Passer au contenu principal

Traitement des données (personnelles) par l’entité en charge du processus de candidature en ligne

Privacy Information for Applicants 

 

According to Articles 13 and 14 of the General Data Protection Regulation (GDPR) 

 

For the sake of better readability, we refrain from using gender-specific language. All personal references apply equally to all genders. 

 

Dear applicant, 

We are pleased about your interest in our company. In accordance with the provisions of data protection laws, especially the General Data Protection Regulation ("GDPR"), we would like to inform you about the processing of your personal data by e-mobilio, headquartered at Medienbrücke 7th Floor, Gisela-Stein-Str. 21, 81671 Munich (hereinafter also referred to as "e-mobilio," "we," or "us") during the application process and your related rights. 

 

Contents 

  1. Data Controller & Data Protection Officer 

  2. Joint Controllers of the Data Processing 

Controller A 

Controller B 

 

Name:     e-mobilio GmbH 

Address:     Medienbrücke 7th Floor 

                              Gisela-Stein-Str. 21, 

                               81671 Munich 

Email:     info@e-mobilio.de 

Phone:     +49 89 / 25555560 

 

 

Managing Directors: Ralph Missy, Denis Reichel 

Name:     co2.auto GmbH 

Address:                 Medienbrücke 7th Floor 

                  Gisela-Stein-Str. 21, 

                               81671 Munich 

Email:     info@co2.auto 

Phone:     +49 89 / 77997933 

 

 

Managing Directors: Ralph Missy, Denis Reichel 

 

 

Name:     co2.auto GmbH  

                               Branch Austria 

Address:     Simmeringer Hauptstraße 24, 1110 Vienna 

Email:     info@co2-auto.at 

Phone:     +49 89 / 77997933 

 

 

Managing Directors: Ralph Missy, Denis Reichel 

 

 

 

 

1.2    Data Protection Officer 

 

Controller A 

Controller B 

 

You can reach our Data Protection Officer at the following contact details: 

 

Lutz Mönig c/o Pohl Consulting Team GmbH Mengeringhäuser Straße 3 

34454 Bad Arolsen 

Email: datenschutz@e-mobilio.de 

You can reach our Data Protection Officer at the following contact details: 

 

Lutz Mönig c/o Pohl Consulting Team GmbH 

Mengeringhäuser Straße  

34454 Bad Arolsen 

Email: datenschutz@co2.auto  

 

If you believe that the processing of your data violates data protection laws or your data protection rights have been infringed in any way, you can contact our management or the competent supervisory authority: 

 

Bavarian Data Protection Authority (BayLDA)  

P.O. Box 1349  

91504 Ansbach  

Phone: +49 981 180093 0 | Email: poststelle@lda.bayern.de 

 

2.    Purposes and Legal Basis of Processing 

 

We process your personal data in compliance with applicable laws, particularly the GDPR and the German Federal Data Protection Act (BDSG), based on the following legal grounds: 

 

  • For employment decisions: We primarily process your personal data for the establishment of an employment relationship (Art. 6(1)(b), Art. 88 GDPR in conjunction with §26(1) BDSG).  

  • For legitimate interests: We may process your personal data to protect our legitimate interests or those of third parties. This includes, for example, the assertion, exercise, or defense of legal claims during the application process (e.g., in compliance with the General Equal Treatment Act (AGG)) (Art. 6(1)(f) GDPR). 

  • Based on your consent: If you have given consent for specific purposes, such as considering your data for future vacancies, we process your data based on this consent (Art. 6(1)(a), Art. 9(2)(a), Art. 88 GDPR in conjunction with §26(2) BDSG). You may withdraw your consent at any time with future effect (see section 8 of this Privacy Information).  

  • For employment purposes: If an employment relationship is established, we will process your personal data for employment purposes in accordance with Art. 6(1)(b) GDPR, Art. 88 GDPR, and §26(1) BDSG. 

 

  1. Categories of Personal Data 

 

We process only data relevant to your application and the interview process. This may include: 

 

  • Personal details and contact information (e.g., name, address, email, phone number, date and place of birth, gender, marital status, nationality, visa, and work permit if required). 

