Declaration of data protection

Weiser, Kuck & Comp. GmbH takes the protection of your personal data very seriously. As a personnel consultancy, we are contractually commissioned by companies to address and present qualified applicants for vacant specialist and management positions. Not only due to the legal obligation, but also due to our membership in the Bundesverband Deutscher Unternehmensberater (BDU), we thereby take your rights very seriously. We therefore inform you of the processing of personal data that you send to us in relation to filling a vacancy.

The position should be filled by a person who is professionally and personally capable as well as basically being ready for a change. We therefore particularly require your name, address and contact data, details and documents on training, qualifications, professional experience and references (we will delete your data after the retention period relevant to the process has expired). Suppliers of references are only addressed with your prior consent. We record freely available data about you (for example, from the Internet, specialist articles or other publications) if they refer to specialist and personal qualifications. The data solely contain the company actually searching and its management/directorate and/or its personnel department. Data are not transmitted outside the European Union.

Name and contact data of the responsible officer in accordance with Article 4 Para. 7 GDPR
Company: Weiser, Kuck & Comp. GmbH
Address: Hammfelddamm 10, 41460 Neuss
Tel: +49 (0) 2131.1697-0
Fax: +49 (0) 2131.1697-33
E-Mail: info@weiser-kuck.de

Security and protection of your personal data
We regard it as our top priority to safeguard the confidentiality of the personal data you provide and to protect these from unauthorised access. That is why we apply the utmost care and the latest security standards in order to ensure maximum protection of your personal data.

As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational action to ensure that the regulations of data protection are observed both by us and by our external service providers.

Determination of terms
Lawmakers require that personal data are processed in a legitimate manner, in good faith and in a way that is understandable for the data subject (“legality, processing in good faith, transparency”). In order to ensure this, we want to inform you of each of the terms determined by law, which are also used in this declaration of data protection:

1. Personal data
   “Personal data” are all information referring to an identified or identifiable natural person (referred to below as the “affected person” or the “data subject”); a natural person is regarded as being identifiable if they can be identified directly or indirectly, particularly by assignment to an identifier (such as a name), to a code number, to locational data, to an online identifier or to one or more specific features, which are an expression of the physical, physiological, genetic, psychic, financial, cultural or social identity of this natural person.
2. Processing
   “Processing” is every procedure executed, with or without the help of automated procedures, or every such series of procedures connected with personal data, such as recording, organising, storing, adapting or changing, reading out, polling, use, disclosure through transmission, distribution or another form of provision, comparing or linking, restricting, deleting or destruction.
3. Restricting processing
   “Restricting processing” is to mark personal data that has been stored with the aim of restricting their processing in future.
4.  Profiling
   “Profiling” is every type of the automated processing of personal data, which consists of using these personal data to evaluate certain personal aspects referring to a natural person (in particular, to analyse or predict aspects relating to the work performance, financial situation, health, personal preferences, interests, reliability, conduct, residence or a change of place of this natural person).
5. Pseudonymisation
   “Pseudonymisation” is the processing of personal data in such a way that personal data can no longer be allocated to a specific data subject without drawing on additional information, insofar as this additional information is kept separately and is subject to technical and organisational measures, which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
6. File system
   “File system” is every structured collection of personal data that is available according to certain criteria, regardless of whether this collection is kept centrally or decentrally or is ordered by functional or geographic viewpoints.
7. Responsible officer
   The “responsible officer” is a natural person, a legal entity, an authority, an institution or some other office, who decides alone or together with others upon the purposes and means of the processing of personal data. If the purposes and means of this processing are prescribed by the law of the Union or the law of the Member States, the responsible officer and/or certain criteria for his or her nomination can be foreseen by the law of the Union or the law of the Member States.
8. Order processor
   The “order processor” is a natural person, a legal entity, an authority, an institution or some other office, which processes personal data on behalf of the responsible officer.
9. Recipient
   The “recipient” is a natural person, a legal entity, an authority, an institution or some other office, which discloses personal data, regardless of whether this concerns a third-party or not. However, authorities that possibly receive personal data in the course of a certain investigation order under the law of the Union or the law of the Member States are not regarded as recipients. These data are processed by the aforesaid authorities pursuant to the prevailing regulation on data protection in accordance with the purposes of processing.
10. Third-party
    A “third-party” is a natural person, a legal entity, an authority, an institution or some other office (excluding the data subject, the responsible officer, the order processor and the people who are authorised to process personal data under the direct responsibility of the responsible officer or the order processor).
11. Consent
    “Consent” issued by the data subject is every announcement of intention given voluntarily for the particular case, in an informed and unmistakeable way, in the form of a declaration or some other clearly confirming act, with which the data subject gives to understand that he or she agrees to the processing of the personal data affecting them.

