PRIVACY POLICY

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. Therefore, we would like to inform you here about which of your personal data we collect when you visit our website and for which purposes these are used.

This privacy policy applies to the online presence of headwaypersonal GmbH, which can be accessed under the domain www.headway-personal.de as well as various subdomains (“our website”).

Who is responsible and how can I contact you?

Controller
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

headwaypersonal GmbH
Mendelstraße 4
84030 Ergolding
Tel.: +49 (0) 871 / 97 52 8-0
E-Mail: info@headway-personal.com

Data Protection Office

Datenschutz Pöllinger GmbH
Dresdner Str. 38
92318 Neumarkt
Tel.: 09181-2705770
E-Mail: datenschutz@datenschutz-poellinger.de
Web: www.datenschutz-poellinger.de

Will this privacy policy be changed?

Due to current circumstances, such as amendments to the Federal Data Protection Act (BDSG-new, GDPR, TTDSG), we will update this privacy policy if necessary.

What is this about?

This privacy policy fulfills the legal requirements for transparency in the processing of personal data. These are all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behavior when visiting a website. Information where we cannot (or only with disproportionate effort) relate it to you personally, e.g., through anonymization, is not considered personal data. The processing of personal data (e.g., collecting, querying, using, storing, or transmitting) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no lawful reasons for further retention. We inform you in the individual processing operations about the specific storage periods or criteria for storage. Regardless of this, we store your personal data in individual cases for asserting, exercising, or defending legal claims and in the presence of statutory retention obligations.

Who receives my data?

We only pass on your personal data that we process on our website to third parties if this is necessary to fulfill the purposes and is covered by the legal basis in individual cases (e.g., consent or legitimate interest). Furthermore, we may disclose personal data to third parties if this serves to assert, exercise, or defend legal claims. Possible recipients may include, for example, law enforcement authorities, lawyers, auditors, courts, etc.

If we use service providers to operate our website who process personal data on our behalf in the scope of commissioned processing according to Art. 28 GDPR, these may also be recipients of your personal data. More detailed information on the use of processors and web services can be found in the overview of the individual processing operations.

Do you use cookies?

Cookies are small text files sent by us to the browser of your device and stored there during your visit to our websites. Alternatively, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies allow us to perform various analyses, so we can, for example, recognize the browser you use when you visit our website again and transmit various information to us (non-essential cookies). With the help of cookies, we can make our internet offering more user-friendly and effective by tracking your use of our website and recognizing your preferred settings (e.g., country and language settings). If third parties process information via cookies, they collect the information directly through your browser. Cookies do not cause any harm to your device. They cannot run programs or contain viruses. Information about the services for which we use cookies can be found in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or consent manager of this website.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” text files stored on your computer, which allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

If IP anonymization is activated on this website, your IP address is first shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator.

The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. You can prevent the storage of cookies by adjusting your browser settings; however, we point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout.

This website uses Google Analytics with the “_anonymizeIp()” extension. IP addresses are therefore only processed in shortened form to exclude direct personal reference.

Further information on Google’s data protection can be found here: https://support.google.com/analytics/answer/6004245?hl=de

Google Tag Manager

This website uses Google Tag Manager. This service allows managing website tags via an interface. The Google Tag Manager only implements tags. This means no cookies are used, and no personal data is collected. The Google Tag Manager triggers other tags that may collect data. However, Google Tag Manager itself does not access this data. If a deactivation has been made on the domain or cookie level, it remains for all tracking tags implemented via Google Tag Manager.

LinkedIn Insight-Tag

We use the LinkedIn Insight Tag from LinkedIn Corporation, Sunnyvale, California, US, to create target audiences, segment visitor groups of our online offering, determine conversion rates, and subsequently optimize them. This is especially the case when you interact with advertisements we have placed via LinkedIn Corporation. LinkedIn Corporation offers retargeting for website visitors to display targeted advertising outside our website.

The LinkedIn Insight Tag collects data on visits to our website, including URL, referrer URL, IP address, device and browser characteristics (user agent), and timestamps. This data is used to present anonymized reports about website audiences and ad performance.

We process your data using the LinkedIn Insight Tag for the purpose of optimizing our website and for marketing purposes based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

The exact storage duration of the processed data is not controlled by us but determined by LinkedIn Corporation. Further information can be found in the LinkedIn Insight Tag privacy policy: https://www.linkedin.com/legal/privacy-policy.

