I. Name and address of the Controller
The Controller within the meaning of the General Data Protection Regulation and other national data protection laws in the member states as well as other data protection provisions is:
K&K social resources & development GmbH
Stefan-Heym-Platz 1
10367 Berlin
Germany
Tel.: 030 / 428 420-0
Mail: work@kuk-personal.de
Website: www.kuk-personal.de
II. General information on data processing
1. Scope of processing of personal data
In principle, we only process our user’s personal data to the extent that this is necessary to provide a functional website and our content and services. Frequently, we only process our user’s personal data after they have provided consent. In these cases, an exception applies if it was not possible to obtain consent beforehand due to factual circumstances and processing of data is permitted by statutory provisions.
2. Legal basis for processing of personal data
To the extent that we obtain the consent of the data subject for processing operations, Article 6 para 1 lit a EU General Data Protection Regulation (GDPR) is the legal basis.
If processing personal data is necessary to perform a contract to which the data subject is a party, Article 6 para 1 lit b GDPR is the legal basis. This also applies to processing operations which are necessary to take steps prior to entering into a contract.
If it is necessary to process personal data to fulfil a legal obligation to which our company is subject, Article 6 para 1 lit c GDPR is the legal basis.
If vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 para 1 lit d GDPR is the legal basis.
If processing is necessary to pursue a legitimate interest of our company or a third party and the interests, basic rights and freedoms of the data subject do not override the first mentioned interest, Article 6 para 1 lit f GDPR is the legal basis for the processing.
3. Data erasure and term of storage
The data subject’s personal data will be erased or blocked as soon as the purpose for which it was stored no longer exists. Furthermore, data can be stored if this is stipulated by the European or national legislator in EU regulations, laws, or other provisions to which the Controller is subject. Data will also be blocked or erased if a term of storage stipulated by the norms specified expires, unless there is a requirement to continue storing the data for the purpose of concluding or performing a contract.
III. Provision of the website and the creation of logfiles
1. Description and scope of data processing
Every time a user visits our website, our system automatically records data and information from the computer system of the visitor computer. The following data is collected:
Name of the file downloaded, date and time of the download, data volume transferred, notification of successful download, web browser and requesting domain.
Other personal data will only be recorded if you provide it voluntarily during registration.
2. Legal basis for processing of personal data
The legal basis for temporarily storing the data and the logfiles is Article 6 para 1 lit f GDPR.
3. Purpose of data processing
It is necessary for the system to temporarily store the IP address in order to enable the website to be displayed on the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. Storing is done in logfiles to ensure the functionality of the website. Furthermore, the data helps us to optimise the website and ensure the security of our IT systems. The data is not evaluated for marketing purposes in this context.
These purposes also cover our legitimate interest in data processing pursuant to Article 6 para 1 lit f GDPR.
4. Term of storage
Data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected. If data is recorded in order to provide the website, it will be erased when the session ends. If data is stored in logfiles, it will be erased after seven days (at the latest). It is possible to store data for a longer period. In this case, the user’s IP addresses are deleted or anonymised so that is no longer possible to attribute them to the visiting client.
5. Option to raise an objection and to removal
It is absolutely necessary to record the data to provide the website and to store the data in logfiles in order to operate the website. Consequently, the user does not have any option to raise an objection.
IV. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files which are stored in/by the internet browser on the user’s computer system. If a user visits the website, a cookie can be placed on the user’s operating system. This cookie contains a characteristic sequence of characters which enables the browser to be unambiguously identified upon return visits. We use cookies to make our website more user-friendly. Some elements of our website make it necessary for the visiting browser to remain identifiable, even after switching to another page. The following data is stored and transmitted in the cookies: language settings, log-in information, location, browser, IP address anonymised.
Furthermore, we use cookies on our website which enable the user’s surfing behaviour to be analysed. In this way, the following data can be transmitted: Search terms entered, frequency of visits to the website, website functions used.
