Privacy Policy

Dierks+Company Consulting GmbH and Dierks+Company Rechtsanwaltsgesellschaft mbH ("Dierks+Company", "we") would like to use this Privacy Policy to inform you about how we process personal data in connection with our online presence at www.dierks.company, such as names and e-mail addresses as well as information about your visit on our website.

1. Controller

Controllers for the processing of your personal data within the meaning of article 4 (7) of the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") are

Dierks+Company Consulting GmbH
HELIX HUB, Invalidenstr. 113
10115 Berlin, Germany
Email: consulting@dierks.company
Phone: +49 30 586 930-000
Fax: +49 30 586 930-251

Dierks+Company Rechtsanwaltsgesellschaft mbH
HELIX HUB, Invalidenstr. 113
10115 Berlin, Germany
Email: law@dierks.company
Phone: +49 30 586 930-000
Fax: +49 30 586 930-251

You can find further information about us in the imprint.

As so-called joint controllers according to article 26 GDPR, we are jointly responsible for the processing of your data, unless otherwise stated in this Privacy Policy. To ensure your rights and to comply with the GDPR, we have entered into an agreement that sets out rules on the processing of your personal data. We have jointly agreed on how to ensure your rights and specified in more detail which obligations each party fulfils in order to comply with the obligations of the GDPR. Dierks+Company Consulting GmbH is available as your contact for asserting your rights under section 8 of this Privacy Policy. However, you may contact any participating company.

2. Data Protection Officer

We have appointed an external data protection officer. You can reach him under

Dierks+Company
z. Data Protection Officer
HELIX HUB, Invalidenstr. 113,
10115 Berlin, Germany
Email: datenschutz@dierks.company

3. Data processing when visiting the website

3.1.   Log files

To make our website available and to ensure its functionality, the web server automatically records your visit in so-called server log files when you visit our website. The following data is processed in the process: Browser type and version, the operating system used by the terminal device, the IP address of the requesting computer, access date and time of the server request, the duration of the stay on the website, the amount of data transferred, the location from which the user retrieves data from the website, connection data and sources and from which page the access is made.

Purpose

This data is processed for the purpose of providing our website and for statistical analysis as well as for the purpose of identifying and tracing unauthorised access to the web server and other criminal offences.

Legal basis and legitimate interest

The legal basis of the data processing is article 6 (1) (f) GDPR. Our legitimate interests are to ensure IT security and the operation of our website.

Recipients

The recipients of the data are our hosting service providers.

Storage period

Log file information is stored from the end of your respective website visit for a maximum of 30 days and then deleted.

Objection

The data processing is necessary for the security and operation of the website. You exercise your right to object by no longer accessing our website.

Obligation to provide the data

The provision of the personal data is neither legally nor contractually required. Without the provision, however, the service and the functionality of our website are not guaranteed. In addition, individual services may not be available or may be limited.

3.2. General information about cookies

Cookies are small text files that can be used to identify the user's terminal device. Cookies are stored on your device when you use our website. Cookies can transmit information from our web server or third-party web servers to the user's web browser, where it is stored for later retrieval. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier.

Purpose

We use cookies to ensure the proper functioning of our website and to optimize your website experience.

Legal basis and legitimate interest

The legal basis for data processing is article 6 (1) (f) GDPR. Our legitimate interests consist in the technical provision and guarantee of the operation of our internet presence and IT security as well as in the optimisation of the presentation of our offer and direct marketing measures.

Recipients

In addition to the individual transfers described below, we pass on your data to our IT service and hosting providers for strictly specific purposes - if at all necessary - and only to the extent required.

Storage period

We store the data for as long as it is needed to fulfil the aforementioned purposes, or you delete the cookies.

Withdrawal and objection

Insofar as the data processing is based on your consent pursuant to article 6 (1) (a) GDPR, you have the right to withdraw your consent at any time. You can delete the cookies in your browser.

If the legal basis is article 6 (1) (f) GDPR, you can object to the data processing. You can exercise your right to object by configuring your browser according to your wishes, for example, so that no cookies from third-party providers (so-called third-party cookies) or no cookies at all are stored or a notice always appears before a new cookie is created. Furthermore, cookies that have already been stored can be deleted at any time via the browser.

You can find out how to configure cookies for the most popular browsers by following the links below:

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/13.0/mac/10.15

Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Obligation to provide the data

The provision of your personal data is neither legally nor contractually required. Without the provision, however, the service and the functionality of our website may not be guaranteed. In addition, individual services may not be available or may be limited.

3.3.   Analysis and Tracking

This website does not use additional analytics services such as Google Analytics or similar services, nor does it use tracking tools for marketing or re-marketing purposes.

3.4.   Google reCAPTCHA

In some areas of our website, we use reCAPTCHA by Google Ireland Limited, Gordon House, Barrow Street Dublin 4. Ireland ("Google"). Through this service, Google can determine from which website a request is sent as well as from which IP address you use the so-called reCAPTCHA input box. reCAPTCHA places cookies in your browser during execution and creates a screenshot of your browser window. In addition to your IP address, information about other Google cookies set in your browser within the last six months, information about language settings, the date, installed plug-ins and all JavaScript objects are collected by Google, which are necessary for the offer and guarantee of this service. Due to this data transmission, it cannot be ruled out that cross-device tracking takes place at the same time.

Purpose

We use Google reCAPTCHA to check and prevent interactions on our website by automated access, e.g., by so-called bots. The tool is primarily used to distinguish whether entries are made by natural persons or, if applicable, improperly by machine and automated processing.

Legal basis and legitimate interest

The data processing is based on article 6 (1) (f) GDPR. Our legitimate interest is to maintain the security and stability of our website and to prevent abuse and SPAM.

Recipients / transfer to a third country

The personal data collected in this respect may be transferred to Google, possibly also to the USA. The transmission is secured by a data processing agreement and the conclusion of the EU standard contractual clauses, which in individual cases allow a transfer to so-called third countries outside the EU. Information on data protection at Google can be found here https://policies.google.com/privacy.

Storage period

The data is deleted as soon as it is no longer required for our logging. The storage period of the reCAPTCHA cookie is 180 days.

Objection

You can permanently prevent cookies from being set at any time by making the appropriate settings in your browser, so that Google reCAPTCHA cannot set a cookie either. In addition, cookies already used by Google reCAPTCHA can be deleted at any time via the browser.

Obligation to provide your data

The provision of your data is voluntary. However, the use of certain services on our website may not be possible without the use of reCAPTCHA.

3.5. YouTube

We integrate videos on our website via YouTube, a service of Google Ireland Limited, Gordon House, Barrow Street Dublin 4. Ireland ("Google"). The integration of the respective video takes place via iframe. In doing so, the specific video content from YouTube is displayed in a window embedded in our website. If you call up our website on which such a video is embedded in this way, a connection to YouTube servers is established. The content of the video is displayed by communication from the YouTube server to your browser. We embed these YouTube videos exclusively in the extended privacy mode. Google asserts that it will not initially store any cookies on your device in this context. Nevertheless, the log data including the IP address are transmitted to Google. If you are not logged in to YouTube or another Google service when you visit our website, this information cannot be assigned to you personally by YouTube. By clicking on the video, Google states that it then stores cookies on your device, but these also do not receive any personal data, unless you are logged in to YouTube or another Google service at the same time. If you are logged in at the same time, all this information can be assigned to your YouTube or Google user account.

Purpose

We process your data in order to make the videos available to you and to further optimize our internet presence.

Legal basis

The legal basis for the processing is your consent pursuant to article 6 (1) (a) GDPR.

Recipient

The collected data may be transmitted to Google. Information on data protection at Google can be found at https://policies.google.com/privacy.

Storage period

We store your data until the purposes have been achieved.

Withdrawal

You can prevent the collection of data generated by cookies and related to your use of the website by preventing the setting of cookies via the settings in your browser.

Obligation to provide your data

There is no legal obligation to provide your data. However, if you do not provide us with your data, you will not be able to view the videos embedded via YouTube on our site.

3.6.   Podigee

We use the podcast hosting service Podigee from the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany (“Podigee”). The podcasts are loaded by Podigee or transmitted via Podigee. When you call up our website on which such a podcast is embedded, a connection to Podigee servers is established. Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as call-up figures. This data is anonymised or pseudonymised before being stored in Podigee's database, unless it is necessary for the provision of the podcasts.

Purpose

We process your data in order to make the videos available to you and to further optimize our internet presence.

Legal basis

The legal basis for the processing is article 6 (1) (f) GDPR. The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimisation of our podcast offer.

Recipient

The collected data may be transmitted to Podigee. Information on data protection at Podigee can be found at https://www.podigee.com/de/about/privacy/.

Storage period

We store your data until the purposes have been achieved.

Objection

You can prevent the collection of data generated by cookies and related to your use of the website by preventing the setting of cookies via the settings in your browser.

Obligation to provide your data

There is no legal obligation to provide your data. However, if you do not provide us with your data, you may not be able to access the audio streams embedded via Podigee on our site.

3.7.   Social Media Buttons

3.7.1.       Links

This website uses simple graphics with html links as social media buttons to the social media platforms LinkedIn and Twitter. In contrast to some widespread social media plugins, no data is transmitted to the provider of the social media platforms when accessing our website and without clicking on the social media buttons.

Only when you click on the respective social media button does your browser establish a direct connection with the respective provider of the social media platform. We have no influence on the data requested by the provider of the social media platform on its website. If you are logged in to the respective social media platform when you click on the social media button, the respective provider can assign the visit to this website to your user account. For further information, please refer to the data protection information of the respective provider of the social media platform.

3.7.2.  Share Buttons with Shariff

We also integrate share button plug-ins from the social media platforms LinkedIn and Twitter on our website. With the help of these buttons, you can share references to our posts and articles on LinkedIn and Twitter. We integrate these share buttons using the so called ‚Shariff‘ solution. The integration via Shariff prevents the integrated buttons from transmitting data to the respective social media provider when you first enter our website. With this technical solution, only when you click on the share button, the log data, and the information that you have accessed the corresponding post on our website are transmitted to the respective social media platform. If you are already registered and logged in to the respective social media platform at the moment of the forwarding, you can share the post immediately. If you are not already logged in at this moment, you will first be redirected to the respective registration page of the social media platform. As soon as you are logged in, you can share the post immediately. After activating the plug-in, your browser establishes a direct connection to the servers of the respective provider. The provider receives the information that your browser has accessed the corresponding page, even if you do not have a profile with this provider or are not currently logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the provider and stored there. If you are logged in to the provider, he can directly assign the visit to our website to your profile.

Legal basis

The legal basis for the processing is your consent pursuant to article 6 (1) (a) GDPR, whereby provide the consent by activating the respective share button.

Withdrawal

You can prevent cookies from being set at any time by closing the respective page. You can delete cookies from the cache of your browser or withdraw your consent with the respective provider.

Obligation to provide your data

There is no legal obligation to provide your data. However, if you do not provide your data, you will not be able to share our content directly via the share buttons.

Information on the providers

LinkedIn

We use plugins from the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). We have no influence on the type and scope of the further collection of personal data. Information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

Twitter

We use plugins from the provider Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND ("Twitter"). We have no influence on the type and scope of the further collection of personal data. Information on data protection at Twitter is available at https://twitter.com/de/privacy.

4. Data processing in connection with our content and offers

4.1.   Contact by e-mail, fax, or telephone

You can contact us via our website using the e-mail addresses, fax and telephone numbers provided by us. If you make use of this possibility, your personal data transmitted with the e-mail or by means of fax or in the telephone call will be processed.

Purpose

The processing is conducted for the purpose of dealing with your inquiry.

Legal basis and legitimate interest

If the contact is aimed at concluding a contract or if your contact is about an existing contract with you, article 6 (1) (b) DSGVO is the legal basis for the processing.

The legal basis for the processing of your data in the other cases is article 6 (1) (f) GDPR. The legitimate interest in these cases results from the fact that we can only conduct the action requested by you (e.g., answering enquiries) by processing your data accordingly.

Recipient

In the course of processing your request, your data will be transferred to our IT service providers and to our employees who will process your inquiry.

Storage period

We store your data in principle up to the complete answer of your inquiry.

Obligation to provide your data

There is no legal obligation to provide your data. However, if you do not provide us with your data, it is not possible to contact us.

4.2.   Whitepapers and digital content

On our website, we offer you the opportunity to subscribe to digital content on specific topics, e.g., our whitepapers. To do so, you must provide your name and e-mail address. Further details, e.g., your profession, are optional. You will then receive an e-mail asking you to confirm your e-mail address. Once you have confirmed your e-mail address, you will receive an e-mail with a link that will allow you to download the coveted content.

Purpose

We process your data in order to make the desired content available to you.

Legal basis

The legal basis for the processing is your consent pursuant to article 6 (1) (a) GDPR.

Recipient

As part of the processing of your registration, your data will be forwarded to our IT service providers.

Storage period and withdrawal

We store your data until you withdraw your consent to e-mail advertising, see section 4.3 below.

Obligation to provide your data

There is no legal obligation to provide your data. However, if you do not provide us with your data, we will not be able to provide you with the desired content.

4.3. E-mail advertising

When you request the provision of digital documents, e.g., a whitepaper, you also give your consent to advertising at the same time. We use the so-called double opt-in procedure for this. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm your registration. We will then send you promotional e-mails to introduce you to events or to gauge your satisfaction. We will also send you other information that might interest you.

Purpose

The purpose of processing your data is to send you the information and advertising.

Legal basis

The legal basis for data processing is your consent pursuant to article 6 (1) (a) GDPR.

Recipient

We pass on your data strictly for the intended purpose, if at all necessary, and only to the extent required within the framework of data processing agreements and to our IT service providers.

Storage period and withdrawal

We store your data until you unsubscribe from e-mail advertising.

You can unsubscribe from the e-mail advertising at any time. For this purpose, there is a corresponding opt-out link in every e-mail.

If you do not confirm your registration as part of the double opt-in process, your information will be deleted after one month at the latest.

Obligation to provide your data

There is no legal obligation to provide your data. However, without your consent, we can unfortunately not provide you with our digital contents and advertising.

4.4. Job Applications

4.4.1.       Application form on our website

If you apply for a job with us via the application form on our website, the privacy policy displayed to you at the beginning of the application process will apply.

4.4.2.       Applying via a portal

If you apply for a position with us by other means, e.g., via a portal, the Dierks+Company company to which you apply for the position is responsible for data processing. We process the data that you provide in your application.

Purpose

The personal data you provide will be processed for the purpose of deciding whether to establish an employment relationship.

Legal basis

The legal basis is article 6 (1) (b), 88 (1) GDPR and section 26 (1), (8) Federal Data Protection Act. If you provide more than the required information, the legal basis is your consent pursuant to article 6 (1) (a) GDPR. Insofar as we are legally obliged to process data that we have received as part of the application process, we conduct this data processing on the basis of article 6 (1) (c) GDPR.

Sources and recipients

If you apply to us via a portal, your data will also be processed by the portal and transmitted to us. Depending on which way you choose to apply, the portal may function as a processor under article 28 GDPR or as a joint controller with us under article 26 GDPR. For more information, see section 5.2.

In order to assess your documents, they will be forwarded to the relevant employees of the company to which you are applying. In addition, your data may be forwarded to our group-affiliated company and to our IT service providers as part of a data processing agreement.

Storage period

If your application is successful, we will store your application documents in your personnel file. If the data processing is based on a legal obligation to which we are subject article 6 (1) (c) GDPR), the data will be stored for as long as is necessary to fulfil our legal obligation.

If your application was unsuccessful, your application documents will be stored by us for the duration of the application process and will also be kept for 3 months in order to answer any questions you may have. After this period, the documents will be deleted. Only if you consent, we will store your data until withdrawal in order to be able to contact you in the future regarding interesting job offers within our company.

Obligation to provide your data

The provision of your data is necessary for the application process and for the decision on the establishment of an employment relationship. If you do not provide us with your data, we will unfortunately not be able to consider you in the selection process for filling the advertised position.

5. Data processing in connection with our presence on social media

We maintain publicly accessible profiles on various social media platforms and job portals. Your visit to these profiles may initiate data processing procedures. In the following, we provide you with an overview of which of your personal data is processed by us when you visit our profiles. We would like to point out that you use our profiles and the contents available on them at your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating).

When you visit our profiles, your personal data is processed not only by us but also, where applicable, by the providers of the respective platform. The individual data processing procedures and their scope differ depending on the provider of the respective platform and are not necessarily comprehensible for us. For details about the collection and storage of your personal data as well as the type, scope, and purpose of their use by the provider of the respective platform, please also refer to the data protection information of the respective provider.