  • Special categories of personal data (e.g., marital status that may infer your sexual orientation, health information such as disability status, photos revealing ethnic origin, or religion). 

  • Education, qualifications, and employment data (e.g., professional qualifications, training, certificates). 

  • Other application documents (e.g., cover letter, CV, photo). 

  • Additional data provided during the interview. 

 

The provision of personal data during the application process is voluntary, but necessary to make a 

decision about establishing an employment relationship. 

 

4.    Sources of Personal Data 

 

We process personal data you provide through contact, postal mail, email, or our applicant portal at https://e-mobilio.jobs.personio.de/ (provided by Personio GmbH). In certain cases, we also collect personal data from third parties, especially from professional networks like LinkedIn or Xing, or from recruitment agencies. 

 

5.    Recipients or Categories of Recipients of Personal Data 

 

We share your personal data within our company only with departments and individuals who need it to fulfill pre-contractual, contractual, or legal obligations, or to protect our legitimate interests. 

 

Additionally, your data may be shared with our affiliated companies as part of our joint responsibility, as detailed in Appendix 1. 

 

Where applicable, we use service providers to process your personal data (for example, for our applicant management system, IT services, and data centers). Your personal data will only be processed on our behalf and based on data protection agreements. For more information, you are welcome to contact us. 

 

Data transfers to recipients outside of e-mobilio will only occur if permitted or required by legal provisions, necessary for fulfilling legal obligations, or if we have your consent. 

 

6.    Transfers to Third Countries 

 

As a rule, your personal data is processed exclusively within Germany, the European Union, and the European Economic Area (EEA), where the provisions of the GDPR apply. A data transfer to countries, states, or international organizations outside the EEA (“third countries”) generally does not take place. 

 

However, if one of our service providers, or their potential service providers, has their headquarters, parent company, or data centers in a third country, e-mobilio may transfer your personal data to a so-called third country, where the GDPR provisions do not apply. In such cases, data transfers to third countries will only occur if the conditions of Chapter 5 (Art. 44 – 50) of the GDPR and other provisions of the GDPR are implemented and complied with. 

 

This mainly concerns the providers of our cloud applications, our company-wide communication system, and our CRM system. 

 

While we ensure that servers located in Germany and the EU are used for data storage wherever possible, we cannot completely rule out that your data may be transferred to and processed in a third country (e.g., the USA) in this context. 

 

We have signed contracts with all our service providers and have contractually agreed that their contractors must always comply with guarantees in accordance with Chapter 5 (Art. 44 – 50) of the GDPR, ensuring compliance with the European level of data protection. Upon request, we will provide you with a copy of these guarantees. 

 

7.    Duration of Data Storage 

 

We store your personal data for as long as necessary for making a decision about your application. If an employment, training, or internship relationship results from the application process, we will store your data as long as it is required to provide the associated employment relationship. 

 

If we cannot consider you for a position, your personal data or application documents will be deleted no later than six months after the end of the application process (after the rejection decision is announced), unless a longer retention period is required or permitted by law. We are subject to various retention and documentation obligations arising from the Commercial Code and employment law provisions. The retention periods specified there range from five (5) to ten (10) years. Finally, the storage duration is also determined by the statutory limitation periods, which according to §§ 195ff. of the German Civil Code (BGB) are generally three (3) years, but can be up to thirty (30) years in certain cases. Furthermore, we only store your personal data to the extent that it is legally required or necessary in specific cases for asserting, exercising, or defending legal claims during the duration of a legal dispute. 

 

If you have not already given us your consent to store your application in our talent pool in advance, you may receive an invitation to include your data in our talent pool following the application process. This allows us to consider you for future vacancies during our applicant selection process. If we have your consent, we will store your application data for 12 months from the date of your consent and will 

  then delete it accordingly. 

 

8.    Your Rights 

 

You have the right to access your personal data according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right to erasure according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to notification according to Article 19 GDPR, and the right to data portability according to Article 20 GDPR. 

 

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority according to Article 77 GDPR if you believe that the processing of your personal data is not lawful. This right to complain exists without prejudice to any other administrative or judicial remedy. 