LinkedIn Ads

We have integrated LinkedIn Ads on our website. LinkedIn Ads is a service of LinkedIn Corporation that displays targeted advertising to users. LinkedIn Ads uses cookies and other browser technologies to analyze user behavior and recognize users. LinkedIn Ads collects information about visitor behavior on various websites. This information is used to optimize ad relevance. LinkedIn Ads also delivers targeted ads based on behavioral profiles and geographic location. Your IP address and other identification features such as your user agent are transmitted to the provider, LinkedIn Corporation, Sunnyvale, California, US.

Web tracking technologies are used to create pseudonymized user profiles. These profiles cannot be linked to you as a natural person but serve, for example, for segmenting ad displays.

We process data with LinkedIn Ads for the purpose of optimizing our advertising campaigns and marketing based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

The exact storage duration of the processed data is determined by LinkedIn Corporation. More information can be found in LinkedIn Ads’ privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

Presence on social media

We maintain profiles or fan pages on social media to communicate with users connected and registered there and to inform about our products, offers, and services. When you use and access our profile on the respective network, the privacy policies and terms of use of the respective network apply.
We process your data sent to us via these networks to communicate with you and answer your messages there.
The legal basis for processing personal data is our legitimate interest in communication with users and our public representation for advertising purposes according to Art. 6 para. 1 sentence 1 lit. f GDPR. If you have given the controller of the social network your consent to process your personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. a and § 25 para. 1 TTDSG and Art. 7 GDPR.
Privacy notices, information rights, and objection options (opt-out) of the respective networks can be found here:
Facebook (Meta Platforms Ireland Ltd.,4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com, Privacy
• XING/Kununu (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) –Privacy Policy/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
• LinkedIn(LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy and Opt-Out: https://www.linkedin.com/legal/cookie-policy,

What rights do I have?

Under the conditions of the legal provisions of the GDPR, you as the data subject have the following rights

* Right of access according to Art. 15 GDPR to information stored about you, including detailed information about the processing and a copy of your data;

* Right to rectification according to Art. 16 GDPR of incorrect or incomplete data stored with us

* Right to erasure according to Art. 17 GDPR of data stored with us, as long as the processing is not necessary for exercising freedom of expression and information, fulfilling a legal obligation, reasons of public interest, or asserting, exercising, or defending legal claims;

* Right to restriction of processing according to Art. 18 GDPR, insofar as the accuracy of the data is contested, the processing is unlawful, we no longer need the data, and you reject deletion because you need the data to assert, exercise, or defend legal claims, or if you have objected to processing under Art. 21 GDPR;

* Right to data portability according to Art. 20 GDPR, insofar as you have provided us with personal data based on consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG or on the basis of a contract according to Art. 6 para. 1 lit. b GDPR, and these data were processed by automated means. You will receive your data in a structured, commonly used, and machine-readable format, or we will transfer the data directly to another controller if technically feasible;

* Right to object according to Art. 21 GDPR to the processing of your personal data insofar as this is based on Art. 6 para. 1 lit. e or f GDPR and there are reasons
arising from your particular situation, or the objection is against direct advertising. The right to object does not exist if overriding legitimate reasons are
proven or if the processing is for asserting, exercising, or defending legal claims. Where the right to object does not exist for individual processing operations, this is indicated there;

* Right to withdraw your consent at any time with effect for the future according to Art. 7 para. 3 GDPR and § 25 para. 2 TTDSG without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal;

* Right to complain to a data protection supervisory authority according to Art. 77 GDPR if you believe that the processing of your personal data violates data protection regulations.

Legal Basis for Processing

Article 6(1)(a) GDPR and Section 25(1) TTDSG serve as the legal basis for our company’s processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party – for example, in processing operations required for the delivery of goods or the provision of another service or consideration – the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary to carry out pre-contractual measures, such as inquiries regarding our products or services.

If our company is subject to a legal obligation requiring the processing of personal data – for example, to comply with tax obligations – the processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details, or other vital information would need to be passed on to a doctor, hospital, or other third party. In that case, processing would be based on Article 6(1)(d) GDPR.

Ultimately, processing operations may be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, if processing is necessary to safeguard the legitimate interests of our company or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. The legislator considered that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

How is my data processed in detail?

