This privacy policy clarifies the nature, scope and purpose of the processing of personal data within our online offer and the associated social media profile and chatbots under the brand "Dein Traumberuf" (hereinafter jointly referred to as "online offer"). With regard to the terms used here, such as "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Inga GmbH
c/o WeWork
Taunusanlage 8
60329 Frankfurt am Main
Managing Director: Corinna Haas
Phone: +49 69 348 71 92-0
E-Mail: info@inga.one
Martin Bastius
heyData GmbH
Gormannstr. 14F
10119 Berlin
Phone: +49 89 41325320
E-Mail: datenschutz@heydata.eu
– Master data (e.g. names, addresses)
– Contact data (e.g. e-mail, telephone numbers)
– Content data (e.g. text entries)
– Usage data (e.g. duration and time of a short application)
– Technical data on communication and the devices used for this purpose (e.g. device information, IP addresses)
– Applicant data (e.g. professional qualifications)
The data subjects include, in particular, social media marketing and the associated chatbots with the purpose of finding candidates for our customers and for Inga GmbH itself.
We process our users' personal data for the following purposes, which are explained in more detail below:
– Provision of the online offering, its functions and content, in particular social media marketing and chatbots
– Finding and pre-qualifying candidates for our customers' job vacancies
– Answering contact enquiries and communicating with users
– Reach measurement/marketing
Cookies are set in our online offering, which we explain here and in the further course of our privacy policy (in particular about cookies from third-party providers). "Cookies" are small files that are stored on users' computers. Temporary cookies (also known as "session cookies" or "transient cookies") are deleted when the user closes their browser. "Permanent" or "persistent" cookies remain stored even after the browser is closed. Such permanent cookies can be used, for example, to save the login status when users visit the website after several days. If you do not want cookies to be stored on your computer, you can set your browser so that you are informed in advance about the setting of cookies and can decide in individual cases whether to prevent the acceptance of cookies for certain cases or the setting of cookies in general. You can delete cookies already on your computer at any time manually or using browser functions. However, the functionality of our online offering may be limited if cookies are not accepted or only accepted to a limited extent.
Unless otherwise stated for the individual cookies in this privacy policy, we only set cookies with your consent. The legal basis for this is therefore Art. 6 para. 1 lit. a GDPR. Of course, you can freely revoke your consent at any time with effect for the future.
We process the data of our candidates and users as part of our contractual services, which include social media campaigns, chatbot creation and candidate management software.
We continue to use the terms candidate(s), applicant(s) and user(s) as synonyms.
We process master data relating to the candidates (e.g. names), contact data (e.g. email, telephone numbers), content data (e.g. text entries on professional qualifications, insofar as these were entered voluntarily in our chatbots), usage data of the chatbot (e.g. time and duration of the application) and technical data on communication and the devices used for this purpose (e.g. as part of the evaluation and performance measurement of marketing measures). The data relating to our users that we process in this context is master data, contact data, content data, usage data and technical data relating to communication and the devices used for this purpose.
The purpose of processing this data is to provide our contractual services, including the search for and pre-selection of suitable applicants for our customers' job vacancies. The data processing, which serves us to address the right potential applicants for our customers via advertisements (analysis and statistical evaluation of user data), is carried out to safeguard our legitimate interests in the provision of our online services. In addition, this data processing also serves to safeguard the legitimate interests of our customers who have commissioned us with corresponding services in order to fill an advertised vacancy with a suitable applicant. This data processing is therefore based on Art. 6 para. 1 lit. f GDPR. As soon as the user feels addressed by a job advert that is displayed as an advertisement, participates in our recruiting process by clicking on "Find out more" and answers the questions then displayed, the associated data processing is carried out for the purpose of initiating an employment relationship between the user and our customer. If the user has previously clicked on "Find out more", these pre-contractual recruiting measures take place on the user's initiative. The processing of the applicant data provided by the user is necessary in order to make a pre-selection as to whether the user is suitable for the selected position. The legal basis for this data processing is therefore Art. 88 para. 1 GDPR in conjunction with. § Section 26 (1) sentence 1 of the Federal Data Protection Act ("BDSG").