 

If the processing of your personal data is based on your consent, you are entitled, according to Article 7 GDPR, to withdraw your consent at any time without giving reasons, with effect for the future. Processing carried out before the withdrawal remains unaffected. Please note that we may be required to retain certain data for a specified period to comply with legal obligations (see Section 7 of this Privacy Policy). 

 

If the processing of your personal data is carried out to protect legitimate interests pursuant to Article 6 (1) sentence 1 lit. f GDPR, you also have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, according to Article 21 GDPR. In such cases, we will cease processing your personal data unless there are compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. 

 

To exercise your rights or if you have any further questions regarding data processing, you can contact us using the details provided in Section 1. 

 

9.    Automated Decision-Making / Profiling 

 

We do not use automated decision-making in the application process and the initiation of an employment relationship according to Article 22 GDPR. Profiling is generally not carried out by us. 

 

Should we use such procedures in individual cases, we will inform you separately about this and your associated rights, provided that this is required by law. 

 

10.    Changes to this Privacy Policy 

 

e-mobilio reserves the right to change this Privacy Policy at any time. 

 

 

Annexes 

Annex 1: Privacy Information on Joint Responsibility under Article 26 (2) GDPR 

Annex 1: Privacy Information on Joint Responsibility under Article 26 (2) GDPR 

 

  1. Preamble 

 

The data controllers collaborate in the area of applications in accordance with Article 26 GDPR in conjunction with Article 4 No. 7 GDPR (collaboration between two or more controllers in the processing of personal data). Since it may be possible or necessary for the jointly responsible parties to access your personal data within the framework of this collaboration, they are jointly responsible for the protection of your personal data in the processes described below. Below, the essential content of the agreement between the controllers to fulfill their obligations under the GDPR is outlined. 

 

2.     Joint Controllers 

 

Controller A 

 

Controller B 

 

Name:     e-mobilio GmbH 

Address:     Medienbrücke 7th Floor 

                              Gisela-Stein-Str. 21 

                              81671 Munich, Germany 

Email:     info@e-mobilio.de 

Phone:     +49 89 / 25555560 

 

Managing Directors: Ralph Missy, Denis Reichel 

Name:     co2.auto GmbH 

Address:     Gisela-Stein-Str. 21, 

                               81671 Munich, Germany 

 

Email:     info@co2.auto 

Phone:     +49 89 / 77997933 

 

 

Managing Directors: Ralph Missy, Denis Reichel 

 

Name:     co2.auto GmbH 

                                Austria Branch 

Address:     Simmeringer Hauptstraße 24 

                               1110 Vienna 

Email:     info@co2-auto.at 

Phone:     +49 89 / 77997933 

 

Managing Directors: Ralph Missy, Denis Reichel 

 

 

 

3.     Purposes and Description of Processing 

 

 

2. Joint Controllers 

 

Controller A 

Name: e-mobilio GmbH 

Address: Medienbrücke 7th Floor 

Gisela-Stein-Str. 21 

81671 Munich, Germany 

Email: info@e-mobilio.de 

Phone: +49 89 / 25555560 

Managing Directors: Ralph Missy, Denis Reichel 

 

Controller B 

Name: co2.auto GmbH 

Address: Gisela-Stein-Str. 21 

81671 Munich, Germany 

Email: info@co2.auto 

Phone: +49 89 / 77997933 

Managing Directors: Ralph Missy, Denis Reichel 

 

Controller B (Austria Branch) 

Name: co2.auto GmbH Austria Branch 

Address: Simmeringer Hauptstraße 24 

1110 Vienna, Austria 

Email: info@co2-auto.at 

Phone: +49 89 / 77997933 

Managing Directors: Ralph Missy, Denis Reichel 

 

3.     Purposes and Description of Processing 

 

The purpose of data processing is to fill vacant positions at all controllers through coordinated applicant management. The applicant data is used to assess suitability and is necessary to decide on an invitation for an interview. 

The applicant data is processed jointly by all parties to maximize synergy. Joint campaigns are conducted, and the results, in the form of acquired applicant data, are accessed collectively. 

