Privacy Policy

Guidance on the processing of your data

  1. Definitions of terms

This data protection statement is based on terms that have been used by the entities that issued the European directives and ordinances under the General Data Protection Regulation (EU) 2016/679 (General Data Protection Regulation: “GDPR”). In order to ensure that the data protection statement can be easy to read and understand, both for the public and for our customers and business partners, we provide below an explanation of the most important terms:

  1. (a) Personal data
    Personal data is any information about an identified or identifiable natural person (hereinafter “data subject”). An identifiable person is a natural person who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more features of his or her physical, physiological, genetic, mental, economic, cultural or social identity.

However, the provisions of the GDPR do not apply to the processing of personal data of legal entities and in particular companies founded as a legal entity, including the legal entity’s name, legal form or contact information.

  1. (b) Interested
    A data subject is any identified or identifiable natural person whose personal data are processed by the data controller.
  2. (c) Treatment
    Processing is any operation or set of operations, whether or not involving automated processes, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.
  3. (d) Limitation of treatment
    Restriction of processing is the marking of personal data stored with the aim of limiting their processing in the future.
  4. (e) Profiling
    Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects of that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  5. (f) Pseudonymization
    Pseudonymization is the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures designed to ensure that such personal data are not attributed to an identified or identifiable natural person.
  6. (g) Owner or data controller.
    The controller or data processor is the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to his or her designation may be established by Union or Member State law. Should the purposes and means of such processing be dictated by Community law or by the law of the member states, the person responsible or the certain criteria underlying his or her appointment may be provided for by Community law or by the law of the member states.
  7. (h) Data controller
    The controller is a natural or legal person, public authority, department or other body that processes personal data on behalf of the data controller.
  8. (i) Recipient
    The recipient is a natural or legal person, public authority, service or other body receiving communication of personal data, whether or not it is a third party. However, public authorities that may receive communication of personal data as part of a specific investigation in accordance with Union or Member State law are not considered recipients.
  9. (j) Third
    The third party is a natural or legal person, public authority, department or other body other than the data subject, the data controller, the data processor and persons authorized to process personal data under the direct authority of the data controller or processor.
  10. (k) Consent
    Consent is any manifestation of the free, specific, informed and unambiguous will of the data subject, by which the data subject indicates his or her assent, by means of an unambiguous affirmative statement or action, that personal data concerning him or her be processed.
  11. Data protection officer and person in charge of data protection

The person responsible for compliance with data protection while visiting the website www.segretaria365.net and the services offered therein is the

Netcall Ltds
Via delle Melazze 3
00034 Colleferro (RM),
E-Mail: dataprivacy@segretaria365.net

III. Principles of data protection

Our services are based on the trust you place in us. We want to and will justify that trust by taking the processing of your data very seriously.

Our processes are based on the principles set forth in Art. 5 paragraph 1 GDPR regarding lawfulness, fair processing and transparency. They are subject to strict purpose binding, the principles of data minimization and fairness, which can be achieved by limiting storage and establishing data integrity and confidentiality.

Only the data of the data subject necessary in the relevant situation (e.g. as a visitor to the website, interested in our services, contractual partner, see Section III. below) are processed, and such data will be stored only as long as they are necessary for the achievement of the relevant purpose, or as long as there is a legal obligation requiring their storage.

Where the processing of data is not necessary for the satisfaction of a contract with the data subject (Art. 6 paragraph 1 letter (b) GDPR) or for the assertion of justified interests of secretary365 or a third party, and where the interests or fundamental rights or freedoms of the data subject requiring the protection of personal data are not overridden by them (Art. 6 para. 1 (f) GDPR), data processing will take place only if the data subject has given his or her explicit consent for this purpose (Art. 6 para. 1 (a) GDPR).

Should we engage third parties for the provision of our services, this remains limited to such providers who provide sufficient guarantees that the processing is carried out in assonance with the requirements of the GDPR and ensures that the rights of data subjects are protected. This is guaranteed by relevant agreements (Art. 28 paragraph 3 GDPR ).

It is an integral part of our services to handle telephone calls, postal dispatches etc. of third parties for our clients through order fulfillment. In this context we regularly process personal data that third parties send to our customers (phone numbers, contact information, contents of phone calls or mailings, etc.). In this case, our clients remain responsible for the processing of personal data in accordance with the provisions on data protection (Art. 24 ff. GDPR). It is then up to them to take care to treat the data in a compliant manner, e.g., by deleting from the input box of their customer portal or smartphone app messages related to calls, scans of mailings no longer needed, or other types of personal data.

In this context, we recognize our responsibility as a data controller (Art. 28 GDPR) mainly in relation to processing data in compliance with the legal provisions and also to provide our principal with adequate technical and organizational means so that it, in turn, can fulfill its obligations related to data protection law, for example through support for the fulfillment of information obligations on stored data vis-à-vis data subjects as well as through the opportunity for simple and final deletion of these data, unless they cannot or must remain stored for other reasons.

  1. Acquisition and processing of data
  2. Web site visitors
  3. (a) General data acquisition

All accesses to our Web site and all views of files deposited on the Web site are logged. Storage is for internal system and statistical purposes. They are recorded:

– The types and versions of browsers used,
– The operating system employed,
– The Internet site from which an access system is passed to our Internet site (so-called referrer),
– Web sub-sites reachable by an access system through our website,
– The date and time of a Web site access,
– An Internet protocol address (IP address),
– the internet service provider of the access system and
– other data and other similar information that serve to avoid risks in the event of attacks on our information technology systems.

Through the protocols drawn up on such data, the data subject cannot be traced. Thus, this is not personal data within the meaning of I. a), and its storage does not require any legal basis under the GDPR (regarding IP address, see next paragraph). The data are necessary only for the purpose of correctly providing the contents of our website, optimizing the contents of our website as well as advertising on it, ensuring the continuous functionality of our information technology systems and the technology of our website, as well as possibly making the necessary information available to the prosecution authorities in the event of a cyber attack. Anonymous data from server log files are stored separately from any personal data provided by a data subject.

Because the IP address of the connecting computer-regardless of whether it is an address provided by one’s provider in a fixed (“static”) manner or one that varies with each new connection (“dynamic”-is now generally considered personal data, we protocol it for the sake of welfare and for the purpose of analyzing abuses to date as well as for the purpose of preventing future abuses, but we do so for a maximum duration of 14 days in its unabridged form, and thereafter at most in a form lacking the last eight digits, by which it is no longer possible to trace the identity of the computer that has connected with us. The legal basis for full storage for reduced times is Art. 6 paragraph 1 (f) GDPR.

  1. (b) Cookies
    Our website employs “cookies” (small text files with configuration information) which are stored on your computer and make it possible to analyze your use of the website. Such cookies contain a so-called cookie-ID. A cookie-ID is a clear marking of the cookie. It consists of a series of characters through which websites and servers can be associated with a concrete Internet browser in which the cookie has been stored. This allows the visited websites and servers to distinguish the individual internet browser of the data subject from other internet browsers that contain other cookies. A given Internet browser can be recognized and identified through the unique cookie-ID.

Through the use of cookies, we can make more user-friendly services available to users of this website, which would not be possible without the use of cookies.

Through a cookie, the information and proposals on our website can be optimized for the benefit of the user. Cookies allow us, as mentioned above, to recognize users of our website. The purpose of recognition is to make it easier for users to use our website. The user of a website that employs cookies is not required, for example, to re-enter his or her login information on each visit to the website, since this function is performed by the website itself and the cookie deposited on the user’s computer system.

The data subject may at any time prevent our website from setting cookies by means of the relevant settings of the Internet browser used, and thus continuously object to the setting of such cookies. In addition, cookies already set can be deleted at any time using an Internet browser or other software programs. This is possible in all commonly used browsers. Should the data subject disable cookie setting in the internet browser used, it is possible that not all functions of our website will be fully usable.

The legal basis for the use of cookies is Art. 6 paragraph 1 (f) GDPR.

  1. (c) Google Analytics
    Our website uses Google Analytics, a web analytics service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA (“Google”). Segretaria365 SRL has signed a relevant contract for the processing of orders (Art. 28 para. 3 GDPR) with Google Inc. (see http://www.google.com/analytics/terms/de.pdf).

