Privacy policy

MÜNCHENSTIFT GmbH 
April 2021

Thank you for your interest in our website. This privacy policy informs you about how we handle your data in accordance with section 13 of the General Data Protection Regulation (GDPR).

1. Controller

The controller responsible for the data processing described below is named in the imprint.

2. Usage data

When you visit our website, so-called usage data are temporarily saved in a log file and evaluated for statistical purposes in order to improve the quality of our website. This log file consists of  

  • the name and address of the requested content
  • the date and time of the request
  • the volume of data transferred
  • the access status (content transferred, content not found)
  • the description of the web browser and operating system used
  • the referral link, which indicates from which website you accessed our website
  • the IP address of the requesting computer, which is shortened so that it cannot be traced back to you.

The data in the log file are always evaluated anonymously.

3. Storage of the IP address

We do not otherwise store any IP addresses.

4. Anonymous visitor counting

We use an anonymous visitor counter on our website. It evaluates the web server log data and the shortened IP address. No conclusions can be drawn as to your identity.

5. Data security

We take technical and organisational measures to comprehensively protect your data from unwanted access. We use an encryption method on our website. Your data is transferred from your computer to our server and back again via the internet using TLS encryption. You can usually recognise this by the closed padlock icon in the status bar of your browser and the address line beginning with https://.

6. Necessary cookies

Our website uses cookies that are essential for you to browse and use our website.

Cookies are small text files that can be stored and read out on your end device. A distinction is made between session cookies that are deleted when you close your browser and persistent cookies that are stored until they expire.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

Some of these cookies only contain information about certain settings and do not contain personal data. They may also be necessary to enable user guidance on the website and website security and implementation.

We use these cookies on the basis of section 6 (1) sentence 1, letter f GDPR.

You can adjust your browser settings so that it informs you when cookies are set. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that in this case our website might not be displayed correctly and that you will be unable to use some of its functions.

For more information about necessary cookies, please refer to Cookie settings.

7. Third-party tracking technologies for advertising and analysis purposes

We use cross-device tracking technologies to enable you to see customised advertising on other websites based on your visit to our website and to identify how effective our advertising has been.

Data processing is conducted on the basis of your consent according to section 6 (1) sentence 1, letter a GDPR and section 15 (3) sentence 1 of the German Teleservices Act (TMG), providing that you have given your consent via our banner. Your consent is voluntary and can be revoked at any time in the Cookie settings.

How does tracking work?

When you visit our website, the third-party providers mentioned below may retrieve recognition features for your browser or your end device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read recognition features on your end device (e.g. cookies) or gain access to individual tracking pixels.

The individual features may be used by the third-party providers to recognise your end device on other internet websites. We may commission the relevant third-party providers to place advertisements that are based on the content you visited on our website.

What does cross-device tracking mean?

If you log in to a third party with your own user data, the respective recognition features of various browsers and end devices can be linked. For example, if the third party has created a separate feature for the laptop, desktop, smartphone or tablet you are using, these individual features can be linked to one another as soon as you use a third-party service with your login data. This enables the third-party provider to effectively position our advertising campaigns across different end devices.

What third-party vendors do we use for this?

In the Cookie settings we list the third-party vendors with whom we cooperate for advertising purposes. If the data is processed outside the EU or EEA within this context, please note that there is a risk that government agencies may access the data for security and surveillance purposes without informing you or you being able to lodge an appeal. If we use providers in insecure third countries and you consent to this, the transfer to a third country is based on section 49 (1) letter a GDPR.  

8. Application

In addition to sending us your application by post, you can apply faster by using our convenient online application form. If you use MÜNCHENSTIFT’s general application form, the data you enter (first and last name, address, country, nationality, email address, school-leaving qualification) will be saved by concludis. We have concluded a data processing agreement with concludis GmbH in accordance with section 28 GDPR so that your data are processed strictly according to our instructions.

The legal basis for processing your personal data is section 88 (1) GDPR in conjunction with section 26 (1), sentence 1 of the German Federal Data Protection Act (FDPA). We process the data exclusively for the purpose of selecting applicants. No data processing is performed for any other purpose. The data can only ever be accessed by the HR department and those involved in the application process within MÜNCHENSTIFT. The data is transmitted in encrypted form. On completion of the application process for the vacancy, the application documents are deleted after three months.

If your application is of interest to us, but a suitable opening is not currently available in our company, we will contact you and request your consent to store your data for a longer period so that we may consider you again for other or future vacancies. In this case, we will process your data on the basis of section 6 (1) sentence 1, letter a GDPR.

9. Contact form

You have the opportunity to contact us via our contact form. To use our contact form, you need to complete the fields marked as compulsory.

We use these data on the basis of section 6 (1) sentence 1, letter f GDPR in order to reply to your inquiry.