In principle, we do not process special categories of personal data, unless these are exceptionally part of commissioned processing or the applicant voluntarily provides us with such data. In both cases, the user is informed that he/she does not have to provide us with this special personal data and, if he/she does so, the transmission is voluntary on the basis of his/her express consent (Art. 88 GDPR in conjunction with Section 26 (2), (3) sentence 2 BDSG).
Should the user be considered as a potential applicant for our customer based on the answers they provide in our recruiting process, their personal data (master, contact and applicant data as well as selection of the preferred communication channel via which they would like to be contacted) will be transmitted to our customer exclusively on the basis of their consent in accordance with Art. 6 para. 1 lit. a GDPR, Section 26 para. 2 BDSG, which we obtain and record separately before forwarding their data.
The provision of personal data by our users is necessary to the extent that we provide our recruiting services. This is not possible without the processing of personal data, in particular the applicant data of our users. If a user does not wish to provide us with their personal data for this purpose, we cannot propose them as a potential applicant to our customers (Art. 13 para. 2 lit. e GDPR).
Inga reserves the right to enter into so-called qualified co-operations with individual customers. This is particularly the case if the qualified cooperation partner carries out the recruiting itself and thus also carries out the pre-selection of applicants independently on behalf of its own customers.
The co-operation partner conducts a detailed interview with the user independently and without any instructions from us, on the basis of which the co-operation partner assesses whether the user is suitable for the vacant position of his customer and is therefore proposed to his customer. The transmission to the cooperation partner and the data processing in this context are carried out with the consent of the user and are therefore based on Art. 6 para. 1 lit. a GDPR, § 26 para. 2 BDSG.
If a user applies for an open position or sends us an unsolicited application, we process their data (master data, contact data and applicant data) only for the purpose and within the scope of the application process in accordance with the legal requirements, i.e. to carry out and process the application process. Data will not be passed on to third parties without the separate consent of the applicant.
The application process requires that candidates provide us with their applicant data. The necessary applicant data is always voluntary and is actively entered into our chatbot by the candidate. The collection and processing of this data as part of the application for an open position with us is carried out exclusively for the purpose of making a decision on the establishment of an employment relationship in accordance with Art. 88 GDPR in conjunction with Section 26 para. 1 and 3 BDSG. § Section 26 (1) and (3) BDSG.
Insofar as additional special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated to us as part of the application process (e.g. health data such as severely disabled status or ethnic origin), their processing is based on consent in accordance with Art. 88 GDPR in conjunction with Section 26 para. 2, para. 3 BDSG. § Section 26 para. 2, para. 3 sentence 2 BDSG.
The data provided by applicants may be further processed by our customers (or Inga, if we are the potential new employer) in the event of a successful application for the purposes of the employment relationship (Art. 88 GDPR in conjunction with Section 26 (1) and (3) BDSG). If the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified cancellation by the applicant, the deletion takes place after a period of six months so that we can answer any follow-up questions about the application and fulfil our obligations to provide evidence under the General Equal Treatment Act. Any further storage will only take place if there are legitimate reasons on our part, e.g. statutory retention obligations, that prevent deletion.
Talent-Pool
As part of the application process, we offer candidates the opportunity to be included in our "talent pool" for a period of up to two years on the basis of the applicant's consent within the meaning of Art. 88 GDPR in conjunction with Section 26 (2) BDSG.
The application documents in the talent pool will be processed exclusively in the context of future job advertisements and the search for employees and will be deleted after this two-year period has expired. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future.
When users write and publish comments or other posts on our website, we store the IP address of the computer used and any user name provided by the user on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR for 7 days. Our legitimate interest is the prevention of misuse of our online offering for the dissemination of illegal content (insults, prohibited political propaganda, etc.).
The comments and contributions and any personal data contained therein will be stored by us as part of the provision of the online offer, including the comments, as long as this is necessary for the provision of the online offer and the user has not objected to this.