User’s data which is collected in this way is pseudonymised by means of technical precautions. Therefore, it is no longer possible to attribute the data to a visiting user. The data is not stored together with any other personal data of the user.
2. Legal basis for processing of personal data
Legal basis for processing of personal data using cookies is Article 6 para 1 lit f GDPR.
3. Purpose of data processing
The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website may not be available if cookies are not used. These functions require the browser to be recognised even after switching to another page. The user data collected by technically necessary cookies is not used to create user profiles.
Analysis cookies are used to improve the quality of our website and its content. The analysis cookies tell us how the website is used; we can therefore continually optimise our offer. These purposes also cover our legitimate interest in processing personal data pursuant to Article 6 para 1 lit f GDPR.
4. Term of storage, option to raise an objection and to effect removal
Cookies are saved on the user’s computer and are transmitted from this computer to our website. Therefore, as a user, you have full control over whether and how cookies are used. By adjusting your browser settings, you can stop cookies from being placed or limit the extent to which cookies are placed. Cookies which have already been placed can be erased again at any time. This can also be done automatically. If cookies are deactivated for our website, some features may not be fully available.
The transmission of Flash-cookies cannot be controlled by adjusting the browser settings, but by changing the settings of the Flash Player.
V. Registration / short application
1. Description and scope of data processing
On our website, we offer users the option to register and set up a short-form application, providing personal data. The data is entered into a window, transmitted to us and stored. The following data is collected as part of the registration process:
Your name, contact details, further details on your education, qualifications and professional experience, information on your personal interests.
When your register, the following data is also stored: Information on your use of the website and your IP address, date and time of registration.
The user’s consent to the processing of this data is obtained during the registration process.
The collection, processing and use of your personal data is done to the extent necessary to search for suitable vacant positions, to find work for the applicant or to establish an employment relationship with the client company or to use as part of personnel leasing.
By entering your data during registration, you expressly authorise us to provide your personal data to customers of K&K social resources & development GmbH and companies of the K&K corporate group for the specified purpose.
We (see above) keep an applicant data bank to identify suitable candidates for future customer enquiries and to contact you, in case we find a position which appears suitable for you. Besides your personal information, studies you have completed which you have informed us of and certificates which you have sent are entered into this data bank. By providing this data (i.e. the data required for the application, employment or agency activity or data otherwise provided by you (in particular data about your person or address, CV, references and certificates, qualifications)), you explicitly consent to this data being processing for the specified purpose in the abovementioned applicant data bank, even in the event of a rejection or after employment terminates. Furthermore, you consent to being informed of any relevant positions in the future by post, email, telephone, SMS or a messenger service you have specified. This consent is voluntary and remains valid until you withdraw it (which you may do at any time, e.g. by sending an email to datenschutz@kuk-personal.de) but at the latest two years after our last contact.
We only collect, process and store your personal data for the purposes specified. Disclosure to third parties will only be made as described in this privacy policy and to the extent that it is necessary to render our services. Without your prior consent, we will not give your data to any third parties who are not specified in this privacy policy. This applies unless there is a legal or statutory obligation to surrender the data or provide information.
2. Legal basis for processing of personal data
If the user has given consent, the legal basis for processing the data is Article 6 para 1 lit a GDPR and Article 6 para 1 lit b GDPR.
3. Purpose of data processing
The collection, processing and use of your personal data is done to the extent necessary to search for suitable vacant positions, to find work for the applicant or to establish an employment relationship with the client company or to use as part of personnel leasing. By entering your data as part of registration, you expressly authorise us to provide your personal data to customers of K&K social resources & development GmbH and to companies belonging to the K&K corporate group and their customers for the purpose specified. We only collect, process and store your personal data for the purposes specified. Disclosure to third parties will only be made as described in this privacy policy and to the extent that it is necessary to render our services. We will not give your data to any third parties who are not specified in this privacy policy without your prior consent. This applies unless there is a legal or statutory obligation to surrender the data or provide information.
