The HDZ NRW is keen to promote the trust of visitors to its website and is therefore disclosing its methods of handling personal data. In the following we shall explain which information we collect, for which purposes information is collected, and what we do with this information.
Our Data Privacy Statement contains special information for job applicants, as well as general information valid not only for applicants, but for all visitors to our website.
Since we treat all data carefully and confidentially as a matter of course, we request that only serious applications are submitted, and that you check any attachments for viruses etc. before sending your application to us.
Table of Contents
- Aim and Responsibility
- Data processing basics and legislative foundations
- Security measures
- Transfer of data to third parties
- Purpose and scope of applicant data processing
- Transfer of applicant data
- Submission of applications
- Storage and deletion of applicant data
- Contact Details
- Collection of access data
- Cookies & range of coverage measurement
- Links to social media
- Inclusion of third-party services and Contents
- User rights
- Deletion of data
- Right of objection
- Modifications to Data Privacy Statement
1. Aim and Responsibility
- The aim of this Data Privacy Statement is to explain the type, scope and purpose of the processing of personal data in conjunction with our online presence and all internet pages, functions and contents contained therein (in the following collectively termed "website"). The Data Privacy Statement is valid independently of the domains, systems, platforms and devices (desktop or mobile) used to access our website.
- The website provider with legal responsibility for data privacy is the Krankenhausbetriebsgesellschaft Bad Oeynhausen mbH (governing body subject to public law), Georgstr. 11, 32545 Bad Oeynhausen, Germany, email: info@@hdz-nrw.de (in the following referred to as "we" or "us"). For details of our representatives and other contact persons, please see our imprint at: www.hdz-nrw.de/service/impressum.html
- Our data protection officer can be contacted by email at: datenschutz@@hdz-nrw.de
4.In the following, the term "user(s)" covers both job applicants and all other visitors to our website. All person-related terms used, e.g. "applicant", are always gender-neutral.
2. Data processing basics and legislative foundations
- We process the personal data of users only in adherence to the relevant data protection legislation. This means that user data are only processed when legal permission has been granted. Users are particularly asked to give their consent to data processing when the latter is required for the provision of contractual services (e.g. the processing of orders) and online services, and/or when it is required by law, but are also requested to do so when we have a legitimate interest in processing data (an interest in analyzing and optimizing our website, and in managing it economically and safely in accordance with Art. 6 Abs. 1 lit. f. DS-GVO, or on the basis of § 15 Abs. 3 TMG until validity of DS-GVO), especially when measuring range of coverage, creating profiles for advertising and marketing purposes, collecting access data, and employing the services of third-party providers.
- With regard to the processing of personal data in accordance with the General Data Protection Regulation (DS-GVO), we draw your attention to Art. 6 Abs. 1 lit. a and Art. 7 DS-GVO as the legal basis for consent; to Art. 6 Abs. 1 lit. b DS-GVO as the legal basis for data processing in order to fulfill our service and contractual obligations; to Art. 6 Abs. 1 lit. c DSGVO as the legal basis for data processing in order to fulfill our legal obligations; and to Art. 6 Abs. 1 lit. f DSGVO as the legal basis for data processing in order to protect our legitimate interests.
3. Security measures
- We take state-of-the-art organizational, contractual and technical security measures in order to guarantee that all stipulations contained within the data protection laws are met, and thereby also to protect the data we process from random or deliberate manipulation, loss, destruction or unauthorized access.
- In particular, these security measures include encrypted transmission of data between your browser and our Server.
4. Transfer of data to third parties
- Data are only passed on to third parties within the framework of current legislation. We pass on user data to third parties exclusively when there is a necessity to do so, e.g. for billing purposes or in order to fulfill our contractual obligations towards users.
- Where we employ subcontractors to provide services, we make suitable legal provisions and take appropriate technical and organizational measures to ensure that personal data are protected in accordance with the relevant legal stipulations.
- Where this Data Privacy Statement extends to contents, tools or other instruments from external providers (in the following collectively referred to as "third parties") with a registered office located in a third-party country, it must be assumed that data will be transferred to the domiciles of the third parties.