    Google Analytics also uses cookies. Information about your use of this website generated through the cookie is usually sent to a Google server in the USA and stored there. Google uses this information to evaluate your use of the website on our behalf, to make statements about website activity, and to provide us with other services related to internet use. Our mobile applications (“apps”) also use Google Analytics.

In both cases, IP anonymization by Google Analytics is enabled. This means that your IP address is previously shortened by Google within the member states of the European Union or in other states that have signed the European Economic Area agreement. Google ensures that the IP address sent as part of Google Analytics by your browser will not be associated with other Google data.

It is possible to prevent cookies from being stored on your PC by a corresponding setting in your browser software; however, we warn that in this case it is possible that not all functions of this website can be fully exploited. You can also prevent Google from capturing and processing this cookie-generated data about your website usage (including your IP address) by downloading and installing the browser plug-in available at this link http://tools.google.com/dlpage/gaoptout?hl=it. You can also disable Google Analytics in our mobile applications.

You can find more information about data protection in conjunction with Google Analytics in the appropriate Google Analytics guide (https://support.google.com/analytics/answer/6004245?hl=it ).

The legal basis for the use of cookies necessary for this purpose is Art. 6 paragraph 1 (f) GDPR. Since by submitting the acquired data – in anonymized form, as previously described – to Google, no personal data are forwarded, no additional legal basis for data protection is required in this area.

  1. d) Google AdWords
    The website uses Google AdWords, also made available by Google (see c. above). If you should have come to our website through a Google ad, a cookie will be deposited on your computer. These so-called “conversion-cookies” lose their validity after 30 days and do not serve for your personal identification. If you should visit certain pages on our website and the cookie has not yet expired, we and Google may recognize that you, as a user, have clicked on one of our ads placed on Google and have therefore been redirected to our site.

The information acquired with the help of “conversion-cookies” is used to make statistics about visits to our website. Through such statistics we learn the total number of visitors who clicked on our ad and also which pages were then viewed by the relevant user. Neither we nor others who conduct promotional activities through “Google AdWords” receive any information on the basis of which users can be personally identified. You can prevent the installation of “conversion-cookies” through the relevant setting in your browser, so that automatic cookie fixing is generally turned off, or so that only cookies from the “googleadservices.com” domain are blocked. Google’s related data protection statement is available at the following link: https://services.google.com/sitestats/it.html.

Since we do not process any of your personal data in this area, there is no need for any GDPR legal basis.

  1. (e) Google Re-Marketing
    This website uses Google Re-Marketing. Google Re-Marketing is a promotional service of Google (see point C. above) through which, based on the attitude of use taken during previous visits to our website, the presentation of targeted advertising, presumably of your interest, is made possible. This advertising appears only on Google promotional spaces, Google AdWords spaces, or Google Display Network spaces.

You can object to Google Re-Marketing promotional proposals in the ad manager or edit your settings. Alternatively, you can avoid Re-Marketing by disabling cookies in your browser settings.

Since we do not process any of your personal data in this area, there is no need for any GDPR legal basis.

  1. Use of our web forms, requests through other media (e.g., over the phone)

Personal data of persons interested in our services, who have communicated such data to us on their own initiative through a web form, by telephone or otherwise (in particular name, address, telephone and fax number, e-mail address), will be stored as long as they are necessary for the provision of the requested information or for the provision of the requested services, and as long as the person concerned has not requested us to delete these data before one of these reasons has occurred.

In accordance with Art. 6 para. 1 (f) GDPR in conjunction with periods 2 and 7 of recital 47 on the GDPR we believe that, at least in the event that the entrustment of the data is in conjunction with the fact that you test our services free of charge for a limited period of time, a decisive and appropriate relationship may come into being between you and secretary365, on the basis of which the previously mentioned data – subject to other provisions – may also be stored and used by us for the purpose of getting back in touch with you in the context of direct marketing. This does not apply in the event that we should be or become aware of concrete elements that would cause your fundamental interests or freedoms requiring the protection of your personal data to take precedence over the described use. The legal basis for storage in these cases is Art. 6 paragraph 1 (f) GDPR.

If these requirements are not met, we will require explicit authorization (Art. 7 GDPR) for data storage and use in the sense described above. The data may also be used without consideration of the interests for these purposes in Art. 6 paragraph 1 (f) GDPR. The legal basis for this is Art. 6 paragraph 1 (a) GDPR.