Legality of processing
The processing of personal data is illegal unless there is a legal basis for the processing. Pursuant to Article 6 Para. 1 Letters a – f GDPR, a legal basis for processing can, in particular, be one of the following:

1. The data subject has given consent to the processing of personal data affecting them for one or more specific purposes;
2. Processing is necessary to fulfil a contract, of which one of the contractual parties is the data subject, or to execute pe-contractual action that has been requested by the affected person;
3. Processing is necessary to fulfil a legal obligation, to which the responsible officer is subject;
4. Processing is necessary to protect the vital interests of the data subject or of another natural person;
5. Processing is necessary to perform a task, which lies in the public interest, or to exercise public power transferred to the responsible officer;
6. Processing is necessary to safeguard the justified interests of the responsible officer or of a third-party, insofar as these are not outweighed by the interests or the fundamental rights and basic freedoms of the data subject that require the protection of personal data, particularly if the data subject is a child.

Information on the recording of personal data
(1) In what follows, we inform you of the recording of personal data when our web site is used. Examples of personal data are name, address, e-Mail addresses and user behaviour.

(2) If you get into contact with us by e-Mail or via a contact form, we save the data you give us (your e-Mail address, possibly your name and telephone number) in order to answer your questions. We delete data accrued in this context after their storage is no longer necessary, or if processing is restricted in case legal duties of retention apply.

Recording personal data during a visit to our web site
If you use our web site solely for information (thus if you do not register or transmit information to us in some other way), we only record the personal data transmitted by your browser to our server. If you wish to view our web site, we record the following data. These data are necessary for us to technically display our web site to you and to ensure stability and security (the legal basis is Art. 6 Para. 1 C. 1 Letter f GDPR):

• IP address
• Date and time of the inquiry
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (actual page)
• Access status/HTTP status code
• Quantity of data transmitted
• Web site from which the request came
• Browser
• Operating system and its interface
• Language and version of the browser software.

Deployment of cookies
(1) If you use our web site, cookies are stored on your computer in addition to the aforesaid data. Cookies are small text files. These are saved in an orderly manner on your fixed disk by the browser you use. The office that sets the cookie receives certain information. Cookies cannot execute any programs or transmit viruses to your computer. They serve to make the internet site generally more user-friendly and effective.
(2) This web site uses the following types of cookies. Their scope and method of functioning is explained below:

• Transient cookies (see a.)
• Persistent cookies (see b.).

1. Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. These save a so-called session ID, which can allocate various inquiries made by your browser to common sessions. This allows your computer to be recognised again if you return to our web site. Session cookies are deleted when you log-out or close the browser.
2. Persistent cookies are deleted automatically after a prescribed duration, which can vary from cookie to cookie. You can delete cookies at any time in the security settings of your browser.
3. You can configure your browser settings to meet your requirements. For example, you can accept third-party cookies or reject all cookies. So-called “third-party cookies” are cookies set by a third-party, thus not by the web site that you are visiting at this moment. We point out that you may not be able to use all the functions of this web site if you de-activate cookies.

Further functions and features of our web site
(1) Apart from using our web site for pure information, we also offer various services that you can use if they are of interest to you. As a rule, you will have to disclose further personal data for these. We use these data to provide the service in question and to which the aforesaid principles of data processing apply.
(2) We sometimes deploy external service providers to process your data. These are carefully selected and commissioned by us, they are bound by our instructions and are regularly monitored.
(3) We can furthermore forward your personal data to third parties if you are participating in a campaign or prize competition, in case of contract conclusions or if similar services are offered by us together with partners. You can obtain more detailed information on this upon disclosure of your personal data or below in the description of the offer.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we inform you of the consequences of these circumstances in the description of the offer.

