Privacy Policy
Privacy Policy
The protection and confidentiality of your personal data are of particular importance to us. To ensure the protection of your personal data, we have implemented technical and organizational measures to comply with data protection regulations. This Privacy Policy informs you about how we collect personal data as part of your application process and for what purpose the data is processed. Your data will be processed in accordance with this Privacy Policy and applicable data protection regulations.
This Privacy Policy applies to the career portal and the applicant tracking system of Deutsche Windtechnik AG.
1. Name and contact details of the controller
The controller pursuant to Article 4(7) of the General Data Protection Regulation (hereinafter: “GDPR”) is:
Deutsche Windtechnik AG
Auf der Muggenburg 2
28217 Bremen
This Privacy Policy also applies to all companies within the corporate group. If you apply to a specific company within the corporate group, that company alone is responsible for processing your application data.
2. Data Protection Officer
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
office@datenschutz-nord.de
3. Data Processing
To efficiently manage the application process, we use an applicant tracking system provided by softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin (contact:datenschutz@softgarden.de ), which operates the applicant tracking system as a data processor within the meaning of Article 4(8) of the GDPR. A contract for data processing pursuant to Article 28 of the GDPR has been concluded with the provider, ensuring compliance with data protection regulations.
We remain your primary point of contact for exercising your rights as a data subject and for handling the application process. You may contact us directly using the contact details of the controller provided above or, where indicated, contact the data protection officer confidentially.
4. Scope of Data Protection
The scope of data protection covers the processing of personal data, in this case within the context of applicant management. According to Article 4(1) of the GDPR, this includes all information relating to an identified or identifiable natural person (hereinafter “data subject”) that is necessary for the conduct of the application process and the initiation of an employment relationship, Article 6(1)(b) of the GDPR.
In addition, when using the applicant management system, data related to such use—so-called usage data—is also collected. Usage data consists of information necessary to operate our websites, such as details regarding the start, end, and scope of use of our website, including login data. This processing complies with data protection and telemedia laws.
As part of the application process and/or the use of the system, processing activities may also take place that are based either on a legitimate interest pursuant to Article 6(1)(f) of the GDPR or on your consent pursuant to Article 6(1)(a) of the GDPR. Processing activities may also be carried out where there is a legal obligation to process data or a public interest, Art. 6(1)(c) and (e) GDPR, such as in the context of criminal prosecution or investigations by government agencies. Through individual settings in your web browser, the configuration of the relevant cookie settings, and your user behavior, you can determine and control the scope of the processing yourself.
5. Collection and Use of Your Data
5.1. Visiting the Website
For operational and maintenance purposes, and in accordance with telemedia law provisions, interactions are recorded (“system logs”) that are necessary for the operation of the website or are processed for system security purposes, such as to analyze attack patterns or unlawful usage behavior (“evidence function”).
When you access the career portal, your internet browser automatically transmits the following data:
· Date and time of access,
· Browser type and version,
· operating system used,
· Amount of data transmitted.
· IP address of the access
This data is not used for direct identification within the context of applicant management and is promptly deleted in accordance with the applicable retention periods, unless longer retention is required for legal or factual reasons, such as for evidentiary purposes. In individual cases, retention for the aforementioned purposes may be considered. The legal basis is Art. 6(1)(f) GDPR as well as the Telemedia Act.
softgarden uses the services of the ISO 27001-certified provider Cloudflare Inc., 101 Townsend St, San Francisco, USA, or its subsidiary Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany (“Cloudflare”), to enhance the security of the platform—in particular to protect against DDoS attacks—and to improve delivery speed. Cloudflare offers a network of servers capable of delivering optimized content to end users and intercepting virus-infected traffic.
The services provided by Cloudflare include the “Data Localisation Suite” product, comprising the “Regional Services” and “Metadata Boundary for Customers” components. Both components ensure that the transfer of personal data when using our platform takes place exclusively within the EU.
“Regional Services” ensure that customer content traffic—in this case, end-user traffic—is securely transmitted to Cloudflare PoPs within the region selected by softgarden and is inspected within a Point of Presence (PoP) in that defined region.
softgarden has selected Germany as the region, so all data traffic is checked exclusively on servers in Germany. Metadata Boundary ensures that Cloudflare does not transfer any customer logs originating from the services used outside the European Union.
The personal data processed by Cloudflare includes all content submitted by customers and applicants; that is, in addition to IP addresses, all files (application documents) and multimedia content such as images, graphics, audio, or video, as well as any interaction between your browser and the softgarden system.
Cloudflare is the recipient of your personal data and acts as a data processor on behalf of softgarden. This corresponds to the legitimate interest within the meaning of Article 6(1)(f) of the GDPR to ensure security, threat prevention, and user-friendliness on the platform.
Your personal data will be stored by Cloudflare for as long as necessary for the purposes described, typically 124 calendar days.
For more information about Cloudflare, please visit: Cloudflare DPA
5.2. Session Cookies
We store so-called “cookies” to offer you a comprehensive range of features and to make using our websites more convenient. “Cookies” are small files that are stored on your computer via your web browser. If you do not wish to use “cookies,” you can prevent them from being stored on your computer by adjusting your web browser settings accordingly. Please note that this may limit the functionality and scope of our website.
On the career page, we use the JSESSIONID cookie as a technically necessary session cookie. This stores a so-called session ID, which allows various requests from your browser to be assigned to the same session. This enables your computer to be recognized when you return to our website. This session cookie is deleted when you log out or close your browser.
Optional cookies, which are based on consent, are only set after confirmation in the cookie banner. You can edit your cookie settings by clicking on the black Cookiebot widget at the bottom left of the browser window. Alternatively, you can deactivate all non-functional cookies there.
5.3. Data Entered by the User
5.3.1. Application Process
As part of the application process, you can set up and manage an account on the career portal after configuring your username and password. In addition to submitting individual applications, you can use other features in the softgarden applicant tracking system and customize your personal settings (e.g., inclusion in a talent pool).
To ensure an efficient and successful application, you can provide the following information as part of your application with us:
Contact information (address, phone number)
Resume details, e.g.
Education
Vocational training
Work experience
Language skills
Social media profiles (e.g., XING, LinkedIn, Facebook)
Documents related to job applications (application photos, cover letters, diplomas, employment references, work samples, etc.)
The legal basis for processing for the purposes of conducting the application process and establishing an employment relationship is Article 6(1)(b) of the GDPR. Furthermore, the controller’s use of the applicant management system is in the legitimate interest pursuant to Article 6(1)(f) of the GDPR. If consent within the meaning of Article 6(1)(a) is required for a specific processing activity, the controller will obtain this from you separately and transparently, unless it is implied from your conclusive and voluntary conduct in accordance with the transparency requirement, such as voluntary participation in a video interview.
5.3.2. Disclosure of Data
Your data will not be disclosed to unauthorized third parties as part of the applicant management process and will be processed for the purposes specified in this privacy policy. Thus, access by internal departments and department heads of the controller is in the legitimate interest of the controller, provided that knowledge of the information from the application process is necessary and permissible for applicant selection or the company’s internal administrative purposes. For this purpose, your information may be forwarded to third parties within the company via email or within the management system. The legal basis may be Article 6(1)(f) and (a) of the GDPR.
Disclosure to third parties also takes place within the scope of data processing on behalf of the controller pursuant to Article 28 of the GDPR, i.e., within the scope of processing activities in which the controller has a legitimate interest in outsourcing processing activities that it would otherwise be entitled to carry out itself. To this end, the controller takes measures to ensure compliance with data protection regulations.