4. Term of storage
Data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected. Therefore, personal data provided as part of registration for the purpose of performing the contract or to take steps before entering into the contract will be erased if the data is no longer required to perform the contract. Even after the conclusion of the contract, it can be necessary to store the contractual partner’s personal data to comply with contractual or statutory obligations.
5. Option to raise an objection and to removal
As a user, you are entitled to cancel registration at any time. You are also entitled to have the data concerning you which is stored amended at any time. To do this, please send us an email at datenschutz@kuk-personal.de. If the data is required to perform a contract or to perform pre-contractual measures, premature erasure of the data is only possible if this is not opposed by contractual or statutory obligations.
VI. Contact form and email contact details
1. Description and scope of data processing
Our website provides the option to make contact by email. In this case, the user’s personal data which is sent with the email will be stored. The data will not be disclosed to third parties in such cases. The data will only be used to process the communication exchange.
2. Legal basis for processing of personal data
The legal basis for processing the data transmitted as part of sending an email is Article 6 para 1 lit f GDPR. If the objective of the email contact is to conclude a contract, Article 6 para 1 lit b GDPR forms an additional legal basis.
3. Purpose of data processing
The processing of personal data from the entry window serves the sole purpose of processing the email. If you contact us by email, this also constitutes the required legitimate interest in processing the data.
Other personal data processed during the sending procedure serves the purpose of preventing misuse of the contact form and ensuring the security of our IT systems.
4. Term of storage
Data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected. Therefore, personal data from the entry window on the contact form and data which is sent by email, will be erased when the respective exchange with the user has ended. The exchange has only ended if the surrounding circumstances indicate that the respective set of facts has been clarified with final effect.
The additional personal data collected during the sending procedure will be erased after a maximum of seven days.
5. Option to raise an objection and to removal
The user may withdraw its consent to the processing of personal data at any time. If the user makes contact with us by email, it may object to its personal data being stored at any time. In such a case, the exchange may not be continued. To exercise this right, please send us an email at datenschutz@kuk-personal.de.
All personal data which is stored as part of making contact is erased in such cases.
VII. Analysis tools: Statify
This website uses the statistics tool Statify. Statify is a WordPress plugin that counts the number of pageviews. It also captures where visitors to the website come from and what content is accessed. It does not collect any personal data (eg IP addresses). The data collection is completely anonymous, since no cookies are used and no data is transmitted to third parties. The plugin is summarized in a database and can be viewed, sorted and deleted by the website operator.
VIII. Google Maps
This website uses Google Maps API, a map service provided by Google Inc. (“Google”), to display an interactive map and create route maps. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using Google Maps, information about your use of this website (including your IP address and location data where applicable) may be transferred to a Google server in the USA and stored there. Google may also pass on the information collected through Maps to third parties if such is required by law or where such third parties process the information on Google’s behalf. The provider of this website has no influence over this transfer of data.
By using this website, you consent to the collection, processing and use of the data that is automatically collected or that you disclose by Google, one of its representatives or third-party providers.
Google states that it will not link your IP address with any other data held by Google. Nevertheless, it would be technically possible for Google to at least identify individual users on the basis of the data they receive. It would be possible for Google to process personal data and create personality profiles for users of Google’s website for other purposes over which we do not and cannot have any influence. If you are logged into Google, Google can directly assign the visit to our website to your Google account. You can deactivate the Google Maps service and thus stop data being transferred to Google by deactivating JavaScript in your browser. However, we wish to point out that should you do so, you will be unable to use the maps on our website.
You can find Google’s privacy policy & additional terms of service for Google Maps at https://www.google.com/intl/de_de/help/terms_maps.html.
IX. Social Media Plugins
We currently use social media plugins from the following service providers: Facebook, Xing. These plugins allow data, including personal data, to be sent to and potentially used by these US American service providers. You can identify the plugin providers by the tag in the box above the first letter of their name or the logo.
