Name and address of the data controller
The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is: Constares GmbH
Hansastraße 10
80686 München Germany
Telefon: +49 89 125039830
E-Mail: info@constares.com
Name and address of the data protection officer
The data protection officer of the data controller is:
Jörg Hermann Freibadstr. 30
81543 München
Germany
Telefon: +49 89 200 033 580
E-Mail: info@jmh-datenschutz.de
General information on data processing Legal basis for processing personal data
In accordance with Article 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: the legal basis for obtaining consent is Articel 6(1)(a) in conjunction with Article 7 GDPR. The legal basis for processing in order to provide our services and fulfil contractual measures, as well as answering inquiries, is Article 6(1)
(b) GDPR. The legal basis for processing in order to fulfil our legal obligations is Article 6(1)(c) GDPR. If the processing of your data is necessary to safeguard the legitimate interests of our company or a third party and if your interests, fundamental rights and fundamental freedoms as the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
Data deletion and storage period
We adhere to the principles of data minimisation in accordance with Article 5(1)(c) GDPR and storage limitation according to Article 5(1)(e) GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here, or as stipulated by the retention periods provided for by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.
External links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to any of the websites outside our control, please note that these websites have their own privacy notices. We do not assume any responsibility or liability for these external websites and their privacy notices. Before using these websites, please check whether you agree with their privacy policies.
You can recognise external links either by the fact that they are displayed in a colour which is slightly different from the rest of the text or that they are underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website will then receive your IP address, the time at which you clicked on the link, the website you were on when you clicked on the link, and other information that you can find in the respective provider’s privacy notice.
Please also note that individual links may result in data transfer outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal recourse against such data access. If you do not want your personal data to be transferred to the link destination or potentially even accessed by foreign authorities against your will, please do not click on any links.
Rights of data subjects
As a data subject within the meaning of the GDPR, you have the option to assert various rights. The data subject rights arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to deletion (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).
Right of revocation:
Some data processing can only take place with your express consent.You have the option to revoke your consent at any time. However, the lawfulness of the data processing up to the point of revocation is not affected by this.
Right of objection:
If the processing is based on Article 6(1)(e) or (f) GDPR, you as the data subject can object to the processing of your personal data at any time for reasons arising from your particular situation. You are also entitled to this right in the case of profiling based on these provisions within the meaning of Article 4(4) GDPR. Unless we can prove a legitimate interest for the processing which overrides your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims, we will refrain from processing your data after the objection has been made.
If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling associated with direct marketing. Here, too, we will no longer process personal data as soon as you raise an objection.
Right to lodge a complaint with a supervisory authority:
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, without prejudice to any other administrative or judicial remedy, your place of work or the location of the alleged violation.
Right to data portability:
If your data is processed automatically based on consent or fulfilment of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to request that the data be transferred and made available to another data controller, insofar as this is technically feasible.
Right of access, rectification and erasure:
You have the right to obtain information about the processing of your personal data with regard to the purpose, categories and recipients of the data processing, as well as the duration of storage. If you have any questions on this topic or on other topics regarding personal data, you can of course contact us using the contact options provided in the legal notice.
Right to restriction of processing:
You may assert your right to the restriction of processing of your personal data at any time. To do this, you must meet one of the following requirements:
The effect of restricting processing is that, apart from storage, the personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a member state.
Provision of the website (web host)
When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or our hosting company’s server.
These are:
This data is not merged with other data sources.
Instead of operating this website on our own server, we may also commission an external service provider (hosting company) to operate it on their own server, which we have named above in this case. The personal data collected by this website will be stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores for us, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.
The legal basis for processing this data is Article 6(1)(f) GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website. If the website is called up in order to enter into contract negotiations with us or to conclude a contract, this serves as a further legal basis (Article 6(1)(b) GDPR). In the event that we have commissioned a hosting company, a order processing contract will have been agreed with this service provider.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored within the browser on your end device. This data usually includes user preferences, such as the "day" or "night" mode of a website, and is retained until you manually delete the data. Session storage is very similar to Local storage, whereas the storage duration only lasts during the current session, so until the current tab is closed. The session storage objects are then deleted from your end device. Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either temporarily deleted for the duration of a session (session cookies) and after your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.
These objects can also be stored on your end device by third-party companies when you visit our site (third-party requests). This allows us, as the operator, and you, as a visitor to this website, to make use of certain third-party services installed on this website. Examples are the processing payment services or displaying videos on a website.
These mechanisms have a variety of uses. They can improve the functionality of a website, control shopping cart functions, increase the security and comfort of website use and carry out analyses regarding visitor flows and behaviour. Depending on their individual functions, they must be classified in terms of data protection legislation. Are they necessary for the operation of the website and intended to provide certain features (shopping cart feature) or serve to optimize the website (e.g. cookies to measure visitor behaviour), then their use is based on Article 6(1)(f) GDPR. As a website operator, we have a legitimate interest in storing local storage items, session storage items and cookies in order to ensure the technically error-free and optimized provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Article 6(1)(a) GDPR).
If local storage items, session storage items and cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy notice. When required, your consent will be requested and can be revoked at any time.
Use of external services
We use external services on our website. External services are services provided by third parties that are used on our website. This can be done for a variety of reasons, such as embedding videos or website security. When using these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your revocable consent as a visitor to our website before using them (Article 6(1)(a) GDPR).
Marketing
Our website uses tools that offer services related to campaigns, web analytics and personalisation. This enables a central and comprehensive collection of all data, which in turn is necessary for the optimisation and planning of digital campaigns. Our advertising partners may use these services on our website to profile your interests and show you relevant adverts on other websites.
Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Cloudworx
Our website uses the service Cloudworx. The provider of this service is cloudworx GmbH, Rupert-Mayer-Straße 44, Gebäude 64.07a, 81379 München, Germany.
Presencs on Social Media
Social networks process personal data of their users on a large scale. Visiting our profiles on such networks leads to the processing of your IP address and other information about the used devices, among other things, which enables the IP addresses to be reassigned to individual users. We cannot influence this data processing. Therefore we have to point out that visiting our profiles on the social networks and using their functions is at your own risk. Details on data processing can be found in the operator's data protection declaration.
The purpose of our profiles on social media platforms is to increase our Internet presence and the associated greater notoriety. Therefore, legitimate interest in accordance with Article 6 (1)(f) GDPR is to be used as the legal basis. Furthermore, with regard to the processing activities by the social networks, we refer to their own legal bases (e.g. consent in accordance with Article 6 (1)(a) GDPR), which can be found in the respective data protection declaration.
Together with the social media platform, we are responsible for the data processing operations triggered when you visit our profile. You can therefore assert your rights as a data subject in accordance with the GDPR against the social media platform and against us.
However, we would like to point out that we cannot influence the processing of data by the social media platform.
Presence on LinkedIn
We have a profile on LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
Detailed information about the handling of personal data can be found in the following data protection declaration of LinkedIn: https://www.linkedin.com/legal/privacy-policy.
Presence on XING
We have a profile on XING. The provider of this service is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Detailed information about the handling of personal data can be found in the following data protection declaration of XING: https://privacy.xing.com/de/datenschutzerklaerung.
Personal data as part of the application process
Personal data is information about the personal or factual circumstances of an identified or identifiable natural person. This includes information such as your name, your address, your telephone number and your date of birth, but also data about your specific career, etc., which can be assigned to a specific person with reasonable effort.
Application procedure
We process your applicant data exclusively for the purpose of and as part of the application process in accordance with the legal requirements. Applicant data is processed to fulfil our (pre-)contractual obligations as part of the applicant selection process within the meaning of Art. 6 para. 1 lit. b. GDPR and Section 26 BDSG, insofar as data processing becomes necessary for us, e.g. in the context of legal proceedings.
The application procedure requires applicants to send us their application documents. The required applicant data is labelled in the online form and is otherwise derived from the job descriptions. In principle, this includes personal details, address and contact details as well as the documents relating to the application, such as cover letter, CV and references. Applicants can also voluntarily provide us with additional information.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data, severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data if this is necessary for the exercise of the profession).
Applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. In addition to an application via the online form and by e-mail, it is also possible to send us the application by post.
If the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified cancellation by the applicant, the deletion will take place after a period of six months so that we can answer any follow-up questions about the application and fulfil our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.
Types of data processed: Applicant data (e.g. personal details, address and contact details, CV, references and other personal or qualification information provided with regard to a specific position or voluntarily by applicants).
Data subjects: Applicants
Purposes of processing: Applicant selection procedure
Legal basis: Art. 6 para. 1 lit. b GDPR in conjunction with Section 26 para. 1 BDSG, legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Service providers used
We use the following third-party providers to carry out the online application process.
Salesforce: applicant management system and candidate database; service provider: salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany
Cloudworx: Process automation in Salesforce; Service provider: cloudworx GmbH, Rupert-Mayer-Straße 44, Building 64.07a, 81379 Munich, Germany
Microsoft Teams and Microsoft Bookings: Appointment scheduling and job interviews; Service provider: Microsoft Ireland Operations, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland
Talent pool
As part of the application process, we offer applicants the opportunity to be included in our "applicant pool" for a period of five years on the basis of consent within the meaning of Art. 6 para. 1 lit. a and Art. 7 GDPR.
The application documents in the applicant pool will only be processed in the context of future job advertisements and will be destroyed after the period of one year at the latest. Inclusion in the talent pool is voluntary and has no influence on the current application process. This consent is voluntary and can be revoked at any time for the future.
Rights of the data subjects
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.
Right to rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with the legal requirements.
Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.
Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request that it be transferred to another controller.
Complaint to the supervisory authority: You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Version: 29.02.2024