- Third-party countries are countries in which the DS-GVO is not valid law, i.e. countries fundamentally outside the EU and European market. Data are transferred to third-party countries only when an appropriate level of data protection exists, when users have given their consent, or when legal permission has been granted.
5. Purpose and scope of applicant data processing
- We process applicant data only for the purpose of, and within the framework of, the job application process, as well as according to the legal stipulations. Applicant data are processed in order to fulfill our contractual obligations and to further our legitimate interest, as well as that of the applicants, in realizing a fast and effective application procedure.
- The application procedure requires applicants to disclose their applicant data to us. The mandatory details are marked as such on our online application form. They include the identity of the person, as well as postal and other contact addresses (email with registration password). Moreover, applicants are free to send us additional information, such as a covering letter, cv, references and reports, as well as to make additional entries on the application form. By sending us an online application, applicants consent to the processing of their data for the purposes of the application process in accordance with the type of processing and scope of processing laid out in this Data Privacy Statement.
6. Transfer of applicant data
- We do not transfer applicant data to third parties. As part of the application procedure we are supported by an external service provider, Haufe-Lexware Service GmbH & Co. KG, Fraunhoferstr. 5, 82152 Planegg, licensor for our online application portal "Haufe Talent Management (Basis)". This service provider is able to access online application data. This service provider processes applicant data only on our authority and on the basis of contractual obligations which stipulate abiding by agreed organizational and technical measures.
- In all other cases we seek the permission of applicants before transferring any data.
7. Submission of applications
- Applicants should send their applications exclusively by using the contact form on our website. Data are encrypted using state-of-the-art techniques before being transferred to us.
- Applications sent by email to the HDZ NRW or any of its employees will be returned to the sender for reasons of IT security (protection from possible viruses, etc.), together with a request to submit the application again via our online application management system.
- Applications sent by post to the HDZ NRW and thus not in accordance with Par. 1. will be scanned into the online application management system and processed from there or returned to the sender without being entered into the online application management System.
8. Storage and deletion of applicant data
- The data provided to us by applicants will be further processed for employment purposes should the application prove successful.
- Should the application not prove successful, all applicant data will be deleted from the system. Applicant data will also be deleted should the applicant choose to withdraw the application, a right of applicants at any stage of the application process. If applicants specify that their data may be used for future application procedures (in the following: pool applications), data will remain stored for future processing. In this case, Par. 2 retains its validity.
- Provided there is no legitimate objection by the applicant, data will be deleted from the system six months after completion of the recruitment process, allowing us sufficient time to answer any follow-up questions arising from the application and to fulfill our legal obligation to provide supporting documentation in accordance with the general law of non-discrimination (AGG). This does not apply – except in the case of an objection – to pool applications.
9. Contact Details
- Whenever contact is made with us (via contact form or email) the user details are processed in order to handle and accomplish the contact request.
- User details are stored in our customer relationship management system ("CRM system") or comparable system for organizing requests. Current legislation dictates that all business correspondence must be stored for 6 years, and any communication with fiscal relevance for 10 years.
10. Collection of access data
- In line with our legitimate interests, we collect data regarding all access to our server (so-called serverlogfiles). Access data include the name of the internet page accessed, the date and time of access, the amount of data transferred, registration of successful access, the browser type and version, the operating system of the user, the referrer URL (page previously visited), the IP address, and the requesting provider.
- Logfile information is stored for security reasons for four weeks (e.g. for clarification in the event of abuse or fraud). Data which need to be stored as potential evidence for a longer period are exempt from the deletion process until the matter in question has been resolved.
11. Cookies & range of coverage measurement
- If users do not wish cookies to be stored on their computer, they are requested to deactivate the corresponding option in the system settings of their browser. Previously stored cookies can also be deleted in the system settings of the browser. Deactivating cookies may, however, impair the function of this website.
Our website collects and stores data for marketing and optimization purposes using technologies developed by etracker GmbH (www.etracker.com). These data can be used to create pseudonymous user profiles. Cookies may be used during this process. Cookies are small text files which are stored locally in the cache of the internet browser used by the visitor to the internet page in question. Cookies facilitate recognition of the internet browser. Data collected using etracker technologies will not be used to identify the visitor to our website without the express permission of the person concerned, and will not be linked with personal data via the bearer of the pseudonym. Data collection and data storage can be objected to at any point in time and with future effect.
