DATA PROTECTION
The protection of your data is our concern
We are pleased that you are interested in our company and our services and would like you to feel safe when visiting our website with regard to the protection of your personal data. Because we take the protection of your personal data seriously and pay particular attention to the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
We want you to know when we collect which data and how we use it. We have taken technical and organizational measures to ensure that the data protection regulations are observed both by us and by the external service providers we have commissioned.
Personal data
Personal data is information about your identity. This includes e.g. Information such as name, address, telephone number, email address. This information is always processed in accordance with the requirements of the General Data Protection Regulation and other data protection regulations applicable to our company.
For read-only use of our website, it is not necessary for you to disclose personal data. Information on the data that we automatically collect each time you visit our website can be found below in the section "Data collected automatically when you visit our website". If you continue to use our website, it may be necessary to process personal data, for example if you send us your application documents using the corresponding functions on our website.
Basically: If there is no legal basis for the processing of this personal data, we will obtain the appropriate consent from you.
In addition, apart from the data that is automatically collected when you visit our website, we only save and process data that you voluntarily provide to us.
Name and address of the person responsible
Responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the EU member states and other data protection regulations is:
CANDIFY GmbH
Augustusring 6, 85586 Poing
Phone: +49 8121 25468-02
Email: datenschutz@candify.de
Intended use
We will only collect, process and use the personal data you provide online for the purposes communicated to you. Your personal data will not be passed on to third parties without your express consent.
Personal data are only collected and transmitted to state institutions and authorities entitled to receive information only within the framework of the relevant laws or if we are obliged to do so by a court decision. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and to comply with the provisions of the General Data Protection Regulation.
Data collected automatically when you visit our website
For organizational and technical reasons, the following data is stored when using our website: the names of the pages you have accessed, the browser and operating system you are using, date and time of access, search engines used, names of downloaded files and their IP address.
The information collected is required to correctly deliver the content of our website. In addition, we evaluate this technical data anonymously and only for statistical purposes in order to continuously optimize our website and make our website even more attractive and to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. This data is stored separately from other personal information on secure systems. No conclusions are drawn about individuals.
Your IP address will be anonymized after seven days. The log files with the anonymized IP addresses are stored for a period of six months and deleted immediately after the storage period has expired. If storage beyond this is necessary, for example for reasons of proof, this data is excluded from deletion until the respective matter has been settled. The processing takes place on the basis of our legitimate interest in an efficient and secure provision of our website in accordance with Art. 6 para. 1 lit. f i. V. m. Art. 28 GDPR.
Contact options
Due to legal regulations, our website contains information that enables us to contact us electronically and communicate directly with us. This includes entering an email address and, if necessary, a contact form. The processing of the user's information is carried out in accordance with Art. 6 para. 1 lit. b GDPR.
If you contact us by email or via a contact form, the personal data you provide will be automatically saved. This data, which you have provided to us on a voluntary basis, will be stored for the purpose of processing your request or for contacting you accordingly and will then be deleted immediately. It will not be passed on to third parties.
Deletion and restriction of the processing of personal data
We process personal data of data subjects in accordance with Art. 17 and 18 GDPR only as long as it is necessary to achieve the underlying purpose or as long as this was provided by legal regulations to which our company is subject. If the purpose of storage no longer applies or if there is a statutory storage period, for example due to commercial or tax law requirements of the HGB, personal data will be deleted in accordance with the statutory provisions, unless we are still legally obliged to store this data. In these cases, the processing of personal data is restricted.
Rights of those affected
Right to information
In accordance with Art. 15 GDPR, you can obtain information and a copy of the personal data stored about you and processed by us at any time free of charge.
This right to information includes information about the processing purposes, the categories of personal data being processed, recipients or categories of recipients to whom the personal data have been or will be disclosed, if possible the planned duration for which the personal data will be stored, or, if not possible, the criteria for determining this duration, the existence of the right to correction or deletion of your personal data or restriction of processing by us or an objection to this processing, the right to lodge a complaint with a supervisory authority, and If the data was not collected from you, all available information about the origin of the data and the existence of automated decision-making including profiling acc. Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and the intended effects of such processing.
You also have the right to request information as to whether your personal data has been transferred to a third country or an international organization and what suitable guarantees exist for the transfer.
Right to rectification
Furthermore, in accordance with Art. 16 GDPR, you have the right to request the immediate correction of incorrect personal data concerning you. In addition, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
Right to cancellation
In accordance with Art. 17 GDPR, you also have the right to request that the data we have stored about you be deleted immediately, provided that one of the following reasons exists: The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary; You revoke your consent on which the processing was based in accordance with Art. 6 Para. 1 a GDPR or Art. 9 Para. 2 GDPR was based, and there is no other legal basis for the processing; According to Art. 21 para. 1 GDPR and there is no overriding legitimate reason for the processing, or you file an objection pursuant to Art. Art. 21 para. 2 GDPR to object to processing; the personal data were processed illegally; the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which we are subject; the personal data were collected in relation to information society services offered in accordance with Article 8 paragraph 1.