We also use the “two-click solution”. This means that when you visit our website, no personal data will be initially passed on to the plugin provider. You can identify the plugin providers by the tag in the box above the first letter of their name or the logo. We give you the option to communicate directly with the plugin provider using the button. The plugin provider will only be notified that you have accessed the corresponding page of our website if you click on the marked area, thereby activating it.
If you click on the button, the service provider will be notified that you have accessed the corresponding page of our website. This does not require you to have an account with the service provider or to be logged in to said account. If you are logged in to your account with the service provider, this data will be directly assigned to your account. If you click on one of the social plugins, and are linked to the website for example, the service provider also stores this information in your user account and shares this publicly with your contacts. If you do not wish for this data to be assigned to your profile with the service provider, you must log out before clicking on one of the social plugins.
We do not have any influence over the data that is collected or data processing operations, nor are we aware of the full extent of this data collection, the purposes for which it is processed or the duration of storage. We also do not have any information regarding erasure of the collected data by the plugin provider.
You can find further information about the purpose and scope of data collection and its processing by the plugin provider by referring to the following privacy policies of these providers. These also contain additional information regarding your associated rights and settings options for protecting your privacy. The addresses of the respective plugin providers and URL for their privacy policies:
(1) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php
(2) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy
X. The data subject’s rights
If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-a-vis the Controller:
1. Right to information
You can request confirmation from the Controller on whether we process personal data concerning you.
If this is the case, you can request the following information from the Controller:
(1) the purposes for which personal data is processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;;
(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data by the Controller or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to its source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22 para 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information on whether the personal data concerning you is transmitted to a third country or to an international organisation. In this context, you can request to be informed of appropriate safeguards pursuant to Article 46 GDPR in connection with the transmission.
2. Right to rectification
You have the right to obtain from the Controller the rectification or completion of inaccurate or incomplete personal data concerning you. The Controller must perform such rectification without delay.
3. Right to have processing restricted
You have the right to obtain the restriction of processing of personal data concerning you where one of the following applies:
(1) if you contest the accuracy of the personal data concerning you for a period which enables the Controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) the Controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims; or
(4) if you have objected to processing pursuant to Article 21 para 1 pending the verification whether the legitimate grounds of the Controller override those of yours.
Where processing of personal data concerning you has been restricted, such personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted under the above conditions, you will Right to erasure
a) Obligation to erase
You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay and the Controller is obliged to erase this personal data without undue delay where one of the following grounds applies:
(1) the personal data concerning you is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) you withdraw consent on which the processing is based according to Article 6 para 1 lit a or Article 9 para 2 lit a GDPR, and where there is no other legal ground for the processing.
(3) you object to the processing pursuant to Article 21 para 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 para 2 GDPR;
(4) the personal data concerning you has been unlawfully processed;
(5) the personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
(6) the personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8 para 1 GDPR.
b) Disclosure to third parties
If the Controller has made the personal data concerning you public and is obliged pursuant to Article 17 para 1 GDPR to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform Controllers which are processing the personal data that you, as the data subject, have requested the erasure by such Controllers of any links to, or copy or replication of, that personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9 para 2 lit h and i and Article 9 para 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 para 1 GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
4. Right to notification
The Controller must communicate any rectification or erasure of personal data or restriction of processing which you have requested to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.
The Controller must inform you about those recipients if you so request.
5. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a Controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another Controller without hindrance from the Controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to Article 6 para 1 lit a GDPR or Article 9 para 2 lit a GDPR or on a contract pursuant to Article 6 para 1 lit b GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one Controller to another, where technically feasible. This may not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
6. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para 1 lit e GDPR including profiling based on those provisions.
The Controller will no longer process the personal data concerning you unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the processing serves the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you may no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
7. Right to withdraw consent
You have the right to at any time withdraw your consent under data protection law. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the Controller,
(2) is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on the data subject’s explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Article 9 para 1 GDPR, unless ‘Article 9 para 2 lit a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the Controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, but at least the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Berlin, May 2018