Data protection

Privacy policy


Gi Group Deutschland GmbH
Neuer Zollhof 3

40221 Dusseldorf

Germany

Telephone: +49 211 7314 130

E-mail address: info@gigroup.de


(hereafter Provider or Responsible Party)


Managing Director: Stefano Tomasi

Managing Director’s e-mail address: info@gigroup.de

(address same as person responsible)


Data Protection Officer: Gabriele Faggioli

Data Protection Officer’s e-mail address: dpo@gigroup.com

(address same as person responsible)


Website:de.gigroup.com


The Provider is the person responsible in the sense of the General Data Protection Regulation and other national data protect acts of the member states as well as other legal data protection regulations.


In the following declaration, we inform you of the type, scope and purpose of the collection, processing and use of your data in connection with visiting the website and any potential further use of the contents and services.


Summary

The Provider saves and processes your personal data (hereafter summarised as processing) taking into consideration the standard legal data protection regulations, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).


The Provider observes the principle of data minimisation. This means that data is restricted to processing for the purpose of the extent of necessary processing, as it is appropriate and required for the provision of a functioning website as well as in regard to the contents and services offered. This processing either takes place on the basis of previous consent or if it is permitted by legal regulations.


When you call up the Provider’s website, the Provider processes certain usage data in order to enable you to use its offer.


If you enter data into the contact, order or registration forms of the Provider, the Provider only processes these for the respectively indicated purposes. All personal data processed is deleted again by the Provider after the storage period.

You can find further information below.


I. General information about data processing

1. Term definitions

a. Personal data

Personal data is all information which relates to an identified or identifiable natural person (hereafter ‘Affected Person’); a natural person is considered identifiable if they can be directly or indirectly identified, in particular through assignment to an identification such as a name, an identification number, location data, an online identification or one or several particular characteristics which are an impression of the physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person.

b. User data

User data is a user’s personal data, which is required for the justification, content layout or change of a contractual relationship between the service provider and the user for the use of telemedia.


c. Usage data

Usage data is a user’s personal data, which is required in order to enable and invoice for the utilisation of telemedia. This includes in particular, features for the identification of the user, information about the start, end and scope of the respective use and information about the telemedia the user has availed themselves of.


d. Processing

Processing is any process executed with or without the use of automated processes, or any such set of processes in connection with personal data such as collection, recording, organisation, arrangement, storage, adjustment or alteration, read out, query, use, publication through transmission, dissemination or another form of provision, comparison or linking, restriction, deletion or destruction.

e. Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific Affected Person without the inclusion of additional information. This additional information is stored separately and subjected to technical and organisational measures which guarantees that the personal data cannot be assigned to an identified or identifiable natural person.


f. Cookies

Cookies are small text files which are stored on your computer. Cookies always have a validity period which can be restricted to the end of the user session (known as session cookies) or can also exist for a longer period (known as permanent cookies). These permanent cookies remain on your computer and enable the Provider or its partner companies (known as third party cookies) to recognise your computer again on your next visit. You can set your browser in such a way that you are informed when cookies will be installed and decide to accept them individually, or reject the installation of cookies in individual cases or generally. If you do not accept cookies, the functionality of the website may be restricted.


g. Website

A website, also known as a web presence, is the presence of a private or business Provider of telemedia on the world wide web - summarised under a specific internet address. Web presences include websites and optionally available documents to download, as well as further audio-visual media services which can be called up.


2. Existing suitable guarantees

a. Pseudonymisation

Insofar as the Provider collects usage data, it always stores this under pseudonyms (in the case of cookies, for example, using a unique session key). The Provider does not maintain pseudonym data with the data about the pseudonym bearer (such as, for example, together with the user data).

b. Use of encryption technologies

The Provider uses the SSL security system (Secure Socket Layer) during the data transfer between your computer and mobile end devices and the Provider’s server.

This technology should protect your data against being read out by unauthorised third parties and provides a very high security standard. You can verify that your data is being transferred with encryption by the locked image of a lock and key symbol in the lower status bar of your browser.

II. Processing


1. Job vacancy applicant management system


The Provider uses the job vacancy section of its website to publish job vacancies. As a website user, you can apply for a specific job vacancy with the Provider or transmit a tentative application.