As part of the submission of personal data through our web forms, the IP address will be stored – as previously described in 1. A. – briefly in an unabridged, and thus anonymized, form. The legal basis for this is Art. 6 paragraph 1 (f) GDPR.

  1. Secretary365 clients
  2. As part of contract fulfillment we store the following personal data:
  • Basic data, i.e., information necessary for the establishment, execution and modification of the contract, related to your person and the services you have chosen. They include, for example, all information provided as part of the registration regarding name, address and contact details, bank details and payment method, chosen tariff and assignment for additional services, such as SMS messages or 24h extension. The relevant legal basis is Art. 6 paragraph 1 (b) GDPR.
  • Billing data, which is the data we need to bill for our services. They are part of them, among others, the amount, time, duration and rate of incoming and outgoing calls, the subsequent processing time of the relevant call report, the type of connection in case of call forwarding as phone call, mobile network, foreign, applied measures such as SMS sending, fax communication or e-mail, amount of postal dispatches received and any special services provided. The relevant legal basis is again Art. 6 paragraph 1 (b) GDPR.
  • Data on disbursement, i.e., data that are necessary for the provision of services and that have been acquired as part of the provision of services. They include, in particular, the data provided by you as part of the registration and possibly later completed or modified related to the desired handling of calls, as well as your wishes, complaints or the like expressed to secretary365. The relevant legal basis is again Art. 6 paragraph 1 (b) GDPR.
  • Order data, i.e., data related to the calls themselves, such as time and duration, name and contact information of the caller, the reason for the call, and the information provided to the caller, as well as the measures we applied. The relevant legal basis is again Art. 6 paragraph 1 (b) GDPR. Should such data contain personal data of third parties with respect to which the customer is responsible to its callers (Art. 4 no. 7 GDPR), we will process such data by order processing. The relevant legal basis is Art. 28 GDPR.

Also during such procedures, the IP address will be stored in unabbreviated form for limited time as described in Step 1. a. and then stored in an anonymized form. The relevant legal basis is Art. 6 paragraph 1 (f) GDPR.

  1. Synchronization of contacts and calendar

We allow our customers to synchronize contact and calendar data from a Google Inc. customer account, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), which is not the subject of the contractual relationship with secretary365, with contact and calendar data stored at the latter. This is done through technical interfaces that are made available by Google.

The use of these interfaces also makes it possible to automatically capture contact and calendar data stored at Google into the databases stored at secretary365 and, conversely, to transmit data stored at secretary365 to Google. In addition, the interfaces allow secretary365 employees, at the customer’s request, both to have direct access to the customer’s Google calendar and to enter appointments set for the customer. Thus, under certain circumstances, it is possible to significantly increase the quality of services provided by the secretary365.

Google stores and processes data accumulated within its business outside the European Union and thus in a third country under Art. 44 et seq. of the GDPR. It is expressly reminded that, according to the above provisions, the customer remains responsible for the lawfulness of the transmission of third-party data within the scope of his or her contractual relationship with Google even if the transfer takes place through the interfaces described above.

The configuration of contact and calendar synchronization through secretary365 is possible only with the explicit consent of the client, which must be declared at the time of synchronization configuration and without which the relevant functions are not activated. As part of the consent statement, the client is again referred to the above explanations.

In this case, the legal basis for data processing is Art. 6 paragraph 1 (a) of the GDPR. You can revoke your consent at any time by sending an e-mail to dataprivacy@segretaria365.net.

If consent is withdrawn, the services of secretary365 may be used without any limitations but contact and calendar synchronization will no longer be possible.

  1. Newsletters sent to customers

We send our customers, at regular intervals, newsletters with information on product developments and current offers, to the e-mail address that customers have given us, unless they have objected to such sending. In this newsletter you will be warned that you can reject the use of the e-mail address you have given us at any time and that you can have that address deleted from the list of newsletter recipients.