Applications are received by mail, email, or via the homepage of the respective controllers, or through a central online application portal. In the case of telephone applications, applicants are asked to use one of the aforementioned methods. In the case of paper applications, Human Resources opens the mail, stamps it, scans it, and enters it into the applicant management tool "Personio." For online applications, confirmation of acknowledgment of the provided privacy policy is obtained during the initial submission process, and information on the transfer of data within affiliated companies is provided. The data is mostly collected automatically or entered into the applicant management system by employees. A SaaS application from Personio GmbH is used as a tool. The data is made available to the respective controller for processing. In the case of a negative decision, the applicant is notified immediately. In the case of a positive outcome, an initial interview is conducted via video conference. Subsequently, the applicant is invited for an in-person interview. If this leads to employment, the application documents are transferred to the personnel file. Electronic applications are also processed through the email inbox. The further procedure is identical to the postal route. Electronic documents are not returned. In both cases, electronic data is deleted after six (6) months, unless the applicant consents to longer storage in the applicant pool. Another method is the use of online platforms where either the company or the applicants present themselves. Management is done through the Personio application, and the process follows the same description as above. In each case, electronic data is deleted after six (6) months unless the applicant consents to longer storage in the applicant pool. 

 

4.     Affected Groups of Individuals 

 

The affected groups of individuals for Controllers A and B are applicants. 

 

5.     Categories of Personal Data 

 

We only process data related to your application and interview. This may include the following personal data or data categories: 

 

  • Personal details and contact information, such as name, address, email address, phone number, date and place of birth, gender, marital status, nationality, visa, and work permit (if necessary), bank details (for reimbursement of travel expenses), internal interview records; 

 

  • Special categories of personal data, such as marital status information that may infer your sexual orientation, health-related information such as disability status, photos that may infer your ethnic origin and, if applicable, your vision and/or religion; 

 

  • Educational, performance, and employment data, such as information about your professional qualifications and educational background, details of vocational training, certificates; 

  • Other application documents, such as cover letters, CVs, photos; 

 

  • Additional data that you provide to us in connection with your application and interview. 

 

 

Providing your personal data in the application process is voluntary. However, we can only make a decision regarding employment if you provide the personal data necessary for the application process. 

 

 

6.     Joint Responsibility and Assignment of Responsibilities in Process Stages 

 

Although joint responsibility exists, each controller is responsible for fulfilling data protection obligations according to their respective areas of responsibility for the process stages outlined below. 

 

 

6.1    Controller A is responsible for processing personal data in the following process stages within the joint responsibility: 

 

  • Data collection: Collection of project-related personal data from the relevant affected groups; information obligations according to Articles 13, 14, and 26 (2) sentence 2 GDPR. 

  • Data storage: Storage of data in the applicant management system or in separate data storage. 

  • Data processing/use: Capturing, processing, and evaluating the above-mentioned data categories in the applicant management system to screen relevant applicants. If necessary, forwarding to the appropriate contacts for application processing. In case of employment, forwarding data to personnel managers. Printing, copying, archiving, deleting, and destroying data and documents in compliance with legal requirements. 

  • Data deletion: According to the deletion concept. 

 

 

6.2    Controller B is responsible for processing personal data in the following process stages within the joint responsibility: 

 

  • Data collection: Collection of project-related personal data from the relevant affected groups; information obligations according to Articles 13, 14, and 26 (2) sentence 2 GDPR. 

  • Data storage: Storage of data in the applicant management system or in separate data storage. 

  • Data processing/use: Capturing, processing, and evaluating the above-mentioned data categories in the applicant management system to screen relevant applicants. If necessary, forwarding to the appropriate contacts for application processing. In case of employment, forwarding data to personnel managers. Printing, copying, archiving, deleting, and destroying data and documents in compliance with legal requirements. 

  • Data deletion: According to the deletion concept. 

 

6.3    Controllers A and B are jointly responsible for the following process stages: 

 

  • Determining the purpose of data processing, determining the affected categories of personal data, ensuring data subject rights according to Articles 15, 16, 17, 18, 19, 20, and 21 GDPR, documentation of technical and organizational measures (TOM) according to Article 32 GDPR, risk assessment and (if necessary) conducting data protection impact assessments (DPIA) according to Article 35 GDPR, consultation with supervisory authorities, evaluation, and monitoring of data processors according to Article 28 GDPR, provision and documentation of processing records (RoPA) according to Article 30 GDPR, evaluation and communication in case of data breaches according to Articles 33, 34 GDPR. 