You can decide whether you wish to provide us with further details or not. This information is voluntary and is not essential for us to contact you. We process the data you enter voluntarily on the basis of section 6 (1) sentence 1, letter a GDPR.

Your data will only be processed in order to reply to your inquiry. We will delete your data if they are no longer required and no legal retention obligations preclude deletion.  

If the data transmitted via the contact form are processed on the basis of section 6 (1) sentence 1, letter f GDPR, you many object to their processing at any time. You can also revoke your consent to the processing of optional personal data at any time. To do so, please contact the email address specified in the imprint.

10. Captcha 

To protect our web forms from automated requests, we use a third-party captcha. As part of the captcha function, you may be asked to solve tasks or click on checkboxes. The user input made in this context and, if necessary, the mouse movements, are used to assess whether it has been entered by a person or an automated program.

As the function is supplied by a third-party provider, viewing the captcha results in third-party content being loaded. This will provide the third party with the information that you have accessed our site and the usage data that is technically required in this context. We have no influence on further data processing by the third party.  

Embedding is based on section 6 (1), sentence 1, letter f GDPR and in the interest of protecting against spam and misuse.

ProviderMaximum storage periodAdequate data protection levelWithdrawal of consent
Google LLC (USA) No adequate level of data protection. Transfer is based on section 49 (1) sentence 1, letter a GDPRIf you no longer consent to processing, please refrain from using our website.

11. Integration of other technical third-party content and functions

We use the third-party technical features and content listed below to display our website.

When you access our website, the content of the third-party provider who supplies these functions and content is downloaded. The third party thus receives the information that you have accessed our website along with the usage data that is technically required when you do so.

We have no influence on further data processing by the third party.  

Data processing is conducted on the basis of your consent according to section 6 (1) sentence 1, letter a GDPR, providing that you have given your consent via our banner solution.    

Please note that the use of third-party content and functions may result in your data being processed outside the EU or EEA. In some countries, there is a risk that government agencies may access the data for security and surveillance purposes without informing you or you being able to lodge an appeal. If we use providers in insecure third countries and you consent to this, the transfer to an insecure third country is based on section 49 (1) letter a GDPR.  

ProviderTechnical functionMaximum storage periodAdequate data protection levelWithdrawal of consent
Google LLC (USA)Google Fonts24 hoursNo adequate level of data protection. Transfer is based on section 49 (1) sentence 1, letter a GDPR.If you no longer consent to processing, please refrain from using our website.

12. Storage period

Unless we have already informed you in detail of a storage period, we delete personal data if they are no longer required for the aforementioned processing purpose and no legal retention obligations preclude deletion.

13. Other data processors

Within the scope of a data processing agreement pursuant to section 28 GDPR, we transmit your data to service providers who support us in the operation of our website and the associated processes. These include hosting service providers. Our service providers must follow our instructions strictly and are contractually bound to do so.

Should we not have already done so in the privacy policy, please find below a list of the data processing companies with whom we cooperate.  

Data processing companyPurposeAdequate data protection level
CAMAO München GmbH  Hosting and supportProcessing only within EU/EEA

14. Your rights as a data subject

Under the GDPR, as data subject you are entitled to certain rights in the processing of your personal data:

Right of access (section 15 GDPR)

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the information specified in section 15 GDPR.

Right to rectification (section 16 GDPR)

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and, if necessary, to have incomplete personal data completed.

Right to erasure (section 17 GDPR)

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the grounds specified in section 17 GDPR applies.

Right to restriction of processing (section 18 GDPR)

You have the right to obtain from the controller restriction of processing where one of the preconditions specified in section 18 GDPR applies, such as when you have objected to processing, pending verification by the controller.

Right to data portability (section 20 GDPR)

In certain cases, which are specified in section 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another third party.

Right to withdraw consent (section 7 GDPR)

Should data processing be based on your consent, pursuant to section 7 (3) GDPR, you have the right to withdraw your consent to the use of your personal data at any time. Please note that the withdrawal shall only be effective for the future. Any processing performed prior to withdrawal of consent shall not be affected.

Right to object (section 21 GDPR)

If data are collected on the basis of section 6 (1), sentence 1, letter f GDPR (data processing serving legitimate interests) or of section 6 (1), sentence 1, letter e GDPR (data processing serving the public interest or in the exercise of official authority), you have the right to object to processing at any time on grounds relating to your particular situation. We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority (section 77 GDPR)

Pursuant to section 77 GDPR you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes data protection regulations. The right to lodge a complaint may be exercised in particular vis-à-vis a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

Assertion of your rights

Unless stated otherwise above, please contact the body specified in the imprint in order to assert your rights as a data subject.

15. Contact details of the Data Protection Officer

Our external Data Protection Officer will be happy to provide you with information on data protection at the following email address:

office@datenschutz-sued.de

If you contact our Data Protection Officer, please also name the controller specified in the imprint.