Please find below the most important information about typical data processing sorted by groups of data subjects. For data processing activities, which relate only to specific groups, the obligation to provide information are met separately.
1. Website Visitors
1.1 Server log data
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.1.2
1.2 Web analysis
1.3 The purpose of the data processing is the online presentation of HR Executive Search and our services as well as the interaction with communication partners. The purpose of the analysis of user behavior on the website is the needs-oriented design of the website. No change in this purpose is planned.
1.4 The legal basis for the processing while using the website is Article 6(1)(f) GDPR (legitimate interest, specifically operation of a website and user interaction). The legal basis for the analysis of user behavior is Article 6(1)(f) GDPR (legitimate interest, specifically the needs-oriented design of the website).
1.5 Log and communications data are not passed on to third parties except under special circumstances. In the event of the suspicion of a crime or in investigative proceedings, data may be transmitted to the police and the public prosecutor’s office. We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.
1.6 IP addresses are anonymized at the latest after 24 hours. Pseudonymous usage data are deleted in each case after three months. Communication content is deleted after six calendar years.
1.7 Use of the website without disclosure of personal data such as the IP address is not possible. Communication via the website without providing data is not possible. Use of the website is possible if the user has objected to pseudonymous usage analysis.
2. Potential Candidates
2.1 HR Executive Search collects and processes name, title, position, employer and business contact data (business card data) from potential candidates.
2.2 We collect data from the following publicly accessible sources: Public business websites, services such as LinkedIn, Xing or other business press or publications.
2.3 Your data are processed for the purpose of providing executive search services to potential employers.
2.4 The legal basis for the processing activity is our legitimate interest to provide such services (Article 6 (1) point (f) GDPR).
2.5 No retention period has been defined for your data. It is deleted upon your request.
2.6 A transfer to recipients outside the EU and the European Economic Area is not planned without the consent of the data subjects concerned.
3.1 If you authorize HR Executive Search to list you as a candidate for job offerings we may process personal data like name, business and private contact data, résumé (including place of birth and nationality), qualifications, skills, testimonials, certifications, records of interviews and assessments, personal interests, hobbies, marital status and background check information (like identity verification, education and employment history, criminal, civil and regulatory judgements, financial and credit checks) or any other details you choose to share with us.
3.2 Your data may be collected from you, from publicly accessible sources like websites (e.g. Company or private websites, LinkedIn) and third parties that you or your testimonials have named as potential references.
3.3 Your data are processed for the purpose of providing you with employment opportunities and job or career related information as well as providing executive search services to potential employers.
3.4 The legal basis for our processing activity is your consent (Article 6 (1) point (a) GDPR) and – as far as only your business card details or data collected from publicly available sources are processed – for our legitimate interest to provide such services (Article 6 (1) point (f) GDPR).
3.5 The data retention period is seven calendar years from the last completion of the client engagement or documented contact with you, whichever is later.
3.6 A transfer to recipients outside the EU and the European Economic Area is not planned without the consent of the data subjects concerned.
3.7 You are not obliged to provide personal data. Without your personal data we will not be able to provide you with employment opportunities.
4. Service Providers, Business Partners and their Employees
4.1 We process your data for the purpose of preparation and performance of the contractual relationship and for the fulfilment of legal requirements. No change in these purposes is planned.
4.2 The legal bases for processing are in case of contracts with natural persons Article 6(1)(b) GDPR (contract), in case of contracts with legal entities Article 6(1)(f) GDPR (legitimate interest, specifically communication with contact persons relevant to the contract), as well as always Article 6(1)(c) GDPR (legal obligations, in particular commercial and tax provisions). When checking, asserting or rejecting claims, the legal basis is Article 6(1)(f) GDPR (legitimate interest, specifically asserting or defending claims).
4.3 Recipients of data may include banks for the processing of payments. Public authorities and offices may receive data within the scope of their duties, insofar as we are obligated or entitled to transmit data. Moreover in specific cases data may be transmitted to collection service providers, legal advisors and courts. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.
4.4 All contractual data and data relevant for accounting are stored for 10 calendar years in accordance with the storage periods under tax and commercial law. Inquiries and communication data are automatically deleted after 10 years.
4.5 Processing of the contact data from service providers and business partners is necessary in order to perform the contract or order. If the data are not provided, the contract cannot be established or carried out. The provision of data is required for prospective service providers, business partners and their employees. The communication is not possible without the data.
5. Business Contacts and Communication Partners
5.1 We process the data from prospective business contacts and communication partners for the purpose of communication with the data subjects.
5.2 The legal basis for processing data from prospective business contacts and communication partners is Article 6(1)(f) GDPR (legitimate interest, specifically communication with prospective business contacts and communication partners).
5.3 We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.
5.4 Inquiries and communication data are automatically deleted after 10 years.
5.5 The provision of data is required for prospective business partners and communication partners. The communication is not possible without the data.
6. Your rights
Provided the GDPR applies to our processing of your data, in particular if you are in the European Union, you have the following rights:
6.1 You may withdraw your consent at any time, if your data is processed based on your consent. The withdrawal of consent does not affect the lawfulness of processing before the withdrawal of consent.
6.2 You may at any time object to the further processing of your data if your data is processed based on our legitimate interest.
6.3 You may at any time request access to your personal data processed by the Controllers.
6.4 If the processing is based on your consent you have the right to data portability.
6.5 You may request rectification of your personal data at any time.
6.6 You may request erasure of your personal data at any time provided that no right or legal obligation of the Controllers requires further processing of your personal data.
6.7 You may request restriction of processing for your data at any time.
6.8 You may at any time lodge a complaint with a supervisory authority.