If personal data has been made public by us and we have 17 para. 1 GDPR, we are taking appropriate measures to inform other responsible parties who process the published personal data that you are deleting all links to this personal data or of copies or replications have requested this data.
Right to restriction of processing
According to Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted if one of the following conditions is met: You contest the accuracy of the personal data, for a period that enables us to do so Check the accuracy of the personal data; the processing of the data is unlawful, but you refuse to delete the personal data and instead request that the use of the personal data be restricted; we no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or you have objected to processing in accordance with Article 21 paragraph 1 as long as it is not certain whether the legitimate reasons of our company outweigh yours.
Right to data portability
In accordance with Art. 20 GDPR, you can at any time request that the data concerning you, which you have provided to us, be given in a common and machine-readable format. Furthermore, you have the right to transfer this data to another person in charge without hindrance from us, provided that the processing is based on consent in accordance with. Art. 6 Para. 1 a GDPR or Art. 9 Para. 2 a GDPR or on a contract acc. Art. 6 Para. 1 b GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to us.
You can also request that personal data stored by you be transferred directly from us to another person responsible, provided that this is technically feasible and does not affect the rights and freedoms of other people.
Right to object
According to Art. 20 GDPR, you have the right to object to the processing of your personal data, which is based on Art. 6 Para. 1 e or f GDPR, at any time for reasons that arise from your particular situation. This also applies to profiling based on these provisions.
In the event of an objection, we will no longer process the personal data unless we can demonstrate reasons for the processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising.
You have the right, for reasons that arise from your particular situation, against the processing of personal data concerning you, which is used for scientific or historical research purposes or for statistical purposes in accordance with. Art. 89 Para. 1 GDPR, to object, unless such processing is necessary to fulfill a task in the public interest.
Right of withdrawal
You can revoke your consent to the processing of your personal data in accordance with Art. 7 Para. 3 GDPR at any time with future effect.
Right to confirmation
You have the right to request confirmation as to whether personal data concerning you are being processed.
To exercise any of the rights mentioned, you can contact us directly at datenschutz@candify.de. datenschutz@candify.de wenden.
Right to lodge a complaint
You also have the right to To complain to Art. 77 GDPR at a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
The data protection supervisory authority responsible for our company headquarters is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach (postal address: Postfach 1349, 91504 Ansbach), phone: +49 981 180 093-0. Complaints can also be entered online at https://www.lda.bayern.de/de/beschwerde.html..
Automated decision making
As a responsible company, we do not carry out automated decision-making or profiling.
Duration of storage
Personal data will be deleted after the statutory retention period has expired, provided that it is no longer necessary to achieve the underlying purpose.
Legal basis for processing
If you have given us your consent to process your personal data for a specific purpose, the processing will be based on Art. 6 Para. 1 a GDPR. If such processing is necessary to fulfill a contract with you or to initiate one, the processing is based on Art. 6 Para. 1 b GDPR. In some cases, e.g. B. to fulfill tax obligations, we may be subject to a legal obligation to process personal data, the legal basis for such cases is Art. 6 Para. 1 c GDPR. In rare cases, processing can also take place to protect vital interests of you or another natural person. In this exceptional case, processing takes place on the basis of Art. 6 Para. 1 d GDPR. Finally, processing can also be based on Art. 6 Para. 1 f GDPR. This is the case if processing is carried out to safeguard an interest legitimate for our company or a third party, provided that your interests, fundamental rights and fundamental freedoms do not prevail. Such a legitimate interest can already be accepted if you are a customer of ours. If the processing of personal data is based on Art. 6 Para. 1 f GDPR, our legitimate interest is to carry out our business activities.
Provision of personal data
In some cases, the provision of personal data is required by law or contract. For this reason it can e.g. For example, to conclude a contract, you may need to provide us with personal data that we need to process. For example, to conclude a contract, you are obliged to provide personal data. Failure to make this available would result in the contract not being concluded.
Before providing personal data, you can contact our data protection officer. This will clarify whether the provision of personal data is required by law or contract in individual cases and what the consequences of not providing this data would be.
Safety
We, as the controller, have taken technical and organizational security measures in accordance with Art. 32 GDPR. This includes in particular measures to ensure the confidentiality, integrity and availability of the data. Furthermore, we have set up processes that ensure the protection of data subject rights, deletion of personal data and an immediate response to the risk to such data. In addition, we ensure the protection of personal data during the development and selection of hardware and software in accordance with the principles of Art. 25 GDPR. All of our employees and persons involved in data processing, as well as the service providers commissioned by us, are obliged to comply with the General Data Protection Regulation and other data protection laws and to treat personal data confidentially.
In the case of the collection and processing of personal data, the information is transmitted in encrypted form in order to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.
However, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed.
Links
If you use external links that are offered on our website, this data protection declaration does not extend to these links. Insofar as we offer links, we assure that no violations of applicable law were recognizable on the linked websites at the time the link was created. However, we have no influence on the compliance with data protection and security regulations by other providers. Therefore, please inform yourself on the websites of the other providers about the data protection declarations provided there.