 

7.     Agreements between Controllers Regarding Their Data Protection Obligations 

 

7.1     Information Obligations according to Articles 13 and 14 GDPR 

 

According to contractual agreements, the controllers will provide the data subjects with the necessary information in accordance with Articles 13 and 14 GDPR in a transparent and easy-to-understand manner. Each controller will provide the other controller with all necessary information from their respective area of responsibility. 

 

7.2     Point of Contact for Exercising Data Subject Rights according to GDPR 

 

The controllers may designate a point of contact for data subjects to exercise their rights according to GDPR. Regardless of this arrangement, data subjects may generally assert their rights under Article 26 (3) GDPR with any of the controllers. The controllers will inform each other immediately of claims asserted by data subjects and provide each other with all necessary information for processing. 

 

7.3    Technical and Organizational Measures 

 

The controllers agree to comply with all legal requirements according to Article 32 GDPR by implementing appropriate technical and organizational measures to ensure an adequate level of protection for the processing of personal data. 

7.4     Further Data Protection Obligations according to GDPR 

 

The controllers commit to supporting each other in complying with the contractual agreements and all applicable data protection laws. This includes the following areas in particular: 

 

  • Measures in the event of data breaches; 

  • Cooperation with relevant data protection authorities; 

  • Creation and maintenance of processing records; 

  • Coordination on the deletion of personal data (legal retention periods, etc.); 

  • Involvement of data processors; 

  • Cooperation with data protection officers; 

  • Ensuring that all persons involved in data processing are bound by confidentiality. 

Traitement des données (personnelles) par l’opérateur du site Internet de recrutement

Informations générales

Ce site de recrutement est administré par Personio SE & Co. KG, qui propose une solution logicielle de gestion des ressources humaines et des candidats (https://www.personio.com/legal-notice/). Data. Les données transmises dans le cadre de votre candidature seront transférées par chiffrement TLS et stockées dans une base de données. Le seul responsable du traitement de ces données au sens de l’article 24 du RGPD est l’entreprise qui procède au traitement des candidatures en ligne. Le rôle de Personio se limite à l’exploitation du logiciel et du présent site Internet de recrutement et, dans ce contexte, au rôle de sous-traitant au sens de l’article 28 du RGPD. Dans ce cas, le traitement par Personio repose sur un accord pour le traitement des commandes entre le responsable du traitement et Personio. En outre, Personio SE & Co. KG traite d’autres données, dont certaines peuvent être des données personnelles, pour fournir ses services, en particulier pour le fonctionnement de ce site de recrutement. Nous y reviendrons plus en détail ci-dessous.

Le responsable du traitement

Le responsable du traitement en vertu de la loi sur la protection des données est :
Personio SE & Co. KG
Seidlstraße 3
80335 Munich
Allemagne Téléphone : +49 (89) 1250 1004
Inscription au registre du commerce
Numéro d’immatriculation au registre du commerce : HRA 115934
Tribunal d’immatriculation : Amtsgericht München
Coordonnées du délégué à la protection des données : privacy@personio.com

Journaux d’accès (« journaux du serveur »)

Chaque accès à ce site de recrutement entraîne automatiquement la collecte de données générales de protocole, appelées journaux du serveur. En règle générale, ces données sont un pseudonyme et ne permettent donc pas de déduire l’identité d’une personne. Sans ces données, il serait, dans certains cas, techniquement impossible de livrer ou d’afficher le contenu du logiciel. En outre, le traitement de ces données est absolument nécessaire sur le plan de la sécurité, en particulier pour le contrôle de l’accès, de la saisie, du transfert et du stockage. De plus, ces informations anonymes peuvent être utilisées à des fins statistiques et pour optimiser les services et la technologie. Par ailleurs, les fichiers journaux peuvent être vérifiés et analysés rétrospectivement en cas de suspicion d’utilisation illicite du logiciel. Cela se fonde sur le paragraphe 25, sous-section 2, phrase 2 de la Loi allemande sur les télécommunications et les télémédias (TTDSG). En règle générale, des données telles que le nom de domaine du site Internet, le navigateur Internet et la version de celui-ci, le système d’exploitation, l’adresse IP, ainsi que l’horodatage de l’accès au logiciel sont recueillies. La portée de ce processus de création de journaux n’excède pas la portée de création de journaux commune à tout autre site Internet. Ces journaux d’accès sont conservés pendant une durée maximale de 7 jours. Il est impossible de s’y opposer.