If explicit consent has not been provided to us for this purpose, the legal basis for sending is Art. 6 paragraph 1 letter f) GDPR, as well as Art. 95 GDPR in conjunction with Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 concerning the processing of personal data and the protection of privacy in the electronic communication sector (“ePrivacy Directive”)

  1. Interest justified under Art. 6 paragraph 1 (f) GDPR

    If the processing of personal data is based on Art. 6 Paragraph 1 (f) GDPR, basically our justified interest lies in the performance of our business activities, both for the benefit of the welfare of our employees and our unit holders. This includes, as part of the due consideration of interests, the interest in direct advertising (see periods 2 and 7 of recital 47 on the GDPR).

  2. Place of data storage

All personal data processed by us are stored exclusively on data processing systems located in the European Union. No divergence from this is expected. In the event that such data could also be accessed by persons outside the European Union, this is done exclusively under the following conditions:

  1. (a) Access is via encrypted transmission paths, which protect all personal data from third-party access by taking advantage of the most current technical means (e.g., VPN links),
    (b) access is exclusively through employees of secretary365 itself or by employees of companies in the secretary365 corporate group (see Art. 4 no. 19 GDPR), and
    (c) employees are required to respect the confidentiality of data and have been instructed regarding their obligation to maintain confidentiality.
  2. Routine deletion and blocking of personal data

We process and store personal data of the data subject only for the period necessary to achieve the purpose of the storage, or where this is required by European directives and regulations or by other laws or regulations to which the controller is subject, for example in view of the storage periods stipulated by tax or trade regulations.

Should the purpose of storage fail or should the storage periods stipulated by European directives or other relevant legislators expire, personal data will be blocked or deleted routinely and in accordance with legal provisions.

VII. Rights of the data subject

  • the purposes of processing;
  • The categories of personal data that are processed;
  • the recipients or categories of recipients to whom personal data have been or will be manifested, particularly in the case of recipients in third countries or international organizations;
  • if possible, the expected duration of storage of personal data or, if this is not possible, the criteria for determining this duration;
  • the existence of a right to correction or deletion of one’s personal data, or to restriction of processing by the controller, or a right to object against such processing;
  • The existence of a right to complain to a supervisory authority;
  • where personal data have not been acquired from the data subject: all available information on the origin of the data;
  • the existence of automatic decision-making, including profiling, within the meaning of Article 22 paragraphs 1 and 4 GDPR and-at least in such cases-clear information about the logic involved as well as the scope and expected effects of such processing for the data subject.

The data subject also has the right to know whether his or her personal data has been sent to a third state or to an international organization. If so, the data subject also has the right to receive information on appropriate safeguards related to the mailing.

Should a data subject wish to take advantage of this right to information, he or she may contact one of our employees at any time at dataprivacy@segretaria365.net.

  1. (c) Right of correction
    Any person concerned with the processing of personal data may request the immediate correction of their personal data that are incorrect. In addition, the data subject has the right, in view of the purposes of processing, to request the completion of incomplete personal data, including through an additional statement.

Should a data subject wish to avail himself or herself of this right of correction, he or she may contact one of our employees at any time at dataprivacy@segretaria365.net.

  1. (d) Right to erasure (“right to be forgotten”)
    Any person concerned with the processing of personal data has the right to request from the controller that his or her data be deleted as soon as possible should any of the following reasons arise and where the processing is not necessary:
  • personal data have been collected for certain purposes or otherwise processed, for which the data are no longer needed;
  • the data subject revokes his or her consent on which the processing is based pursuant to Art. 6 paragraph 1 (a) GDPR or Art. 9(2)(a) GDPR, and if there is no other legal basis for processing;
  • The interested party submits, pursuant to Art. 21 Paragraph 1 GDPR, objection against the processing, and if there are no justified reasons prevailing in favor of the processing, or if the data subject files an objection against the processing pursuant to Art. 21 paragraph 2 GDPR;
  • personal data have been processed in a non-compliant manner;
  • the deletion of personal data is necessary for the fulfillment of a legal obligation provided by the European Union or by the law of the member state, to which the controller is subject;
  • personal data have been acquired with reference to proposed services of the information society in accordance with Art. 8 para 1 GDPR.

If any of the above reasons should intervene and a data subject should request the deletion of his or her data stored with us, he or she may at any time contact one of our employees at dataprivacy@segretaria365.net.Our employees will ensure that the request for cancellation is fulfilled as soon as possible where there is a corresponding legal obligation.