Children
In principle, our services are only directed at adults. Those below 18-years of age should not transmit personal data to us without the permission of their parents or legal guardians.

Rights of the affected person
(1) Revocation of consent
If the processing of personal data is based on consent issued, you have the right to revoke your consent at any time. A revocation of consent does not affect the legality of processing performed on the basis of the consent until its revocation.
You can contact us at any time to exercise your right of revocation.

(2) Right to confirmation
You have the right to demand confirmation from the responsible officer of whether we process personal data affecting you. You can demand confirmation at any time under the aforesaid contact data.

(3) Right of information
If personal data are processed, you can find out about these personal data at any time and demand the following information:

1. the purposes of processing;
2. the categories of personal data that are processed;
3. the recipient or categories of recipients to whom the personal data have been or will be disclosed, particularly in the case of recipients in third countries or international organisations;
4. if possible, the duration for which it is planned to store the personal data or, if this is not possible, the criteria for determining this duration;
5. the existence of a right to correction or deletion of the personal data affecting you, to a restriction of processing by the responsible officer or to a right of objection against this processing;
6. the existence of a right to complain to a supervisory authority;
7. if the personal data were not recorded from the data subject, all information available on the origin of the data;
8. the existence of automated decision-making, including profiling, in accordance with Article 22 Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved, the scope and the intended effects of such processing for the affected person.

If personal data are transmitted to a third country or to an international organisation, you have the right to be informed of the suitable guarantees pursuant to Article 46 GDPR in the context of the transmission. We provide a copy of the personal data, which are the object of processing. We can demand reasonable remuneration on the basis of the administration costs for all further copies that you apply for in person. If you submit your application electronically, the information must be provided in a common electronic format, unless something results to the contrary.
The right to receive a copy in accordance with Paragraph 3 may not impair the rights and freedoms of other people.

(4) Right to correction
You have the right to demand from us that we correct inaccurate personal data affecting you without delay. In consideration of the purposes of processing, you have the right to demand the completion of incomplete personal data – even by means of an additional declaration.

(5) Right to deletion (“right to be forgotten”)
You have the right to demand from the responsible officer that personal data affecting you are deleted without delay. We are obliged to delete personal data without delay if one of the following reasons applies:

1. personal data are no longer required for the purposes for which they were recorded or were processed in some other way;
2. the data subject revokes his or her consent on which processing is based in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR, and there is no other legal basis for processing;
3. the data subject lodges an objection to processing in accordance with Article 21 Paragraph 1 GDPR and there are no overriding, legitimate reasons for processing, or the data subject lodges an objection to processing in accordance with Article 21 Paragraph 2 GDPR;
4. personal data have been processed illegally:
5. personal data must be deleted to fulfil a legal obligation under the law of the Union or the law of the Member States to which the responsible officer is subject;
6. personal data have been recorded in relation to the services of the information society in accordance with Article 8 Paragraph 1 GDPR.

If the responsible officer has published personal data and if he is obliged to delete them in accordance with Paragraph 1, he will take reasonable action (also of a technical nature), in consideration of the available technology and the costs of implementation, in order to inform the person responsible for data processing who processes the personal data that an affected person has demanded from him the deletion of all links to these personal data or of copies or replicas of these personal data.

The right to deletion (“right to be forgotten”) does not exist if processing is necessary:

• to exercise the right to free information and of freedom of expression;
• to fulfil a legal obligation, which makes processing necessary under the law of the Union or of the Member States to which the responsible officer is subject, or to perform a task that lies in the public interest or in exercise of public power that has been transferred to the responsible officer;
• for reasons of the public interest in the sphere of public health in accordance with Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 GDPR;
• for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 Paragraph 1 GDPR, insofar as the right stated in Paragraph 1 is likely to make the achievement of the aims of this processing impossible or seriously hinder them;
• to pursue, exercise or defend against legal claims.