Journaux d’erreur

Des journaux d’erreurs sont générés dans le but d’identifier et de corriger les dysfonctionnements. Cela est indispensable pour que nous puissions réagir le plus rapidement possible aux éventuels problèmes d’affichage et de mise en œuvre des contenus (intérêt légitime). En règle générale, ces données sont un pseudonyme et ne permettent donc pas de déduire l’identité d’une personne. Cela se fonde sur le paragraphe 25, sous-section 2, phrase 2 de la Loi allemande sur les télécommunications et les télémédias (TTDSG). En cas de message d’erreur, des données générales telles que le nom de domaine du site Internet, le navigateur Internet et la version de celui-ci, le système d’exploitation, l’adresse IP, ainsi que l’horodatage de l’accès au logiciel lors de l’apparition du message et/ou de la spécificité de l’erreur en question sont recueillies. Ces journaux d’erreur sont conservés pendant une durée maximale de 7 jours. Il est impossible de s’y opposer.

Utilisation de cookies

Des cookies sont utilisés sur certaines parties de ce site de recrutement. Il s’agit de petits fichiers texte qui sont stockés sur l’appareil avec lequel vous accédez au site de recrutement. En règle générale, les cookies servent à assurer un accès sécurisé à un site Internet (« absolument nécessaire »), à mettre en œuvre certaines fonctionnalités telles que les paramètres de langue standard (« fonctionnel »), à améliorer l’expérience utilisateur ou la performance du site (« performance »), ou à placer des publicités ciblées (« marketing »). Sur ce site de recrutement, nous n’utilisons généralement que des cookies absolument nécessaires, fonctionnels ou liés aux performances, en particulier pour mettre en œuvre certains paramètres par défaut tels que la langue, pour identifier le canal d’annonces d’emploi ou pour analyser la performance de l’annonce d’emploi par laquelle un utilisateur a accédé à ce site de recrutement. L’utilisation de cookies est indispensable à la fourniture de nos services et donc à l’exécution du contrat (article 6 (1) b) du RGPD). Durée de stockage : jusqu’à 1 mois ou jusqu’à la fin de la session du navigateur Droit de s’opposer : vous pouvez décider via les paramètres de votre navigateur si vous autorisez ou non l’utilisation de cookies. Veuillez noter que la désactivation des cookies peut entraîner une limitation ou un blocage complet des fonctionnalités de ce site de recrutement.

Droits des personnes concernées

Si Personio SE & Co. KG, en tant que responsable du traitement, traite des données à caractère personnel, vous disposez, en tant que personne concernée, de certains droits en vertu du Chapitre III du règlement général sur la protection des données de l’UE (RGPD), en fonction de la base légale et de la finalité du traitement, notamment le droit d’accès (article 15 du RGPD) et le droit de rectification (article 16 du RGPD), d’effacement (article 17 du RGPD), de limitation du traitement (article 18 du RGDP) et de portabilité des données (article 20 du RGPD), ainsi que le droit d’opposition (article 21 du RGPD). Si les données personnelles sont traitées avec votre consentement, vous avez le droit de retirer ce consentement en vertu de l’article 7 III du RGPD. Pour faire valoir vos droits en tant que personne concernée en relation avec les données traitées dans le cadre du fonctionnement de ce site Internet de recrutement, veuillez vous adresser au Délégué à la protection des données de Personio SE & Co. KG (voir point B).

Dispositions finales

Personio se réserve le droit d’adapter à tout moment la présente déclaration de confidentialité des données afin de s’assurer qu’elle est à tout moment conforme aux exigences légales en vigueur ou afin de s’adapter aux modifications des services proposés, par exemple lorsque de nouveaux services sont ajoutés. Dans cette hypothèse, la nouvelle déclaration de confidentialité s’applique à toute visite ultérieure de ce site Internet de recrutement ou à toute candidature ultérieure.