When contacting us (e.g. by contact form, email, telephone or via social media), the information provided by the enquirer, including the contact details provided there, will be processed to process the contact enquiry and its handling as well as in the event of follow-up questions in accordance with Art. 6 para. 1 lit. b GDPR, insofar as the enquirer enters this personal data for the purpose of initiating an application. Otherwise, this storage and use takes place on the basis of Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest is the careful processing of the respective request. The enquirer's details are usually stored in our email tool Gmail, which the enquiry was submitted by email.
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this is only done on the basis of the user's consent, a legal authorisation (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for contract fulfilment in accordance with Art. 6 para. 1 lit. b GDPR), a legal obligation or to protect our legitimate interests (e.g. when using technical service providers to provide our online services, etc.).
If we commission third parties to process data on the basis of a so-called order processing contract, this is done on the basis of Art. 28 GDPR. Anything else applies only to transfers to service providers that are expressly based on a different legal basis in this privacy policy.
If we pass on data to service providers as part of our processing, we and our service providers strictly observe the requirements of the GDPR. Of course, before passing on your personal data, we ensure that our service providers have taken the necessary technical and organisational measures to ensure an appropriate level of protection. The scope of the data transfer is limited to the minimum necessary for the processing purpose.
Die Übermittlung an auskunftsberechtigte staatliche Institution und Behörden erfolgt nur im Rahmen der gesetzlichen Auskunftspflichten oder wenn wir durch eine gerichtliche oder behördliche Entscheidung zur Auskunft verpflichtet werden. In diesem Fall ist die Weitergabe Ihrer Daten durch Art. 6 Abs. 1 lit. c DSGVO zur Erfüllung einer rechtlichen Verpflichtung erforderlich, der wir unterliegen.
Explizit zu erwähnen ist die Weitergabe der Bewerberdaten an unsere Kunden , welche uns mit der Suche nach den passenden Kandidaten beauftragt haben. Es besteht eine getrennte Verantwortlichkeit zwischen Inga und unseren Kunden und beide Seiten verpflichten sich zu einer datenschutzkonformen Nutzung und Verarbeitung der Bewerberdaten.
The transfer to state institutions and authorities authorised to receive information only takes place within the framework of the legal obligation to provide information or if we are obliged to provide information by a court or official decision. In this case, the disclosure of your data is required by Art. 6 para. 1 lit. c GDPR to fulfil a legal obligation to which we are subject.
Explicit mention should be made of the transfer of applicant data to our clients who have commissioned us to search for suitable candidates. There is a separate responsibility between Inga and our customers and both sides undertake to use and process the applicant data in accordance with data protection regulations.
We use content or service offers from third-party providers within our online offer in order to integrate their content and services, such as videos or software (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content receive the IP address of the user, as they would not be able to send the content to their browser without the IP address. The use of the IP address is therefore necessary for the presentation of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content.
Specifically, we use the services of the following third-party providers:
We use the chat software "Landbot" from the provider Hello UMI, S.L., Carrer de París 82, Bajo 1, Derecha, CP 08029 Barcelona, Spain, to enable a candidate-friendly application process. The chatbot provides information about the tasks and the potential new employer. The short interview replaces the uploading of a CV and asks for professional qualifications, availability, professional preferences and contact details (name, e-mail, telephone number) on the basis of Art. 6 para. 1 lit. f GDPR.
We have concluded a contract with Landbot for the integration of their services and the associated data transfer. This contains standard contractual clauses, i.e. standard provisions defined and approved by the European Commission. They are used to ensure that personal data is also processed by a service provider based in a country outside the EU or EEA, such as Manychat, in accordance with the standards of European data protection law, thereby ensuring an adequate level of data protection at Manychat (Art. 46 para. 2 lit. c GDPR).
Users can find further information in Landbot's privacy policy: https://landbot.io/privacy-policy
We use the interface software "Integromat" from Integromat s.r.o., Novakovych 1954/20a, 180 00 Prague 8, Czech Republic ("Integromat").
Integromat uses the user's data only for the technical processing of enquiries and for entering the data provided by the user into the IT systems we use and does not pass them on to third parties. The following data is processed in the service User ID, time and duration of the application and the data voluntarily entered by the user.