Below, we inform you about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data, and the respective storage period. Automated decision-making, including profiling, does not take place.

Provision of the Website

We place great importance on protecting your personal data. Below we would like to inform you when and which of your data we collect, which we require for your application process.

Start of Data Collection

Every access to our online offer is stored in a log file. In this log file, we record the following data:

* IP address of the requesting computer
* Date and time of the request as well as duration of the visit
* Browser of the requester
* Operating system of the requester
* Transferred data volume or parameters of the URL

Collection, Processing, and Use of Your Personal Data

You use an electronic applicant management system that enables us to offer you targeted suitable professional tasks. Your application is received through this electronic system and is available to our branches throughout Germany. Your application is not branch-specific upon system input. Rather, the data collection for the application process is for our company, with the main support provided by one branch.

We create applicant profiles from the data you submit. Our branches can make these applicant profiles available to our clients who wish to cover their personnel needs with our help. For this purpose, we store and process your personal and sensitive data as far as and as long as necessary to provide our services. This includes at least your name, first name, and full address. Additionally, we need all information that is typically
included in a CV for successful service. Specifically, the following data may be requested, among others:

* Name, first name, and address
* Title
* Contact details (phone numbers, fax, email) and availability
* School education (e.g., attended schools, date and type of degree, federal state, grades)
* University studies (e.g., fields of study, focuses, date and type of degree, federal state, grades)
* Work experience (e.g., employers, positions, tasks, experiences)
* Qualifications (detailed query on qualifications in their respective form)
* References (e.g., name, contact details, and company of the reference persons)
* Desired position (e.g., salary expectation, desired activities, location, accessibility by public transport)
* Availability (e.g., current employment status, termination date, unemployment date, notice periods, wish for part-time, full-time, or shift work)
* How you became aware of us (for marketing purposes)

In case of employment, we additionally require data necessary for the establishment and execution of the employment relationship.

Security

To protect your personal data stored with us from unauthorized access and misuse, we have implemented extensive technical and organizational measures. Our security procedures are regularly reviewed and adapted to technological progress. Our employees are obligated to maintain confidentiality.

Emails from headwaypersonal GmbH contain confidential and/or legally protected information. If you are not the intended recipient or have received an email by mistake, we point out that unauthorized copying and forwarding of this email is not permitted. If you have received an email in error, please inform us by phone at +49 (0) 0871 4308890 or by email at info@headway-personal.com.

Links to Other Website

If you access an external website from our site (external link), the external provider may receive information from your browser about which of our websites you came from. The external provider is responsible for these data. We, like any other website provider, cannot influence this process.

Contact Form

On our website, we offer you the possibility to contact us via a provided form. The information collected through mandatory fields is necessary to process the inquiry. You can also voluntarily provide additional information you consider necessary for processing the inquiry.

When using the contact form, your personal data will not be passed on to third parties.

Processing of your data by using our contact form is for communication and processing of your inquiry based on your consent according to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. If your inquiry relates to an existing contractual relationship with us, processing is for the purpose of contract fulfillment based on Art. 6 Para. 1 lit. b GDPR. There is no legal or contractual obligation to provide your data; however, processing your inquiry is not possible without providing the mandatory information. If you do not wish to provide this data, please contact us by other means.

If you use the contact form based on your consent, we store the data collected with each inquiry for three years, starting from the completion of your inquiry or until you revoke your consent.

If you use the contact form within a contractual relationship, we store the data collected
with each inquiry for three years from the end of the contractual relationship.

Applicant Contact Form

On our website, we offer you the possibility to submit an application via a provided form. The information collected through mandatory fields is necessary to process the inquiry. You can also voluntarily provide additional information you consider necessary for processing the inquiry.

If you have given us your separate consent, independent of using the applicant form, we
forward your application to the affiliated company persy.jobs.

Your inquiry is processed by a commissioned processor according to Art. 28 GDPR. Processing of your data due to the use of the applicant form is for the purpose of processing your application and deciding on the establishment of an employment relationship based on § 26 BDSG. There is no legal or contractual obligation to provide your data; however, processing your application is not possible without providing the mandatory information. If you do not wish to provide these data, please use other ways to apply with us.

We store the collected data for the duration of the application process and, in case of rejection, for twelve months from the date of rejection; in case of employment, for three years after the end of employment.

Our information obligations according to Art. 13 and 14 GDPR can be found here: