Data protection information
Below you will find a detailed overview of what data we collect about you and what we do with it when you apply to us. We will also inform you about your data protection rights and show you who you can contact with questions about the protection of your data.
Who we are
The data controller is the company issuing the invitation to tender:
AMEVIDA SE
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Management Board: Dr. Matthias Eickhoff
AMEVIDA Freiburg GmbH
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Managing Director: Dr. Matthias Eickhoff
Postal address:
AMEVIDA Freiburg GmbH
Waldkircher Str. 28
79106 Freiburg im Breisgau
Tel.: 0761-5599-0
E-mail: info@amevida-freiburg.de
AMEVIDA Touristik GmbH
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Managing Director: Dr. Matthias Eickhoff
AMEVIDA Finance GmbH
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Managing Director: Dr. Matthias Eickhoff
If you have any questions about this data protection information, the processing of your data, your rights or other concerns in the area of data protection, our data protection officer will be happy to help you.
AMEVIDA SE
The Data Protection Officer
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
E-mail: datenschutz@amevida.de
Your application
In the following section, we would like to inform you about the personal data processed as part of your application, the purpose, the legal basis and the deletion periods.
Personal data within the meaning of Art. 4 No. 1 EC 26 GDPR is data that includes all information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
In short: personal data is all data that identifies you or makes you identifiable and therefore allows conclusions to be drawn about your factual or personal information.
The term "processing" is defined in Art. 4 No. 2 GDPR:
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. data, purposes and legal bases
I. Establishment of the employment relationship
We process the data that you provide to us as part of your application. This regularly includes data that we are obliged to collect (data that must be provided) and data that you provide to us voluntarily (voluntarily provided data). Voluntarily provided data is all data that you provide to us without our request.
Within the framework of the statutory provisions (e.g. § 99 BetrVG), we involve works councils and representatives of severely disabled employees in the decision to establish an employment relationship.
1) Data that must be provided on a mandatory basis
- Salutation
- Existing title (Dr.)
- First and last name
- Contact details (e.g. street, postal code, city, telephone or cell phone number, e-mail address)
- Information on the age of majority
- Details of the training completed
- Professional and personal qualifications incl. Professional experience and training
- Development wish
- Competencies
- Correspondence language
- Citizenship of EU states / EEA states / Switzerland or other foreign countries
- Valid residence permit / work permit
- Employment status
- Availability and expected start date
- Working time model: part-time or full-time
- Details of previous employment
- Details of previous convictions or ongoing investigations relevant to the position
Purpose and legal basis
We use your applicant data for the purpose of processing the application procedure (including safeguarding and defending our legal position). The processing is carried out to establish the employment relationship (Section 26 (1) BDSG).
2) Data that we collect about you from third parties
If you provide links to profiles on social networks in your application, we may look at these as part of the selection process; we use the following data in the process:
- Parts of the profile
- Previous employers / Curriculum vitae
Purpose and legal basis
We use your applicant data for the purpose of processing the application procedure (including safeguarding and defending our legal position). The processing is carried out to establish the employment relationship (Section 26 (1) BDSG).
3) Data provided voluntarily
You decide which data you voluntarily provide us with in your cover letter, CV or other documents. The following information is often provided:
- Marital status
- Gender
- Number of children
- Your photo
- Recommendation (name and contact details of the recommender)
- Date of birth
- Religious affiliation
- Health restrictions that may affect the activity
Purpose and legal basis
Since we are not allowed to change the documents you send us due to legal regulations, we process the documents sent to us unchanged (Art. 6 para. 1 lit. c) GDPR).
4) Applicant survey
To enable us to determine more quickly whether our company and an advertised position suit you, we ask you a few questions on our website. These questions concern the following information:
- Name
- E-mail address
- Phone number
- Preferred location
- Possible start date
- Professional experience / previous jobs
- Language skills
- Study program
- School education / degree
- Professional goals
- Opinions / prejudices regarding call center jobs
After you have submitted your answers to these questions, they will be added to your application documents.
Purpose and legal basis
We use your applicant data for the purpose of processing the application procedure (including safeguarding and defending our legal position). The processing is carried out to establish the employment relationship (Section 26 (1) BDSG).
II Data for the purpose of controlling
We process the following data for our controlling, which you can provide to us voluntarily:
- How did you hear about us?
Purpose and legal basis
This is done on the legal basis of our legitimate interest in improving the reach of our job advertisements (Art. 6 para. 1 lit. f) GDPR).
III Obtaining references
If you inform us of your previous employers, we may contact them and ask for their recommendation or assessment of you, provided you have given us your consent to do so (Art. 6 (1) (a) GDPR).
IV. Candidate pool
It may happen that we are unable to offer you a suitable position despite your interesting profile. In order to be able to contact you again in the event of a suitable position in the future, we will store your application incl. all the data and documents you have provided for a period of 24 months in our candidate pool, provided you give us your consent (Art. 6 para. 1 lit. a) GDPR).
V. Other data
Furthermore, the electronic and written communication between you and our company will be stored. We also store comments made about you during the application process, as well as results from tests (e.g. training check) and work samples. We also use an interview guide and record your answers in your personnel file in the event of subsequent employment.
We process this information for the purpose of handling the application process (including safeguarding and defending our legal position). The processing is carried out to establish the employment relationship (Section 26 (1) BDSG). In addition, we evaluate what we can improve in the course of the job interview. This is done on the legal basis of our legitimate interest in optimizing our processes (Art. 6 para. 1 lit. f) GDPR).
VI Recruitment agencies and other data sources
We may commission recruitment agencies for the acquisition of specialist and management personnel. It depends on the individual case which of the above-mentioned data we collect directly from you or are collected by the recruitment agency and passed on to us. In addition, the employment agency provides us with candidate profiles with contact details for further placement in accordance with § 38 para. 2 SGB III.
Our vacancies are advertised on various job exchanges and professional networks (e.g. StepStone, Indeed, Xing, Monster.de etc.). If you apply to us directly via these sites, we will receive your application and profile data from there.
We advertise vacancies on Facebook. If you express your interest and give us your consent (Art. 6 para. 1 lit. a) GDPR), we will contact you for an initial interview to decide whether to submit an application. We are jointly responsible for the processing of your data with Facebook Ireland Ltd (hereinafter "Facebook") within the meaning of Art. 26 GDPR. We are solely responsible for processing the contact data received for the initial interview. You can assert your rights mentioned at the end of this information both with us and with Facebook. For information on the processing of personal data by Facebook, please refer to Facebook's data protection information.
VII Video conferencing
For parts of the application process (e.g. trainee test, interview) that are carried out during a video conference, we also process the following data:
- Audio and video transmission
- User name
- Chat entries
- Input data (text, freehand input, voice commands)
- Position data
- Device and usage data; time and date of communication
The processing is carried out to establish the employment relationship (Section 26 (1) BDSG).
VIII Other processing purposes
In addition to the purposes described above, the above-mentioned personal data is processed for the following purposes to protect our legitimate interests in the context of balancing of interests (Art. 6 para. 1 lit. f) GDPR). The interests are listed below:
- Should a security incident occur in our company in which your data is affected, we are obliged to report the case to the data protection supervisory authority responsible for us (Art. 33 GDPR). As it is in our legitimate interest to comply with this statutory reporting obligation as quickly as possible, it is possible that your personal data may be processed as part of the investigation of the relevant security incident. The reports of these security incidents to data protection supervisory authorities do not contain any of your personal data.
- As it is in our interest to ensure the security of our systems, we regularly carry out security and effectiveness tests in the course of which your above-mentioned data may be processed.
- As it is in our interest to resolve legal disputes, we process your data for a specific purpose in such a case. It is also in our interest to retain evidence in the event of legal disputes until all relevant statutory limitation periods pursuant to Sections 195 et seq. BGB have expired. For this purpose, we retain the relevant data about you in accordance with these limitation periods. The deletion periods cannot be predicted as a general rule, as they depend on the respective subject matter of the dispute and the corresponding statutory limitation period, which can be up to 30 years. The regular limitation period is 3 years.
- In addition, it is in our interest to investigate suspicious cases and to pass on relevant information to law enforcement authorities in the event of concrete criminal suspicion.
- We carry out audits, internal audits and other control measures (e.g. monitoring by the data protection officer), as it is in our legitimate interest to comply with legal regulations, to create transparency about our business processes, to constantly optimize these processes and to prevent and identify actions that are detrimental to our business. This may involve processing documents or files that contain your personal data.
- Errors can happen to anyone and occur in any operational process. In order to optimize these processes and reduce our error rate, we process the data available in our company to identify sources of error. This processing is carried out to protect our legitimate interest in improving our processes.
- We process your data to test IT systems and software products and to carry out migrations. The processing is carried out to fulfill our legitimate interest in checking the correctness of new products or the correctness and completeness of migrations.
2. deletion periods (or storage period)
If we accept your application, we will inform you about the deletion periods as part of our employee information.
If your application is rejected, your personal data will be regularly stored for a maximum period of 6 months.
If you have agreed to be included in our company's candidate pool so that the data you have submitted can also be considered when filling other vacancies, your data will be regularly stored in the candidate pool for 24 months and then deleted.
The content of a video conference transmission, i.e. audio and video data with your image, your voice or your chat contributions, will not be stored beyond the end of the transmission process. Otherwise, we process your data for as long as it is required to fulfill the purposes stated in each case.
In the event that your personal data is required for the assertion, defense and exercise of legal claims, your data will be deleted at the earliest after completion of the process.
Which bodies receive your data?
The following list gives you a complete overview of the cases in which data is passed on to data recipients. You will find an indication of the specific data involved in the relevant sections of this data protection information.
In order to carry out the application process, we use selected vicarious agents and service providers (processors in accordance with Art. 28 GDPR) who may be granted access to your data to the extent necessary. Processors are subject to numerous contractual obligations and, in particular, may only process your personal data on the instructions of AMEVIDA SE and exclusively for the fulfillment of the orders received from us. In addition, there are entities that receive some of your data from us because we are legally obliged to do so.
- Employment Agency
- Auditors
- Educational institutions, IHK (e.g. for company-based training)
- Data Protection Officer
- Service provider for the destruction of files and data carriers
- E-mail provider of the recipient
- Courts, lawyers, opposing lawyers, law enforcement authorities (in the event of criminal suspicion or legal disputes)
- IT service provider
- Recruiters (only receive information on whether a recruitment has taken place)
- Telecommunications service provider
- Shipping service provider
Transfer of your data to a third country outside the EU
Our IT service providers in the EU have affiliated companies or subcontractors outside the EU who can access your data. The EU Commission determines which non-EU/EEA countries (third countries) have an adequate level of data protection. Our service provider is responsible for the use of EU standard contractual clauses in accordance with Commission Decision No. (EU) 2021/914. A sample of these EU standard contractual clauses can be found on the website of the EU Commissioner for Justice and in the Official Journal of the EU.
Your rights
You have the legal right to:
- Information about the personal data stored about you (Art. 15 GDPR)
- Correction and completion of your data available to us (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to the processing of your data to protect our legitimate interests or the legitimate interests of third parties (Art. 21 GDPR) - you have the right to object to such processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions within the meaning of Art. 4 para. 4 GDPR.
To exercise these rights, you can contact us using the contact details provided above.
You also have the statutory right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).