Users can find further information in Integromat's privacy policy: https://www.integromat.com/en/kb/privacy.html.
The integration of Integromat is necessary so that we can offer our services via our online offering at all and fulfil the contracts concluded with our customers or users. The associated data processing is therefore based on Art. 6 para. 1 lit. b GDPR.
We use the "Zapier" interface software from Zapier, Inc, 548 Market St. #62411, San Francisco, CA 94104-5401, USA ("Zapier").
Zapier only uses the user's data for the technical processing of enquiries and to enter the data provided by the user into the IT systems we use and does not pass it on to third parties. The following data is processed in the service User ID, time and duration of the application and the data voluntarily entered by the user.
Users can find further information in Zapier's privacy policy: https://zapier.com/privacy
The integration of Zapier is necessary so that we can offer our services via our online offering at all and fulfil the contracts concluded with our customers or users. The associated data processing is therefore based on Art. 6 para. 1 lit. b GDPR.
We use the database software "Airtable" from the provider Formagrid, Inc., 799 Market St, Floor 8 San Francisco, CA 94103, USA, to process user data, in particular the applicant data of users, and to make the applicant data available to our customers if the user is interested in an open position. Airtable only uses user data for technical processing and does not pass it on to third parties. The following data is transmitted to Airtable: user ID, time and duration of the application and the data voluntarily entered by the user. In the course of processing applications, it may be necessary for us to collect further data and also process this in the database provided by Airtable. Users can find further information in Airtable's privacy policy: https://airtable.com/privacy.
We use Airtable to ensure effective and structured processing of the respective application data, which serves the efficiency and economic operation of our online offer (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). We have also concluded a contract with Airtable for the integration of their services and the associated data transfer, which includes the EU standard contractual clauses. This ensures that Airtable complies with an adequate level of data protection when processing data (Art. 46 para. 2 lit. c GDPR).
As part of our online offering, the so-called "Facebook Custom Audience" service of the social network Facebook, which is operated by Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"), is used.
This service is used to place a cookie (so-called "Facebook Pixel") on the user's computer when they visit our website. This Facebook pixel can be used to determine that the user has already visited our website. The Facebook pixel and the information it generates are transmitted to Facebook servers, which are also located in the USA, and stored there. With the help of the Facebook pixel, it is possible for us to show the user targeted adverts for our online services (so-called "Facebook ads") on the websites of Facebook or its partners after a visit to our online services, through which the user has shown an interest in our online services. Accordingly, we use Facebook Custom Audiences to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering. In this way, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads and analyse them to improve our advertising campaigns and our online offering. For these purposes, Facebook also compiles reports for us on the reach and success of our Facebook ads, which include in particular whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion") and what actions users took after clicking (e.g. whether an order was placed).
If you access our website as a user while you are logged into your Facebook account, Facebook also links the information collected via the Facebook pixel to your Facebook account. Facebook may use the information collected for cross-device marketing. In particular, based on your use of our website on one device, our Facebook ads may also be displayed to you when you are browsing the internet on another device.
Further information on the processing of your personal data in connection with Facebook Custom Audiences and data protection by Facebook can be found in Facebook's data usage policy: facebook.com/policy.php. Specific information and details about the Facebook pixel and how it works can be found in Facebook's help section: facebook.com/business/help/651294705016616.
You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads.
You can also set which types of adverts are displayed to you within Facebook by visiting the page set up by Facebook and following the instructions on the settings for usage-based advertising: facebook.com/settings?tab=ads. The settings made on this website are applied across all platforms, i.e. they are applied to all devices on which you log into your Facebook account, such as desktop computers or mobile devices.
Users can find further information in Facebook's privacy policy:
https://www.facebook.com/policy.php and https://www.facebook.com/legal/terms/page_controller_addendum
We maintain online presences within social networks and platforms, in particular Facebook, in order to communicate with the customers, interested parties and users active there and to inform them about our services (hereinafter "Facebook fan page"). With regard to the data processing that takes place when you visit our Facebook fan page, Facebook and we are joint controllers within the meaning of Art. 26 para. 1 GDPR. Our mutual obligations resulting from the joint responsibility are set out in an agreement between Facebook and us, the so-called "Page Insights Addendum regarding the controller". This agreement can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum
As part of the use of our Facebook fan page, we statistically analyse how you have used our fan page. For this purpose, we receive extensive statistics on the use of our Facebook pages, the so-called "Facebook Insights", which, however, do not contain any personal data. As a fan page operator, we have no access to personal data and cannot view or retrieve such data from Facebook. It is not possible for us to establish a link to individual persons. We also do not create profiles for individual users.
