Privacy policy for muenchenstift.de

Thank you for your interest in our website. This privacy policy informs you about how we handle your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

1. Controller

The controller responsible for the data processing described below is named in the imprint.

2. Usage data

When you visit our website, so-called usage data are temporarily saved in a log file and evaluated for statistical purposes in order to improve the quality of our website. This log file consists of  

  • the name and address of the requested content
  • the date and time of the request
  • the volume of data transferred
  • the access status (content transferred, content not found)
  • the description of the web browser and operating system used
  • the referral link, which indicates from which website you accessed our website
  • the IP address of the requesting computer, which is shortened so that it cannot be traced back to you.

The data in the log file are always evaluated anonymously.

3. Storage of the IP address

We do not otherwise store any IP addresses.

4. Visitor measurement

We use the self-hosted and open-source web analysis tool Matomo to design our websites in line with demand. Matomo creates user profiles based on pseudonyms. For this purpose, cookies are stored on your device and read by us. In this way, we are able to recognize returning visitors and count them as such. 

The data processing is based on your consent according to Art. 6 para .1 p. 1 lit. a) GDPR, provided that you have given your consent via our cookie banner.  

You can revoke your consent at any time in the cookie settings.

5. Data security

We take technical and organisational measures to comprehensively protect your data from unwanted access. We use an encryption method on our website. Your data is transferred from your computer to our server and back again via the internet using TLS encryption. You can usually recognise this by the closed padlock icon in the status bar of your browser and the address line beginning with https://.

6. Necessary cookies

Our website uses cookies that are essential for you to browse and use our website.

Cookies are small text files that can be stored and read out on your end device. A distinction is made between session cookies that are deleted when you close your browser and persistent cookies that are stored until they expire.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

Some of these cookies only contain information about certain settings and do not contain personal data. They may also be necessary to enable user guidance on the website and website security and implementation.

We use these cookies on the basis of Art. 6 para. 1 p. 1 lit. f) GDPR.

You can adjust your browser settings so that it informs you when cookies are set. This makes the use of cookies even more transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that in this case our website might not be displayed correctly and that you will be unable to use some of its functions.

You can also find more information about the required cookies in the cookie settings.

7. Application

In addition to sending us your application by post, you can apply faster by using our convenient online application form. If you use MÜNCHENSTIFT’s general application form, the data you enter (first and last name, address, country, nationality, email address, school-leaving qualification) will be saved by concludis. We have concluded a data processing agreement with concludis GmbH in accordance with Art. 28 GDPR so that your data are processed strictly according to our instructions.

The legal basis for processing your personal data is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 p. 1 FDPA (German Federal Data Protection Act). We process the data exclusively for the purpose of selecting applicants. No data processing is performed for any other purpose. The data can only ever be accessed by the HR department and those involved in the application process within MÜNCHENSTIFT. The data is transmitted in encrypted form. On completion of the application process for the vacancy, the application documents are deleted after three months.

If your application is of interest to us, but a suitable opening is not currently available in our company, we will contact you and request your consent to store your data for a longer period so that we may consider you again for other or future vacancies. In this case, we will process your data on the basis of Art. 6 para.1 p. 1 lit. a) GDPR.

8. Contact form

You have the opportunity to contact us via our contact form. To use our contact form, you need to complete the fields marked as compulsory.

We use these data on the basis of Art. 6 para. 1) p. 1 lit. f) GDPR in order to reply to your inquiry.

You can decide whether you wish to provide us with further details or not. This information is voluntary and is not essential for us to contact you. We process the data you enter voluntarily on the basis of Art. 6 para. 1 p. 1 lit. a) GDPR.

Your data will only be processed in order to reply to your inquiry. We will delete your data if they are no longer required and no legal retention obligations preclude deletion.  

If the data transmitted via the contact form are processed on the basis of Art. 6 para. 1 p. 1 lit. f) GDPR, you many object to their processing at any time. You can also revoke your consent to the processing of optional personal data at any time. To do so, please contact the email address specified in the imprint.

9. Captcha 

In order to protect our web forms from automated requests, we use a so-called Captcha from Intuition Machines, Inc.

This will provide the third party with the information that you have accessed our site and the usage data that is technically required in this context. We have no influence on further data processing by the third party.  

Embedding is based on Art. 6 para. 1 p. 1 lit. f) GDPR and in the interest of protecting against spam and misuse.

10. Storage period

Unless we have already informed you in detail of a storage period, we delete personal data if they are no longer required for the aforementioned processing purpose and no legal retention obligations preclude deletion.

11. Other data processors

Within the scope of a data processing agreement pursuant to Art. 28 GDPR, we transmit your data to service providers who support us in the operation of our website and the associated processes. These include hosting service providers. Our service providers must follow our instructions strictly and are contractually bound to do so.

Should we not have already done so in the privacy policy, please find below a list of the data processing companies with whom we cooperate.  

Data processing companyPurposeAdequate data protection level
CAMAO München GmbH  Hosting and supportProcessing only within EU/EEA

12. Your rights as a data subject

Under the GDPR, as data subject you are entitled to certain rights in the processing of your personal data:

Right of access (Art. 15 GDPR)

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and, if necessary, to have incomplete personal data completed.

Right to erasure (Art. 17 GDPR)

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the grounds specified in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to obtain from the controller restriction of processing where one of the preconditions specified in Art. 18 GDPR applies, such as when you have objected to processing, pending verification by the controller.

Right to data portability (Art. 20 GDPR)

In certain cases, which are specified in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another third party.

Right to withdraw consent (Art. 7 GDPR)

Should data processing be based on your consent, pursuant to Art. 7 para. 3 GDPR, you have the right to withdraw your consent to the use of your personal data at any time. Please note that the withdrawal shall only be effective for the future. Any processing performed prior to withdrawal of consent shall not be affected.

Right to object (Art. 21 GDPR)

If data are collected on the basis of Art. 6 para. 1 p. 1 lit. f) GDPR (data processing serving legitimate interests) or of Art. 6 para. 1 p. 1 lit. e) GDPR (data processing serving the public interest or in the exercise of official authority), you have the right to object to processing at any time on grounds relating to your particular situation. We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes data protection regulations. The right to lodge a complaint may be exercised in particular vis-à-vis a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

Assertion of your rights

Unless stated otherwise above, please contact the body specified in the imprint in order to assert your rights as a data subject.

13. Our data protection officer

You also have the right to contact our data protection officer at any time, who is bound to secrecy regarding your request. The contact details of our data protection officer can be found on the privacy policy page.

We will be happy to provide you with more detailed information on request.

Version: September 2022