Disclosure to external third parties may also occur for the defense of legal claims based on a legitimate interest or in the context of investigations by or disclosures to government authorities, to the extent that a law requires this or a disclosure obligation exists. The information obligations toward data subjects within the meaning of Articles 13 and 14 of the GDPR are ensured prior to the relevant disclosure, to the extent that these must be fulfilled separately.
5.3.4. Resume Analysis with Textkernel
We process and analyze documents you upload using AI technology to extract resume data and convert it into a structured format (so-called “CV parsing”).
To ensure data subject rights and security standards, a data processing agreement has been concluded with the service provider. The data processor is the ISO 27001-certified provider Textkernel B.V., Nieuwendammerkade 26 A 5, (1022AB) Amsterdam, Netherlands. Data processing takes place on a server in Germany in a secure environment.
The legal basis for the processing is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR, to initiate an employment relationship and to make the application process as efficient as possible. Personal data is not transferred to non-EU countries. After processing, your data is deleted from the temporary storage at Textkernel.
5.3.5. Feedback Module
In connection with your application, we may ask you to provide feedback after an interview and 3 months after your hiring. We will send you an invitation link that directs you to the rating system for submitting feedback. The purpose of the processing is to further develop and optimize our recruiting and application processes as well as our corporate image.
The following data is processed automatically for this purpose:
· Contact details (name, email)
· Job title of the position you applied for
· Location of the position
· Job category
· Applicant ID
The feedback itself is stored anonymously in the database. No personal references are made. In addition to a star rating for individual questions, you have the option to leave comments here. We expressly ask that you do not include any personal data in your comments. The information collected in this way may be displayed on our review page along with your feedback or transmitted to external partners such as kununu.
Participation is entirely voluntary and takes place only with your consent; without it, submitting feedback is not possible. The legal basis is Art. 6(1)(a) GDPR.
5.3.6. Subscription to Job Listings "Job-Abo"
To stay informed about new job openings, you can subscribe to the job newsletter or view suitable positions on our career board (RSS feed). You can refine your subscription by specifying your desired job role and location.
Your email address is also required for the subscription. The legal basis for this is your consent to receive the newsletter pursuant to Art. 6(1)(a) GDPR. You may revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter (opt-out).
No personal data is processed via the RSS feed itself for the purpose of providing information about new job postings.
5.3.7. Referral Manager
The Referral Manager tool allows recruiters and employees to share vacant positions in our company on social media or via email with acquaintances and friends in order to reach out to potential applicants or make direct recommendations.
If you decide to apply for a position that has been suggested directly or indirectly, your personal information will be processed in accordance with a standard application process. Your data will be displayed to authorized users and processed in the applicant tracking system. However, before submitting your application, you will have the option to view your application anonymously in the Referral Manager. The recommender can thus only see that someone has applied based on a recommendation. Otherwise, the recommender can also view the applicant’s name, position, and application photo in the Referral Manager.
The legal basis for processing your data for the purposes of referral and application is Article 6(1)(a) and (f) of the GDPR. The data is processed and deleted in the same manner as in the standard application process.
5.3.8. Salary Statistics Module
softgarden will give you the opportunity at various stages of the application process to provide feedback on your salary expectations and the salaries offered to you.
The information provided in this context is anonymized and processed without any link to your name or contact details. softgarden processes this data in anonymized form for its own purposes (statistics, analysis, studies) and is the controller within the meaning of Article 4(7) of the GDPR.
Processing takes place only with your consent through participation and on a purely voluntary basis. The legal basis is Article 6(1)(a) of the GDPR.
5.3.9. Social Share Buttons
You have the option to share job postings on various social networks. Different buttons are provided for each network. After clicking on one of these buttons, you will be redirected to the respective networks and taken to their login pages. These buttons are not plug-ins and do not transmit any personal data directly to the operators of the social networks.
Currently, job postings can be shared on the following social networks:
· Facebook (https://de-de.facebook.com/privacy/explanation)
· X (https://x.com/de/privacy)
· LinkedIn (https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-join-privacy-policy)
· Xing (https://privacy.xing.com/de/datenschutzerklaerung)
The legal basis is Article 6(1)(f) of the GDPR for the statistical analysis and measurement of the reach of job postings.
You can also find out how the social networks mentioned process your personal data by following the links provided. We have no control over the processing of your personal data by the social networks.
5.3.10. Online Surveys "Easyfeedback"
At the end of the application process, softgarden may display a link inviting you to take a survey. The survey is conducted via a service provided by easyfeedback GmbH to gather feedback on the application experience. softgarden conducts this survey as the controller within the meaning of Art. 4(7) GDPR and processes the collected data in an anonymized form for its own purposes (statistics, analysis, studies) as well as for the further development of softgarden products.
The collection of survey data is secured by default using SSL encryption, and softgarden does not establish any personal references during the evaluation. You may discontinue the survey at any time. The data processed up to the point of discontinuation may be used for the purposes mentioned.
Your participation in the survey is entirely voluntary, and by participating, you give your consent, without which your participation is not possible, Art. 6(1)(a) GDPR. The processing of data for evaluation purposes is carried out anonymously by softgarden.
For more information on easyfeedback’s data protection practices, please refer to the following link: https://easy-feedback.de/privacy/datenschutzerklaerung.
5.3.11. Talent Pool
As part of your application or by clicking the "Get in Touch" button, you have the option to apply for our talent pool. Processing is necessary to automatically consider you for future job postings, including similar or otherwise suitable positions.
If you register for the talent pool via the "Get in touch" button, the following information will be requested:
· Title, academic title (optional)
· First name, last name, email address
· Job fields of interest
· Current career level
· Preferred location(s)
· XING profile or resume
Inclusion in the talent pool is entirely voluntary and requires your consent, as well as the use of an opt-in link. The legal basis is Article 6(1)(a) of the GDPR.
6. Deletion and Use of Data
Your data will be stored for the duration of the application process and in accordance with the legitimate retention periods following the conclusion of the application process. In the event of a rejection, the data will be deleted or anonymized after six months. Following successful hiring, the data will be retained for an additional six months. The processing of anonymized data records is not subject to the substantive scope of the data protection regulations, meaning that anonymized data may be processed for statistical and analytical purposes, for the preparation of market studies, or for product development.
7. Your Rights as a Data Subject
7.1. Rights of data subjects
Data subjects are entitled at any time to find out whether their personal data has been stored and may exercise their rights, including the right to access stored data (right of access), verify its accuracy (right to rectification), request its supplementation and updating, request its erasure (right to be forgotten), request the restriction of processing (right to restriction), and transfer or have the data transferred in a commonly used, machine-readable format (data portability). These rights apply unless there are compelling and/or legitimate grounds on the part of the controller that prevent this. Please contact datenschutz@deutsche-windtechnik.com or write to the address provided above.
In cases where we process data based on your consent (Art. 6(1)(a) GDPR), you have the right at any time to withdraw your consent without providing reasons and with effect for the future. The corresponding data processing will then no longer take place in the future, but this does not affect the lawfulness of the processing carried out up to the time of withdrawal. In addition, you have the right to object to processing, for example if the data is or has been processed incorrectly, or if other reasons in the data subject’s interest preclude (further) processing. Data subjects also have the right to lodge a complaint with the supervisory authority responsible for data processing.
Please note that in the event of an objection and/or withdrawal, certain services/processing activities will not be performed or cannot be utilized to the extent that processing is necessary for these purposes.
7.2. Automated Decision-Making
Automated decision-making does not take place. Should this be or become necessary, we will obtain transparent consent in advance of the processing where appropriate.
8. Changes to this Privacy Policy
We reserve the right to amend or supplement this Privacy Policy at any time in light of the continually changing legal, technical, and organizational requirements for the processing of personal data. This also applies to any translation errors and differences regarding national data protection requirements.