Cookies
When you visit one of our websites, we may store information in the form of a cookie on your computer. Cookies are small text files that are sent to your browser by a web server and stored on your computer's hard drive.
Apart from the Internet protocol address, no personal data of the user is saved. This information is used to automatically recognize you the next time you visit our website and to facilitate navigation. Cookies allow us, for example, to adapt a website to your interests or to save your password so that you do not have to enter it every time.
Selbstverständlich können Sie unsere Websites auch ohne Cookies betrachten. Wenn Sie nicht möchten, dass wir Ihren Computer wiedererkennen, können Sie das Speichern von Cookies auf Ihrer Festplatte verhindern, indem Sie in Ihren Browser-Einstellungen „keine Cookies akzeptieren“ wählen. Auch bereits gesetzte Cookies können über Ihren Browser gelöscht werden. Wie das im Einzelnen funktioniert, entnehmen Sie bitte der Anleitung Ihres Browser-Herstellers. Wenn Sie keine Cookies akzeptieren, kann dieses aber zu Funktionseinschränkungen unserer Angebote führen.
Children and adolescents
Persons under the age of 16 should not transmit personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not collect them and do not pass them on to third parties.
Applications
You can send us your data, if available on our online offer, using the contact form. This is done in cooperation with the “Recruitee B.V., Amsterdam” by means of a state-of-the-art encryption method. If you send us your applicant data via e-mail, please note that e-mails are not sent in encrypted form and that you as the applicant have to ensure that they are encrypted yourself. For this reason, we cannot assume any responsibility for the transmission of your data in this way and therefore recommend using the postal route, since in addition to sending the documents by e-mail or, if applicable, an online form, there is still the possibility to send us documents send in this way.
If the application for one of our job offers is unsuccessful, your data will be deleted after six months, unless you have given us a legitimate revocation before the expiry of this period or you have given us consent to store the data for a period beyond this. This is necessary in order to be able to fulfill our obligations to provide evidence from the General Equal Treatment Act if necessary. If you have submitted invoices for travel reimbursement to us, they will be saved in accordance with the statutory provisions and deleted after the statutory storage periods have expired.
We will only process the data you have provided for the purpose of handling the application process. This is done on the basis of Art. 6 Para. 1 lit. b) GDPR, or if processing is necessary in legal procedures, based on Art. 6 Para. 1 lit. f) GDPR and § 26 BDSG. If you also give us special personal data, such as B. health data, transmitted voluntarily, we process this data on the basis of Art. 9 para. 2 lit. a) GDPR. If this is necessary for the intended profession, we require special categories of personal data based on Art. 9 Para. 2 lit. b) GDPR.
Google Analytics
Insofar as you have given your consent, Google Analytics, a web analytics service provided by Google LLC (Google), is used on this website. Use includes the Universal Analytics operating mode; This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze the activities of a user across devices.
Google Analytics uses so-called cookies. These are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of the website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. We would like to point out that on this website Google Analytics has been expanded to include IP anonymization in order to guarantee anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can find more information on terms of use and data protection at https://www.google.com/analytics/terms/de.html or or https://policies.google.com/?hl=de
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to us, the website operator.
Processing takes place in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR based on the consent you have given.
The recipient of the processed data is Google.
The personal data is transferred to the USA under the EU-US Privacy Shield based on the adequacy decision of the European Commission. You can access the certificate at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. abrufen.
The data sent by us and linked with cookies, user IDs (e.g. user ID) or advertising IDs will be automatically deleted after 38 months. Data whose retention period has expired is automatically deleted once a month.
You can revoke your consent at any time with future effect by preventing the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by using the browser plug-in available under the following link. Download and install in: https://tools.google.com/dlpage/gaoptout?hl=de..
Company presence on social media platforms
Due to our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR in communicating with and informing users and interested parties of our services, we maintain various presences in social networks. If the provider of the respective platform obtains the user's consent to the processing of personal data, this is done on the basis of Art. 6 Para. 1 lit. a), Art. 7 GDPR.
It is not excluded that personal data of users can be processed outside the European Union or the European Economic Area. This may make it difficult for those affected to enforce their rights. Some social media platform providers are certified according to the EU US Privacy Shield, which obliges them to comply with European data protection standards.
The processing of personal user data by the social media platforms is carried out regularly for market research and advertising purposes. Based on the user data, profiles are created that make it possible, for example, to display advertisements that correspond to the presumed interests of the respective user. This is done regularly by placing cookies on the device used by the user.
Information requests and the assertion of your rights should be made directly to the respective providers listed below, since only they have access to users' personal data and can take appropriate measures and provide information.
Should you still need help in exercising your rights, you can of course also contact us.
We can maintain a presence on the following social media platforms:
- Kununu
Changes to our privacy policy
We reserve the right to change our security and data protection measures insofar as this becomes necessary due to technical developments. In these cases, we will also adapt our data protection information accordingly. Therefore, please note the current version of our data protection declaration. As of January 2020.
Latest status: January 2020.
English 
German