  1. (e) Right to limitation of processing
    Each data subject affected by the processing of personal data may make use of the right granted by the European directives and provisions to request the controller to restrict processing if one of the following requirements is met:
  • the data subject disputes the correctness of the personal data, specifically for a duration that makes it possible for the person in charge to verify the correctness of the personal data;
  • processing does not comply, the data subject rejects the deletion of personal data and instead requests the restriction of the use of personal data;
  • the controller no longer needs the personal data for the purposes of processing, the data subject nevertheless needs it for the assertion, exercise or defense of legal rights;
  • the data subject has filed an objection against the processing pursuant to Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the justified interests of the responsible party outweigh those of the data subject.

Should any of the above requirements exist and the data subject wishes to request the restriction of the use of personal data that is stored with us, he or she may contact us at any time at dataprivacy@segretaria365.net. and request restriction of processing if there is a related legal obligation.

  1. (f) Right to data portability
    Every data subject may enjoy the right, granted by European directives and ordinances, to receive personal data concerning him or her that the data subject has made available to a controller, in a structured, common and machine-readable format. He also has the right to send these data to another controller without hindrance from the controller to whom the data have been made available, if the processing is based on the consent referred to in Art. 6 paragraph 1 letter (a) GDPR or Art. 9 paragraph 2 letter (a) GDPR, or on a contract under Art. 6 paragraph 1 letter (b) GDPR and the processing is carried out with the help of automated procedures, if the processing is not necessary for the performance of a task that is in the public interest or is carried out as part of the exercise of public functions, which have been entrusted to the controller.

As part of making use of its right to data portability under Art. 20 para. 1 GDPR the data subject also has the right to have personal data sent directly from one controller to the other controller, where this is technically feasible and does not compromise the rights and freedoms of other persons.

  1. (g) Right to Opposition
    Every data subject to the processing of personal data has the right, for reasons apparent from his or her personal situation, to object at any time against the processing of his or her personal data taking place on the basis of Art. 6 paragraph 1 letters (e) or (f) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process personal data unless we can attest to compelling reasons worthy of protection in favor of processing that are overriding the interests, rights and freedoms of the data subject, or if the processing serves the assertion, exercise or defense of legal rights.

Should we process personal data for the purpose of carrying out direct promotional activities, the data subject has the right to file an objection against the processing of personal data for the purpose of carrying out such direct advertising at any time. Should the data subject send us an objection against processing for the purpose of direct promotional activity, we will no longer process his or her personal data for that purpose.

The data subject also has the right, for reasons apparent from his or her particular situation, to object at any time against the processing of personal data concerning him or her that is carried out with us for scientific or historical research purposes, or for statistical purposes, pursuant to Art. 89 paragraph 1 GDPR, unless such processing is necessary for the fulfillment of a task related to the public interest.

In order to make use of the right of objection, the data subject may contact us directly at dataprivacy@segretaria365.net.L the data subject is also free, in conjunction with the use of information society services and independently of Directive 2002/58/EC, to make use of his or her right of withdrawal by means of an automated procedure in which specific techniques are used.

  1. (h) Right to revoke an assent given under the data protection law
    Each data subject may at any time avail himself or herself of the right granted by European directives and ordinances to withdraw his or her consent to the processing of personal data.

Should the person concerned wish to avail himself of his right to withdraw an assent, he may contact us at any time at dataprivacy@segretaria365.net.

VIII. Data protection in applications and application processes

If we have to process personal data as part of applications and application processes, this is done for the purpose of processing the application process. Processing may also take place electronically. This is particularly the case if an aspirant submits the relevant resume electronically, such as by e-mail or via a web form found on the website. If we were to enter into an employment contract with an applicant, the data submitted will be stored for the purpose of processing the employment relationship, in accordance with legal requirements.

In the event that the data controller does not enter into any contract of employment with the aspirant, the records of the relevant resume will be automatically deleted six months after the communication of the decision not to hire, if the aspirant has not given his or her consent to storage for a longer period and there is no other justified interest contrary to the deletion. An additional justified interest for equal treatment purposes may be, for example, a requirement for evidence in proceedings supported under laws for the equalization of men and women.