions, you can assert your data protection rights against us. Every data subject has the right to information according to Art. 15 GDPR, the right to correction according to Art. 16 GDPR, the right to deletion according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability from Art. 20 GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
If possible, your requests to exercise your rights should be addressed in writing to the above address or directly to our data protection officer.
8. To what extent are you obliged to provide us with your data?
You only need to provide the data that is necessary for processing your application or for a pre-contractual relationship with us, or which we are required to collect by law. Without this data, we will generally not be able to continue the application and selection process. If we request additional data from you, you will be informed separately about the voluntary nature of the information.
9. Is there automated decision-making in individual cases (including profiling)
We do not use any purely automated decision-making processes pursuant to Article 22 of the GDPR. If we should use such a procedure in individual cases in the future, we will inform you separately, provided this is required by law.
10 Information about your right to object Art. 21 GDPR
10.1 You have the right to object at any time to the processing of your data that is carried out on the basis of Art. 6 (1) f GDPR (data processing on the basis of a balance of interests) or Art. 6 (1) e GDPR (data processing in the public interest). However, the prerequisite for your objection is that there are reasons arising from your particular personal situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. Of course, you can withdraw your application at any time.
10.2 We do not plan to use your personal data for direct marketing purposes. Nevertheless, we must inform you that you have the right to object to advertising at any time; this also applies to profiling, insofar as it is connected with such direct advertising. We will observe this objection for the future.
The objection can be made form-free and should preferably be addressed to:
Ms. Tanja Bell
Teamlead People & Culture
tonies GmbH
Oststraße 119
40210 Duesseldorf
Germany