We use the statistics to adapt our Facebook fan page according to user needs and thus to continuously optimise it, which can also be done for market research and advertising purposes by evaluating the resulting interests of users in such a way that, for example, we place advertisements inside and outside our Facebook fan page that presumably correspond to the interests of the users. To make this statistical analysis possible, cookies are usually stored on the user's end devices, in which the user behaviour and interests of the users are stored. For example, when you visit our Facebook fan page, a cookie is set to recognise you and make it easier for you to browse the fan page. According to Facebook, the cookies and the data collected through them are deleted or anonymised within 90 days. No other cookies are used. To the best of our knowledge, entries are also not created in local storage for non-members of Facebook.
The processing of your personal data when you visit our Facebook fan page is based on our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 para. 1 lit. f GDPR. We would like to point out that data processing may also take place outside the EU or the EEA, in particular on Facebook servers located in the USA. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights.
The agreement concluded with Facebook stipulates that Facebook assumes primary responsibility for the processing of Insights data and fulfils all obligations under the GDPR with regard to the processing of Insights data. This means that Facebook is primarily responsible for the information obligations under Art. 13, 14 GDPR and for safeguarding your rights as a data subject. Particularly with regard to requests for information and the assertion of other data subject rights, we would like to point out that these can be asserted most effectively directly with Facebook. Only Facebook has access to user data and can take appropriate measures and provide information directly. Users of our Facebook fan page can exercise their rights under Art. 12 et seq. GDPR, rights to erasure under Art. 17 GDPR, to restriction of processing under Art. 18 GDPR, to object under Art. 21 GDPR and to information under Art. 15 GDPR at https://www.facebook.com/about/privacy. If you still need help or require assistance, please do not hesitate to contact us.
If you use our Facebook fan page, you will find further information on the processing and use of data by Facebook at https://www.facebook.com/about/privacy/ and specifically for the fan page insights: https://www.facebook.com/legal/terms/information_about_page_insights_data. There you will also find setting options to protect your privacy as well as objection options, see opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
We have taken appropriate technical and organisational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk represented by the data processing.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and separation of the data.
Furthermore, we have established procedures that ensure the effective exercise of data subject rights, deletion of data and response to threats to the data we process. Furthermore, we already take the protection of personal data into account during the development of our online offer, in particular in our own software programming and in the selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
Data processing by us takes place within the EU, unless expressly stated otherwise in the above sections of this privacy policy.
The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations or other legitimate reasons within the meaning of Art. 17 para. 3 GDPR. If the data is not erased because its storage is still required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and no longer processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, data is stored for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, trading books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters). After expiry of these retention periods, the data will be deleted immediately, unless there are other reasons for deletion within the meaning of Art. 17 para. 3 GDPR.
You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection can be made in particular against processing for direct marketing purposes.
You have the right to request confirmation as to whether data concerning you is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that the data in question be erased immediately, provided that there are no legitimate reasons for not erasing it. If this is the case, you have the right to request that the processing of your data be restricted in accordance with Art. 18 GDPR.
You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transfer to other controllers.
You also have the right to lodge a complaint with the supervisory authority if you are of the opinion that data processing by us violates the statutory provisions (Art. 77 GDPR).
You have the right to freely revoke consent given to us at any time with effect for the future in accordance with Art. 7 para. 3 GDPR.
We reserve the right to amend this privacy policy within the framework of the existing legal regulations and to publish an updated version on our website if this is necessary, e.g. due to new technical developments or changes in case law or in our business operations. You should therefore check this page from time to time to ensure that you are familiar with our current privacy policy.
Last updated on 06/08/2021