Data collection (user data)

- Salutation / title

- First name and surname (mandatory field)

- E-mail address (mandatory field)

- Telephone number

- Application documents (for example, cover letter, CV, references and photo)


With the application for a specific job vacancy, you also issue your consent to be taken into consideration for other advertised job vacancies. In addition, you issue your agreement that your data can also be made accessible to other companies within the same group both nationally and internationally.


In the case of a successful application, the Provider will store your data for the duration of the employment relationship and delete your data at the latest within 6 months after its termination. Otherwise, your transferred data will only be processed for the purpose of implementing the application process and deleted within 6 months after the end of the application process.


The legal basis for the processing is formed by art. (6) 1 lit. b, 88 GDPR, § 26 BDSG (new).


You have the option at any time to revoke your consent for the processing of your personal data or to submit an objection to data processing which is not based on consent. You can exercise this revocation or objection specifically by e-mail to de.privacy@gigroup.com . In this case, all personal data, which the Provider has saved in the course of your establishment of contact, will be deleted.


Your revocation right is not generally related to such data which the Provider requires in the scope of fulfilling a contract or of precontractual conditions. If necessary, however, you have further rights on the basis of which you can demand the deletion of your data.


2. Job feed newsletter


When subscribing for the newsletter, the Provider uses the e-mail you entered for information about current job vacancies. You can find the newsletter registration option on the job vacancy website. You can unsubscribe at any time.


Data collection (user data)

- E-mail address (mandatory field)


The data you transfer will only be processed if you have previously issued us your consent. Your data will be deleted after three years since you issued your consent, and if you have not issued a renewed consent to process your data for the job feed newsletter prior to this.


The legal basis for processing the data after the user’s consent is formed by art. (6) 1 lit. a GDPR.


You have the option at any time to revoke your consent to the processing of your personal data. You can exercise this revocation specifically by e-mail to de.privacy@gigroup.com. In this case, all personal data, which the Provider has saved in the course of your establishment of contact, will be deleted.


3. Talent pool

If you register in the talent pool, you enable the Provider to maintain contact with you for your future career path. You will receive regular news on the subject of careers, invitations and information about trade and career events as well as special job offers.


Data collection (user data)

- salutation / title

- First name and surname (mandatory field)

- E-mail address (mandatory field)

- Telephone number

- Application documents (for example, cover letter, CV, references and photo)


The data you transfer will only be processed if you have previously issued your consent to the Provider. Your data will be deleted by the Provider if you unsubscribe from participation in the talent network.


The legal basis for processing the data after the user’s consent is formed by art. (6) 1 lit. a GDPR.


You have the option at any time to revoke your consent to the processing of your personal data. You can exercise this revocation specifically by e-mail to de.privacy@gigroup.com. In this case, all personal data, which the Provider has saved in the course of your establishment of contact, will be deleted.


4. Processing log data

For technical reasons, when accessing the Provider’s website, your internet browser automatically transfers certain data to the Provider’s server. The following data is collected by the Provider separately from other data which you transfer to the Provider in certain circumstances and used for the aforementioned purposes:


Data collection (usage data)

- Name of the website or URL called up,

- Date and time called up,

- Access status / http status code,

- respectively transferred data amount,

- Website from which the request was sent,

- Browser software and software version,

- Operating system and version,

- IP address (anonymous, shortened to the last three numbers),

- Randomly generated cookie or session encryption number.


In the event that the data is saved in log files, the usage data will be deleted after 7 days at the latest. Storage beyond this is possible according to the stipulations of legal data protection permissions. In this case, the IP addresses are deleted or alienated so that it is no longer possible to assign the website call up to your computer.


The legal basis for storing the data and log files is formed by art. (6) 1 lit. f GDPR in connection with § 15 TMG.


The recording of data for the provision of the website and the storing of data in log files is obligatory for the operation of the website. Consequently, there is no possibility to object on the part of the user. However, you can exercise your objection right using an automated process in which technical specifications are used, such as, for example, in the case of making your IP address anonymous by using a VPN provider.


The following section, Use of cookies by the Provider for web analysis, is decisive for recording usage data for the purpose of the measurement of coverage.


7. Use of cookies

a. The use of the Provider’s cookies for the purpose of using the website (technically required cookies)

The Provider uses session cookies in order to make the website attractive to visit and enable the use of certain functions.


Data collection (usage data)

- Randomly generated cookie or session encryption number.


The legal basis for the processing of this data is formed by art. (6) 1 lit. f GDPR.


Technically required cookies are automatically saved on your computer, from which they are transmitted to our website. You have the option at any time to submit an objection to data processing which is not based on your consent. In the event of technically required cookies, as a user, you have control over their use. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. You can delete cookies, which have already been saved at any time.


b. Use of the Provider’s cookies for web analysis (not technically necessary cookies)

When the website is called up, the Provider transfers permanent cookies for the purpose of web analysis of its telemedia (known as web analysis cookies). Using web analysis cookies, the Provider can determine the usage data of the user in a pseudonymised form and thereby recognise, for example, how often the website is frequented and from which regions by the respective pseudonymised internet users, as well as which type of end devices are used to access the website. The Provider only saves data collected in this way on its server in Germany.



Data collection (usage data)

- Name of the website or URL called up,

- Date and time called up,

- Http response code,

- Website from which the request was sent,

- IP address (this is anonymised in the course of data processing and deleted from the log files within 7 days),

- Type of browser,

- Randomly generated cookie or session encryption number.


The legal basis for processing the usage data is formed by art. (6) 1 lit. f GDPR.

In the event that the data is saved in log files, the usage data will be deleted after 7 days at the latest. Storage beyond this is possible according to the stipulations of legal data protection permissions. In this case, the IP addresses are deleted or alienated so that it is no longer possible to assign the website call up to your computer.


Cookies which are not technically required are automatically saved on your computer and transferred from it to our website. You have the option at any time to submit an objection to data processing which is not based on your consent. You can prevent web analysis cookies from being installed by clicking the following link. A cookie will then be installed which prevents the Provider from recording your data in the future when you visit this website:


Deactivate web analytics


8. Further processing for other purposes

Provided nothing else is stipulated above, your data will not be transferred to third parties and also not further processed for other purposes than the purposes stated.


III. Affected rights

You have the right to receive the information about personal data relating to you as well as to the correction, deletion or restriction of the processing, or the right to objection against the processing, as well as the right to data transferability according to the stipulation of the following description. In the cases of §§ 32 ff. BDSG 2018, however, these claims only exist insofar as they are anticipated pursuant to BDSG 2018.

You have the right:

- pursuant to art. 15 GDPR to demand information about your personal data processed by your provider. In particular, you can demand information regarding the purposes of processing, the category of the personal data, the categories of recipient to whom the personal data have been or will be disclosed, the planned storage duration, the existence of the right to rectification or erasure of personal data or restriction of processing or to object to such processing, the existence of a right to lodge a complaint,

the origin of your data, provided it was not collected by us, as well as regarding the existence of automated decision-making, including profiling and, if necessary, meaningful information about their details (see III.1);

- pursuant to art. 16 GDPR the right to immediately demand rectification of inaccurate or incomplete personal data of your personal data stored by us (see III.2);

- pursuant to art. 17 GDPR to demand the erasure of personal data concerning him or her stored by us, provided the processing is not for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of the public interest

or to establish, exercise or defend against legal claims (see III.3);

- pursuant to art. 18 GDPR to demand the restriction of the processing of your personal data, provided you contest the accuracy of the data, the processing is unlawful, but you oppose the erasure of the data and we no longer require the data, however you

require it to establish, exercise or defend against legal claims, or, pursuant to art. 21 GDPR, you have submitted an objection to the processing (see III.4).

- pursuant to art. 20 GDPR to receive the personal data you have provided us with in a structured, commonly used and machine-readable format or to demand the transmission

to another responsible party (see III.5);

- pursuant to art. 77 GDPR to lodge a complaint with a supervisory authority. In general, you can lodge this through the supervisory body of your usual place of residence or place or work or the headquarters of our company (see III.7); and

- pursuant to art. (7) 3 GDPR to withdraw consent you have given to us at any time. This will result in us no longer being able to continue processing the data which was based upon this consent in the future (see III.8).


Insofar as your personal data is processed on the basis of authorised interests pursuant to art. (6). 1 p. 1 lit. f GDPR, you have the right pursuant to art. 21 GDPR to object to the processing of your personal data, provided there are grounds for this relating to your particular situation or the objection is against direct marketing purposes. In the latter case, you have a general right to object, which will be implemented by us without the details about a particular situation (see III.6).


If you would like to invoke your revocation or objection right, simply send an e-mail to de.privacy@gigroup.com