Privacy Policy
General Information and Mandatory Information
Appointment of the responsible body
The responsible body for data processing on this website is:
Forway Consulting GmbH
Ralf Hillmer
Raboisen 38
20095 Hamburg
ralf.hillmer@forway.de
The controller alone or together with others decides on the purposes and means of processing personal data (e.g. names, contact data, etc.).
Revocation of your consent to data processing
Some data processing procedures are only possible with your express consent. A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing up to the revocation remains unaffected by the revocation.
Right of appeal to the competent supervisory authority
As the person concerned, you have a right of appeal to the responsible supervisory authority in the event of a breach of data protection law. The responsible supervisory authority with regard to data protection issues is the data protection officer of the federal state in which our company is based. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data transferability
You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to yourself or to third parties. It is provided in a machine-readable format. If you request the direct transfer of the data to another person responsible, this will only take place if it is technically feasible.
Right to information, correction, blocking, deletion
You have the right to free information about your stored personal data, the origin of the data, its recipients and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the scope of the applicable legal provisions. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.
Server log files
The provider of the website automatically collects and stores information in server log files which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources. Data processing is based on Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Contact form
Data transmitted via the contact form, including your contact data, will be stored in order to be able to process your enquiry or to be available for follow-up questions. This data will not be passed on without your consent.
The data entered in the contact form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing processes carried out up to the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage or until there is no longer any need for data storage. Mandatory statutory provisions – in particular retention periods – remain unaffected.
XING Plugin
Our website uses functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.
When a page with integrated Xing functions is called, a connection to the Xing servers is established. To the best of our knowledge, personal data will not be stored. IP addresses are not stored, nor is there any evaluation of usage behavior.
Details on data protection and the XING Share button can be found in XING’s data protection declaration at: https://www.xing.com/app/share?op=data_protection.
Personal data in the course of applications
Purpose of processing
We process personal data about you for the purpose of your application for employment with us or a company that has commissioned us to find personnel (client), insofar as this is necessary for deciding whether to establish employment with us or our client. The legal basis is § 26 Paragraph 1 in conjunction with Paragraph 8 Sentence 2 BDSG.
Furthermore, we may process personal data about you insofar as this is necessary to defend against legal claims asserted against us or our client in the application process. The legal basis is Art. 6 para. 1, letter f DSGVO. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
If there is an employment relationship between you and us or in the case of an external personnel search with our client, we can process the personal data already received from you for the purpose of the employment relationship in accordance with § 26 Paragraph 1 BDSG, if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the representation of the interests of the employees resulting from a law or a collective agreement, a company or service agreement (collective agreement).
Categories of personal data
We process data in connection with your application. This may include general information about you (such as your name, address and contact details), information about your professional qualifications and schooling or information about professional training or other information you provide us in connection with your application. Furthermore, we may process job-related information made publicly available by you, such as a profile on professional social media networks.
Recipient of the data
We may disclose your personal data to companies that are disclosed in the job advertisement and have commissioned us with the personnel search, insofar as this is permissible within the framework of the purposes and legal bases set out above. Furthermore, personal data will be processed on our behalf on the basis of contracts in accordance with Art. 28 DSGVO, in particular by host providers.
Duration of storage
We store your personal data for as long as it is necessary to make a decision about your application. If an employment relationship between you and us or our client does not materialize, we may also further store data, insofar as this is necessary to defend against possible legal claims. The application documents will be deleted six months after notification of the rejection decision, unless longer storage is required due to legal disputes.
If you have given us voluntary consent for a longer storage period, e.g. to consider your application for a later job advertisement, you can revoke this consent at any time. The revocation then leads to the immediate deletion of your application data, provided that the above-mentioned deadlines have expired, at the latest, however, with the expiration of the above-mentioned deadlines. Without revocation, your personal data will be deleted at the latest 24 months after receipt of your application.
No need to provide data
The provision of personal data is neither required by law nor by contract, nor are you obliged to provide the personal data. However, the provision of personal data is necessary for the conclusion of a contract of employment with us or our client. This means that if you do not provide us with any personal data in an application, we or our client will not enter into an employment relationship with you.
No automated decision making
There is no automated decision in individual cases within the meaning of Art. 22 DSGVO.
Source partially: Data protection configurator of mein-datenschutzbeauftragter.de