Data privacy statement: https://www.etracker.com/datenschutz/
13. Links to social media
- The links/buttons leading from our website to social networks and platforms (in the following collectively termed "social media") do not create a path between the social media and the user until the user actually clicks on the link/button and accesses the network or platform in question. This function is comparable to the functionality of a regular online link.
- The following presentation provides an overview of our links to social media, including links to their respective data privacy statements which contain further information about data processing and various ways – some of which are already named here – to opt out:
- facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, data privacy statement: de-de.facebook.com/policy.php, opt out: www.facebook.com/settings.
- YouTube/ Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. data privacy statement: https://www.google.com/policies/privacy/, opt out: https://www.google.com/settings/ads/.
14. Inclusion of third-party services and Contents
- In line with our legitimate interests (analysis, optimization and economic operation of our website according to Art. 6 Abs. 1 lit. f DS-GVO), we feature tools from third parties on our website which are necessary in order to provide certain services and contents, e.g. videos or fonts (in the following collectively termed "contents"). This means that the third parties in question can identify the IP address of users because otherwise, without the IP address, contents could not be sent to the browsers of the users. An IP address is thus necessary for presentation of these contents. We endeavor only to include contents from third parties who use IP addresses exclusively in order to present contents. Third parties can also use so-called "pixel tags" (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Via "pixel tags", information such as the number of visitors to the various pages of this website can be evaluated. This pseudonymous information may also be stored in cookies on user devices and contain, for example, technical details of the browser and operating system, the referrer website, the time and date of the visit, as well as other details about use of our website. It can also be linked to similar information from other sources.
- The following presentation provides an overview of our links to third parties and their contents, including links to their respective data privacy statements which contain further information about data processing and various ways – some of which are already named here – to opt out:
- Maps from the "Google Maps" service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: https://www.google.com/policies/privacy/, opt out: https://www.google.com/settings/ads/.
- Videos from the "YouTube" platform provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: https://www.google.com/policies/privacy/, opt out: https://www.google.com/settings/ads/.
- N.B.: Google Inc. is certified according to the Privacy Shield Framework and as such is obligated to respect European data privacy laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
15. User rights
- Users have the right to request free of charge information regarding the data we have stored about their person. In addition, users have the right to amend any incorrect data; to restrict the processing and/or deletion of their personal data, where applicable; to assert their right to data portability; and following an assumption of unlawful data processing to submit a complaint to the responsible regulatory body (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2-4, 40213 Düsseldorf).
- Likewise, users can withdraw any consent they have previously given, without specification of reasons and with future effect.
16. Deletion of data
- The data we have stored are deleted as soon as they are no longer required for their assigned purpose and a legal obligation to store the data no longer exists. If user data are not deleted because they are required for other, legally permissible purposes, their processing will be restricted, i.e. data will be blocked and not able to be processed for other purposes. This refers to e.g. user data which must be kept for legal reasons (commercial or fiscal).
- In line with the legal stipulations, data are kept for 6 years in accordance with § 257 Abs. 1 HGB (account books, inventories, opening balance sheets, annual statements of accounts, business correspondence, accounting vouchers, etc.) and for 10 years in accordance with § 147 Abs. 1 AO (books, drawings, status reports, accounting vouchers, business correspondence, documents with fiscal relevance, etc.)
17. Right of objection
Users can object to future processing of their personal data without specification of reasons and at any time, in line with the legal stipulations. In particular, they have the right to object to data processing for the purpose of direct Advertising.
18. Modifications to Data Privacy Statement
- We reserve the right to modify this Data Privacy Statement in the event of changes to the relevant legislation, or in the event of changes to our service or data processing methods. This only applies to explanations of data processing, however. Where user consent is necessary, or where parts of this Data Privacy Statement regulate the contractual relationship to the user, modifications will only be made with the consent of the user.
- Users are requested to stay regularly informed about the content of our Data Privacy Statement.