5.1. LinkedIn

Dierks+Company operates a profile on the social media platform LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn").

Joint controllership with LinkedIn

Dierks+Company and LinkedIn have concluded an agreement as part of their joint controllership, which you can access here: https://legal.linkedin.com/pages-joint-controller-addendum (so-called "Page Insights Joint Controller Addendum"). The agreement covers those data processing procedures in connection with a visit to or interaction with our LinkedIn profile, but only to the extent that such data is also processed (thereafter) for "Page Insights". "Page Insights" comprise analytics services that help the operator of a LinkedIn profile to better understand interactions with its LinkedIn profile. The purpose of the data processing is to generate aggregate statistics for LinkedIn profile operators. It involves processing data in the context of people visiting or interacting with a LinkedIn profile, but only to the extent that the purpose is to use it for " Page Insights ". LinkedIn provides more detailed information on this at the following link: https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview?lang=en. The "Information on data for Page Insights " (https://legal.linkedin.com/pages-joint-controller-addendum), which can be accessed by data subjects, indicates how and when "insights data" are collected and used to create " Page Insights ":

When you visit our LinkedIn profile, LinkedIn collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as the operator of our LinkedIn profile, with statistical information about the use of the LinkedIn profile. We do not receive any personal data from LinkedIn in this context.

Through the LinkedIn Insight Tag, your data is transmitted to LinkedIn, under certain circumstances also to the USA. The transfer is secured by a data processing agreement and the conclusion of the EU standard contractual clauses, which in individual cases allow a transfer to so-called third countries outside the EU. Further information on data protection at LinkedIn can be found here https://www.linkedin.com/legal/privacy-policy#choices-oblig.

The respective responsibilities, in particular with regard to the protection of data subject rights, between Dierks+Company and LinkedIn can be found in the Page Insights Addendum (https://legal.linkedin.com/pages-joint-controller-addendum).

LinkedIn assumes primary responsibility for complying with the GDPR obligations for the shared processing of "Insights Data". This includes fulfilling your data subject rights. LinkedIn provides more details on how to exercise these rights in its privacy policy under point 4: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

Controllership of Dierks+Company

In addition to the processing mentioned above, we are solely responsible for any further processing by us (for example, if you contact us via LinkedIn and we process your data to respond to your inquiry).

Purpose

This processing of the visitors' data serves the purpose of providing the profile, the statistical evaluation of the use of our profile as well as for the purpose of answering your inquiries or communicating with you and publishing information about Dierks+Company.

Legal basis and legitimate interest

The legal basis of the processing for the purpose of answering inquiries that serve a future conclusion of a contract and are initiated by you is article 6 (1) (b) GDPR and in other cases article 6 (1) (f) GDPR. The legitimate interests regarding the processing of personal data when visiting the site and the creation of the "Insights data" are Communication and interaction with interested parties and customers; dissemination of information; anonymised evaluation and presentation of the use of our LinkedIn profile.

Storage period

After answering your request, the personal data you have provided will be deleted from our systems. If you interact with us publicly, for example by leaving a comment or reacting to a post, this data remains publicly accessible on the site until it is deleted by us or you. Insofar as legal storage obligations require longer storage, your data will only be stored for this purpose and blocked for other purposes.

Objection

LinkedIn users can influence the extent to which their user behaviour may be recorded when visiting our LinkedIn profile under the settings. The processing of information by means of the cookies used by LinkedIn can also be prevented by not allowing cookies from third-party providers or those from LinkedIn in your own browser settings. You have the option to delete comments and reactions on LinkedIn. To exercise your right to object, please contact our data protection officer (section 2) or datenschutz@dierks.company.

Obligation to provide your data

You are not obliged to provide your data. However, visiting, or individual functionalities of our LinkedIn profile may not be possible or only possible to a limited extent without us or LinkedIn processing personal data.

5.1.   Xing

Dierks+Company operates a profile on the social media platform XING of New Work SE, Am Strandkai 1, 20457 Hamburg ("XING").

Data processed by XING

We use the statistical information (the volume of interactions, statistics on age composition and work relationships of visitors to our XING profile) that XING provides in anonymised form via its statistical service. It is not possible for us to draw conclusions about individual users or access individual user profiles. XING provides more detailed information on this under the following link: https://www.xing.com/terms.

Further information on data processing by XING can be found in the data protection information: https://privacy.xing.com/de/datenschutzerklaerung.

Responsibility of Dierks+Company

We may process the following personal data: Your XING username as well as comments on our XING pages and messages you send to us via our XING profile.

Purpose

The processing of visitor data serves to provide the profile, statistical evaluation of the use of our profile and for the purpose of communicating with you and publishing information about Dierks+Company.

Legal basis and legitimate interest

The legal basis for processing for the purpose of answering enquiries that serve a future conclusion of a contract and are initiated by you is article 6 (1) (b) GDPR and in other cases article 6 (1) (f) GDPR. The legitimate interests regarding the processing of personal data are Communication and interaction with interested parties and customers, dissemination of information, anonymised evaluation, and presentation of the use of our XING profile.

Storage period

After answering your request, the personal data you have provided will be deleted from our systems. If you interact with us publicly, for example by leaving a comment or responding to a post, this data remains publicly accessible on the site until it is deleted by us or you. If legal storage obligations require longer storage, your data will only be stored for this purpose and will be blocked for other purposes.

Objection

The processing of information by means of the cookies used by XING can be prevented in the cookie guidelines and by not allowing cookies from third-party providers or those from XING in your own browser settings. You have the option to delete comments and reactions on XING. To exercise your right to object to us, please contact our data protection officer (section 2) or datenschutz@dierks.company.

Obligation to provide your data

You are not obliged to provide your data. However, it may not be possible or only possible to a limited extent to visit or use individual functions of our XING profile without us or XING processing your personal data.

5.2. StepStone

Dierks+Company operates a profile on the StepStone job portal of StepStone Deutschland GmbH, Völklinger Straße 1 in 40219 Düsseldorf ("StepStone").

If you apply via the StepStone application form, according to StepStone's T&Cs (Part B Clause 1.1.3) there is joint controllership between StepStone and Dierks+Company if you are registered with StepStone; the joint controllership agreement set out in Part D of the GTC pursuant to article 26 GDPR shall apply to this. If you are not registered with StepStone, StepStone states that it acts as our processor in accordance with article 28 GDPR (Part B Clause 1.1.3 and Part C of StepStone's T&Cs) (see section 4.4.2).

If you move from StepStone directly to our website and apply via our application form, we are solely responsible for the data processing (see section 4.4.1).

StepStone's T&Cs are available at https://www.stepstone.de/e-recruiting/allgemeine-geschaftsbedinungen.

Joint controllership with StepStone

Under the joint controllership agreement, StepStone is responsible for processing the personal data of users registered on StepStone during the application process for a job advertisement from us.

Dierks+Company is responsible for the processing of personal data of applicants after receipt of applications in the customer centre. The subject of the processing operations is all data provided and submitted by applicants. These data usually include all CV-related data, such as the name, address, telephone number, date of birth and information on educational background and professional experience. In addition, we may process other data as part of our responsibilities. This includes information provided when using the comment or note function or by assigning an application status, as well as, in the case of using the video interview service, a) the recorded applicant videos, or b) the e-mail address and name of applicants used to conduct a live interview.

Controllership of Dierks+Company

In addition to the processing in joint controllership, we are solely responsible for any further processing by us (for example, if we are in contact with you outside of StepStone to conduct the application process).

Purpose

The purpose of the data processing is to enable you to apply for jobs at Dierks+Company via StepStone.

Legal basis and legitimate interest

The legal basis is article 6 (1) (b), 88 (1) GDPR in conjunction with. § 26 (1), (8) Federal Data Protection Act. If you provide more than the required information, the legal basis is your consent pursuant to article 6 (1) (a) GDPR. Insofar as we are legally obliged to process data that we have received as part of the application process, we conduct this data processing on the basis of article 6 (1) (c) GDPR.

Storage period

After processing your application, your personal data provided will be deleted from our systems in accordance with section 4.4. If you interact with us publicly, for example by leaving a comment or giving a rating, this data remains publicly accessible until it is deleted by us or you.

Withdrawal

You have the option to delete comments and reactions on StepStone. To exercise your right to withdrawal, please contact our data protection officer (section 2) or datenschutz@dierks.company. We will then process your request immediately.

Obligation to provide your data

You are not obliged to provide us with your data. The provision of your data is necessary for the application process and for deciding whether to establish an employment relationship. However, you can also choose another way to submit your application, e.g., via our website. If you do not provide us with your data, we will unfortunately not be able to consider you in the selection process for filling the advertised position.

5.3.   Contact via other networks

We also maintain a presence on various platforms and networks. If you are also a member of one of these platforms, we may contact you in order to inform you about interesting job offers. The prerequisite for this is that you have provided corresponding information about yourself in your own profile and have allowed such contact in the settings. In this context, we may process the data you have provided in your profile and possibly your contact information.

Purpose

The processing takes place in order to submit interesting job offers to you.

Legal basis

Depending on the respective platform, the legal basis is your consent pursuant to article 6 (1) (a) GDPR or our legitimate interest pursuant to article 6 (1) (f) GDPR, whereby our interest is to find qualified employees for our companies.

Sources and recipients

Please refer to the data protection information of the respective platform.

In order to assess your qualifications, your data may be forwarded to the relevant employees of the company where the job offer exists. In addition, your data may be passed on to our affiliated company and to our IT service providers as part of data processing agreements.

Storage period

If an application process develops from the contact, we store your data in accordance with section 4.4. If you do not respond to our enquiry or inform us that you do not wish to be contacted by us, we delete your data after one month at the latest.

Withdrawal and objection

You can withdraw your consent or object to data processing by us at any time by configuring your profile settings of the respective platform accordingly. In addition, you can also notify us of your objection or withdrawal by sending an e-mail to datenschutz@dierks.company.

Obligation to provide your data

The provision of your data on the respective platform is necessary so that we can find you and contact you. If you do not provide us with your data, we will not be able to inform you about interesting job offers.

6. Transfer to a so-called third country

Unless otherwise stated in this Privacy Policy, we do not transfer your data outside the European Economic Area.

7. How long we keep your personal data

Unless a shorter storage period results from the other provisions of this Privacy Policy, we will only store your personal data for as long as is necessary to fulfil the respective purposes, and thereafter only to the extent and insofar as we are obliged to do so due to mandatory statutory retention obligations. If we no longer need your data for the purposes described in this Privacy Policy, it will only be stored during the respective statutory retention period and not processed for other purposes.

8. Your Rights

If we process your personal data, you have the following data subject rights:

8.1. Right of access

You have the right to obtain information about your personal data processed by us in accordance with article 15 GDPR. In particular, you can access information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the source of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

8.2. Right to rectification

In accordance with article 16 GDPR, you have the right to demand rectification of inaccurate of your personal data.

8.3.   Right to erasure

You have the right to request the erasure of your personal data stored by us in accordance with article 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise, or defence of legal claims.

8.4. Right to restriction of processing

You have the right to request the restriction of the processing of your personal data in accordance with article 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you oppose the erasure or we no longer require the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with article 21 GDPR.

8.5.   Right to data portability

You have the right, in accordance with article 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller.

8.6. Right to object

If your personal data is processed based on article 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data in accordance with article 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.

You can express your objection by sending an e-mail to datenschutz@dierks.company.

8.7.   Automated individual decision-making including profiling

Where certain decisions on our part are based solely on automated processing - including user profiling - you have the right not to be subject to such a decision which produces legal effects concerning you or similarly significantly affects you. However, this does not apply,

·       if the decision is necessary for the conclusion or performance of a contract between you and us,

·       where the decision is authorised by the European Union or national law to which we are subject, and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or

·       if this form of decision-making is conducted with your express consent.

8.8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or our registered office for this purpose.

8.9. Right to withdrawal of consent

If you have given your consent under data protection law, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the consent until the withdrawal. To notify us of your withdrawal, please contact our Data Protection Officer or datenschutz@dierk.company.

9. Data security

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

10. Links to third party websites

Please note that our website may contain links to content from other providers to which this Privacy Policy does not apply. We have no influence on these websites and not on whether they comply with the applicable data protection regulations.

11. Updating the Privacy Policy

Due to the further development of technical standards but also of our offers or due to changed legal or official requirements, it may become necessary to change this Privacy Policy. We reserve the right to change this Privacy Policy at any time with effect for the future. You can access the latest version on our website at https://www.dierks.company/datenschutz. Please visit the website regularly and inform yourself about the current Privacy Policy.

Last updated: 19.11.2021