(6) Right to restrict processing
You have the right to demand from us that we restrict the processing of your personal data if one of the following prerequisites applies:

1. the accuracy of the personal data is disputed by the data subject, indeed for a period that enables the responsible officer to check the accuracy of the personal data;
2. processing is illegal, although the data subject rejects deletion of the personal data and instead demands a restriction on the use of the personal data;
3. the responsible officer no longer requires the personal data for the purposes of processing, although the data subject requires them to pursue, exercise or defend against legal claims;
4. the data subject has lodged an objection to processing in accordance with Article 21 Paragraph 1 GDPR, as long as it has not been established whether the legitimate reasons of the responsible officer outweigh those of the data subject.

If processing has been restricted pursuant to the prerequisites stated above, these personal data are processed – disregarding their storage – only with the consent of the data subject, to pursue, exercise or defend against legal claims, to protect the rights of another natural person or legal entity or for reasons of an important public interest of the Union or of a Member State.

In order to pursue the right of restriction to processing, the data subject can contact us at any time under the aforesaid contact data.

(7) Right to data portability
You have the right to receive the personal data affecting you that you have provided to us in a structured, common and machine-readable format. You also have the right to have these data transmitted to another responsible person without hinderance from the responsible officer to whom the personal data were provided, insofar as:

1. processing is based on consent issued in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a or on a contract in accordance with Article 6 Paragraph 1 Letter b GDPR and
2. processing takes place with the help of automated procedures.

If the right to data portability is exercised in accordance with Paragraph 1, you have the right to arrange for the personal data to be transmitted directly from a responsible officer to another responsible person, insofar as this is technically feasible. Exercise of the right to data portability does not affect the right to deletion (“right to be forgotten”). This right does not apply to processing that is required to perform a task that lies in the public interest or is done in the exercise of public power transferred to the responsible officer.

(8) Right of objection
You have the right to object to the processing of personal data affecting you that is done on the basis of Article 6 Paragraph 1 Letters e or f GDPR at any time for reasons that result from your particular situation. This also applies to profiling based on these provisions. The responsible officer will no longer process the personal data, unless he or she can demonstrate overriding reasons worthy of protection for processing, which outweigh the interests, rights and freedoms of the data subject, or processing serves to pursue, exercise or defend against legal claims. If personal data are processed to promote direct advertising, you have the right to object to the processing of personal data affecting you for the purpose of such advertising at any time. This also applies to profiling, insofar as it is directly connected with such direct advertising. If you object to processing for the purposes of direct advertising, personal data will no longer be processed for these purposes.

In the context of the use of information society services, you can exercise your right of objection by means of automated procedures that deploy technical specifications, regardless of the Directive 2002/58/EC. You have the right to lodge an objection to the processing of personal data affecting you, which is done for scientific or historical research purposes or for statistical purposes in accordance with Article 89 Paragraph 1, for reasons resulting from your particular situation, unless processing is required to fulfil a task lying in the public interest.

You can exercise the right of objection at any time by contacting the respective responsible officer.

(9) Automated decision-making, including profiling, in a stand-alone case
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which has a legal effect on you or considerably impairs you in a similar manner. This does not apply if the decision:

1. is necessary to conclude or fulfil a contract between the data subject and the responsible officer;
2. is admissible due to the legal provisions of the Union or of the Member States to which the responsible officer is subject and these legal regulations contain reasonable action to safeguard the rights, freedoms and the justified interests of the data subject;
3. has been made with the express consent of the data subject.

The responsible officer takes appropriate action to safeguard the rights, freedoms and the justified interests of the person affected, which at least include the right to arrange for a person to intervene on the behalf of the responsible officer, to explain their own point of view and to contest the decision.

This right can be exercised by the data subject at any time by contacting the responsible officer.

(10) Right to complain to a supervisory authority
In addition, without regard to any legal aids available under administrative law or from a court of law, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, your workplace or the place of the alleged violation, if the data subject believes that the processing of personal data affecting them violates this ordinance.

(11) Right to effective legal aids from a court of law
Without regard to any legal aids available under administrative law or from outside a court of law, including the right to complain to a supervisory authority in accordance with Article 77 GDPR, you have the right to effective legal aids from a court of law, if you believe that your rights accruing under this ordinance have been violated as a result of the processing of your personal data that is not in agreement with this ordinance.